Convolution Neural Network-Based Higher Accurate Intrusion Identification System for the Network Security and Communication

With the development of communication systems, information securities remain one of the main concerns for the last few years. *e smart devices are connected to communicate, process, compute, and monitor diverse real-time scenarios. Intruders are trying to attack the network and capture the organization’s important information for its own benefits. Intrusion detection is a way of identifying security violations and examining unwanted occurrences in a computer network. Building an accurate and effective identification system for intrusion detection or malicious activities can secure the existing system for smooth and secure end-to-end communication. In the proposed research work, a deep learning-based approach is followed for the accurate intrusion detection purposes to ensure the high security of the network. A convolution neural network based approach is followed for the feature classification and malicious data identification purposes. In the end, comparative results are generated after evaluating the performance of the proposed algorithm to other rival algorithms in the proposed field. *ese comparative algorithms were FGSM, JSMA, C&W, and ENM. After evaluating the performance of these algorithms and the proposed algorithm based on different threshold values ranging, Lp norms, and different parametric values for c, it was concluded that the proposed algorithm outperforms with small Lp values and high Kitsune scores. *ese results reflect that the proposed research is promising toward the identification of attack on data packets, and it also reflects the applicability of the proposed algorithms in the network security field.


Introduction
e technology is ever playing an important role in human life and made things easy. With the developments of technology, security remains one of the major concerns for communication and interaction [1][2][3][4][5][6][7][8][9][10]. Since the last few decades, the attacks on information security become raised and intruders are trying to capture ordination important information for their own benefits. Such attacks on network and information can drastically put the owner of information and network into big loss. e information security of an organization is highly dependent on different types of information of the organization [10][11][12][13]. Now a day, the communication is made through Internet of ings (IoT) and a number of devices are connected through a network. e smart devices are connected to communicate, process, compute, and monitor diverse realtime scenarios. e concept of IoT came with the challenges of privacy and security, as the conventional security protocol does not fit the devices of IoT. Different security approaches and measures are used to secure the information communication and to secure the network. is measure includes firewalls, logical access, control, authentication, identification, and encryption and decryption. To build a full-secure system is difficult to manage and none of these security measures alone can secure the communication inside network.
Keeping in view the severity of security, the proposed research has adopted convolution neural network (CNN) approach for intrusion detection. e CNN architecture is capable of automatic recognition of data within an acceptable range. Whenever new data is fed to these algorithms, they learn and optimize their operations to improve performance, developing "intelligence" over time. e dataset used for the proposed research is available at UCI Machine Learning Repository (https://archive.ics.uci.edu/ ml/datasets/Kitsune+Network+Attack+Dataset). e method shows success in identification of attacks on data packets for secure end-to-end communication.
e rest of the paper is organized as follows: Section 2 presents the related work to the current research and a systematic mapping of the similar work reported in the association of computation machinery (ACM) digital library. Section 3 briefly shows the research method followed for the development of an accurate intrusion detection system. Section 4 shows the results and discussions of the proposed research. e paper is concluded in Section 5.

Background Study
is section of the paper explains the relevant work reported in the proposed field and a systematic mapping to check the contribution of the work in the ACM digital library.

