A Deep Learning Approach for Network Intrusion Classification

A Network Intrusion Detection System (NIDS) serves as a sentinel for safeguarding data integrity. It watches over computer networks, looking out for and stopping threats that can sneak past normal defenses like malware and hackers. Deep Learning (DL) techniques offer a promising avenue for analyzing raw network data to uncover subtle patterns indicative of intrusion attempts. In this study, we address a critical research gap by developing a Deep Neural Network (DNN) model tailored for efficient detection of stealthy and polymorphic variants while mitigating false positives. Leveraging the NF-ToN-loT dataset, the proposed model achieves impressive performance metrics on test data, with an accuracy of 0.99, precision of 0.98, recall of 0.99, and F1-score of 0.99. To comprehensively assess the robustness of the proposed model, we use a multi-dataset validation strategy. The model is retrained and evaluated on established benchmark datasets, including NF-BoT-loT, NF-UNSW-NB15, and NF-UNSW-NB15-v2, demonstrating exceptional performance. Furthermore, to ensure the significance of our contribution, we compare our model against previously well-established architectures such as CNN+BiLSTM, DNN, GRU+RNN, and CNN+LSTM. Utilizing the NF-ToN-loT dataset as a common ground, the proposed model demonstrably outperforms these prior models, highlighting its efficacy and advancement in the field. Additionally, we conduct an ablation study to dissect the components of the DNN model, shedding light on their individual contributions towards detecting malware traffic and offering insights for optimizing future NIDS models in the cybersecurity domain.