Related Work.
Diverse approaches and techniques are used to tackle the issue of security from different perspectives. Kotenko and Chechulin [14] presented a framework for security assessment and attack modelling in security information and event management system. Subsorn and Limwiriyakul [15] examined the security of Internet banking of 16 Australian banks for finding the deficiencies which were probably affecting the confidentiality of the bank customers. Furthermore, the study investigated 12 ai commercial banks and compared the results with the previous research. Kotenko and Chechulin [16] proposed a method for the attack of computer modelling and evaluation of security to realize in security information and event management system. e authors proposed a quantitative approach to security risk for information systems which is extendable, systematic, and modular. e study aims to effectively evaluate security threat in a comprehensive way [9].
Manjiatahsien et al. [17] presented an overview of the IoT architecture with a detailed review of machine learning algorithms, significance of IoT security with diverse types of attacks. e study proposed a model of the associated information management factors for the information security of organization. Firstly, they surveyed 136 articles to identify the information security factors, and, secondly, a series of interviews were held with 19 experts from the industry to evaluate the relevancy of these factors. In third step, a complete model was developed [18]. e security identification has significant role in the field like Internet of ings in smart city. e authors [19] conducted a detailed survey of the state-of-the-art IoT security, deep learning, and big data technology. Deep learning plays a key role from natural language processing to other recognition and security fields [20]. Zhang et al. [7] proposed an approach for crowed assessing the security and trustworthiness of open social networks based on signaling theory. e authors [5] presented a detailed overview of the security properties investigation of machine learning algorithms. ey have analysed the security model of ML to build up a blueprint for multidisciplinary area of research and, after that, the attack methods and discussed the strategies of defense against them.
e study presented an overview of the weaknesses and strengths of the available evaluation methods used for usability and security for the websites of electronic commerce (e-commerce). e evaluation models from 2000 to 2018 have been reviewed for e-commerce [21]. Mao et al. [22] proposed a system for building security dependency to measure the significance of security of system from a wide perspective of the system. e effect of small-world and power-law distribution for the degree of in-and out-degree in security dependency network was observed. Nazir et al. [10] proposed a methodology for evaluating the security of software components using the analytic network process. is technique works in situation of complexity where the dependencies exist among different nodes of network.

Existing
Approaches for Security. Information security plays a significant role in the functionality of a system to smoothly be functional. Data inside a network passes through different packets. Secure communication through these packets can further enhance the efficiency of a system to be reliable. Different approaches and methods are used to secure communication inside and outside the network. To know the details of the literature, the popular libraries were searched. e existing approaches along with their details in terms of years, type of publication, and the areas are given in the figures and tables in this section. Table 1 summarizes some of the techniques used in the literature for security purposes [40]. Table 2 shows the articles with references list proposed for the detection of the different types of malwares [40]. It also contains the information for the different types of techniques to address these certain types of malicious attacks. Figure 1 shows the total number of publications within the selected range of the years (2016-2020 (a portion of 2020 is included in the systematic search process)). is figure also reflects the type of the research/articles reported during this specific range of the years. e searched papers were checked to show the year of publication; that is, the particular year in which a paper is published (2016-2020 (a portion of 2020 is included in the systematic search process)). Figure 2 shows the total number of publications in the given year. Figure 3 shows the journal/magazine name along with the total number of papers published for the search process in the ACM library. Figure 4 shows publications type of all the publications in the ACM digital library. It also contains the information for a total number of publication type within the ACM digital library. e highest number of journal papers and proceedings represents the contribution of the work in the proposed field.

Ref. no Year
Description [23] 2019 Risk assessment model for addressing the security issues in IoT ecosystem [24] 2019 reats and attack based analysis of IoT [25] 2018 Architecture based analysis in light of security requirements [26] 2018 Discussing the layer based security analysis of IoT [27] 2018 Security analysis of mobile device-to-device network using Android operating system [28] 2018 Security analysis of mobile health applications for testing functionality. [29] 2018 reat and attack based analysis of IoT [30] 2018 Analysis of all security areas in IoT [31] 2018 Study of the existing and proposed countermeasures in IoT based system [32] 2017 Proposing a mobile application tool for analysis of IoT threats. [33] 2017 Presenting a threat categorization based on security dimensions like integrity, confidentiality, etc.
[ 34] 2017 Proposing a classification model to analyse the relation between potential risk and potential vulnerabilities in home automation devices [35] 2016 Security analysis of smart phone in IoT [36] 2016 Analysis of identification of application, threats, and impacts in IoT [37] 2016 Security issues and challenges of IoT and mobile computing [38] 2015 Analysing the IoT security challenges, issues, and open problems [39] 2015 Discussing security aims, goals, and vulnerabilities for IoT Ref. no. Description [41] It uses four ways to detect malwares. It divides the applications into four types like malicious, benign, aggressive, and risky applications [42] Android analysis techniques for evaluating the effectiveness of Android intense [43] It uses ADA GRAD optimize algorithm for detecting malware pattern without manual intervention [44] It detects malware by using ensemble classifier for malware detection [45] It uses the machine learning algorithm which was presented by Waikato environment for knowledge analysis (WEKA) [46] It uses machine learning method for Android malware detection [47] It detects application features and decides whether malicious or not [48] It uses multiflow detection algorithm based on information flow analysis

The Proposed Methodology
e proposed model consists of an external library (a Kitsune network attack database) developed by Mirsky et al. [49]. is database is used for the simulation and experimental purposes. It consists of nine different attacks depicted in Table 1. It also contains the information about the number of packets selected for the training and test purposes. e experimental setup also contains the feature extractor and feature mapping section. To achieve this goal, the proposed research work uses convolution neural network (CNN) that acts as an automatic feature extractor and classification tool. CNN extracts the features and, based on these features, it generates the output in the form of anomaly detector. In our case, it generates two types of output classes as depicted in where O(x) ��→ represents the corresponding output. is output is generated in the form of malicious and benign data. Finally, the percentile score is generated based on the threshold, N p norm values, and other parametric values explained in Section 4. Figure 5 shows the experimental setup.
A five-layered CNN architecture is used for the experimental purposes. It consists of an input and output layer and three hidden layers. A "relu" is used as an activation function. is architecture is tested for varying training and test sets. e CNN models are prominent in classifying spatial data.

Results and Discussion
e dataset used for the proposed experimental work is selected from the feature vector dataset (https://archive.ics.uci.edu/ml/ datasets/Kitsune+Network+Attack+Dataset) developed by Mirsky et al. [49]. ey developed this dataset after recording the network traffic on two different networks such as (a) a commercial IP-based camera video surveillance network on which they conducted 8 attacks that affect the availability and integrity of the video uplinks; (b) a noisier IoT network comprised of 9 IoT devices and 3 PCs; one of the devices was infected with the MIrai botnet attacks (malware). From each of these input vectors (in the dataset), we extracted a segment of consecutive packets. ese packets are accordingly separated into training and test sets as depicted in Table 3.
Kitsune's developers mostly evaluate the deep learning based intrusion detection systems against a series of attacks based on different networks. In the case of the proposed study, accuracy of the system is dependent relative to the value of threshold, T. when deploying the system this threshold describes the boundary of decision and makes it a crucial parameter. e following two metrics are followed to access the performance of a certain threshold parameter: (a) False negative: the percentile of malicious data that is considered/classified as benign data (b) False positive: the percentile of benign inputs that are considered/classified as malicious data e false positives rate is associated with the network reliability, while the rate of false negatives accounts for the effectiveness of the network intrusion detection system (NIDS). erefore, to achieve an ideal situation, both these parameters should be minimized. However, dealing with Kitsune settings, the value of T acts as a trade-off in between both false positives and false negatives parameters. e functional range of the threshold values ranging from 0 to 15 is investigated for a given training and test set parameters as shown in Table 1. 100% false negatives are recorded for the false negatives on the given feature vector. Figure 6 shows the two threshold parameters versus the accuracy of the proposed system.
It can be observed from Figure 6 that, in the middle, both the parameters (false positives and false negatives) remain unchanged. Furthermore, it can also be concluded from Figure 6 that if we minimize one parameter, the other parameter significantly increases. Finally, the accuracy of the proposed system remains unchanged for a threshold value below 10 (which reflects that most of the data belongs to the benign inputs).
A receiver operating characteristic (ROC) is shown in Figure 7 to represent the effectiveness of the proposed algorithm for the Kitsune network attack dataset.
Two of the significant attacking objectives that are availability and integrity violation are in machine learning techniques. e violations of availability try to make benign traffic appear malicious. e violations of integrity try to construct malicious traffic which escapes detection.
e network attacks containing the information differ from the images that are most commonly used in generic machine learning techniques.
One of the definitions for examples of adversarial, assisted by the architecture of Kitsune, is to adopt the features extracted as an indication of the difference be observed. So, the distance of L P is adopted on the space feature between the perturbed input and original input as the distance metric. e L 0 norm correlates to altering a small number of extracted features, which might be a better metric than other L P norms. e proposed algorithm is also evaluated against generic NIDS to test the applicability of the proposed algorithm. ese generic algorithms include Fast Gradient Sign Method (FGSM), Jacobian Base Saliency Map (JSMA), Carlini and Wagner (C&W), and Elastic Net Method (ENM). A description of these techniques is given as follows: (i) FGSM: over the L1 norm, this technique is strictly optimal (i.e., it reduces the maximum perturbation on any input data (feature)) by selecting a single step to each element of ∼x in the opposite direction to the gradient [50] (ii) JSMA: this type of attack minimizes the L 0 norm by iteratively calculating a saliency map and then perturbing the feature that will have the highest effect [51] Security and Communication Networks (iii) C&W: Carlini and Wagner's adversarial framework, as discussed earlier, can either minimize the L 2 , L 0 , or L 1 distance metric [52] (iv) ENM: elastic net attack is an algorithm that restricts the total absolute perturbation across the input space. e ENM constructs the adversarial examples by expanding an iterative L 2 attack with an L 1 regularizer [53] To check the validity of the proposed algorithm, the experimental results are carried out for the selected generic algorithms based on different threshold values ranging from 0.05 to 1 to test the Kitsune score. e experimental results are depicted in Table 4.
From Table 4, it is evident that our algorithm performs well compared to the other generic algorithms. e experimental results are carried out on the input vectors selected from the Kitsune network attack dataset as depicted in Table 1. e simulated results are shown in Figure 8.
For the same threshold values used in Table 2, the availability attacks on the Kitsune network are processed. Different training sets are selected for the simulation purposes as shown in Table 1. e input vectors (training sets) that yield closest output scores to the threshold were selected. Table 5 shows the experimental results. e normalizers were trained on benign inputs; several malicious input values would be normalized outside the typical range between 0.05 and 1.      Table 5, it is depicted that our algorithm outperforms for the availability attacks as well using the Kitsune network attack dataset. e comparative results are also shown in Figure 9. From Figure 9, it is concluded that our algorithm outperforms very well compared to the other generic algorithms in the proposed field.
To minimize the attacks on the Kitsune network, Cleverhans implementations are followed. ese implementations use a simple gradient descent optimizer to minimize the function that is represented using where F( x → ) i is the logit output of the target classifier, Y is the logit target output, and x → 0 is the original network input data. It can be seen that there are two regularization parameters, c and β. ese parameters help in determining the contribution of the several metrics to the attacking algorithms, the success rate and L 1 distance with respect to changes in the regularization parameter, c. e parameter, c, helps in determining the contribution of the adversarial misclassification objectives at the cost of diminishing the two LP normalization terms. For β � 1 and c the parametric values range from 0 to 500. And it is concluded from Figures 10 and 11 that 500 is the optimal parametric value for c that results in 100% success rate with a small perturbation. It can also be seen    in Figure 10 that the generated L 1 distance does not directly correlate with the selection of parametric c values.

Conclusion
Security of components plays an important role in the functionality of a system to properly function. Different security approaches and measures are used to secure the information communication and to secure the network. is measure includes firewalls, logical access, control, authentication, identification, and encryption and decryption. A convolution neural network based approach is followed for the feature classification and benign and malicious data identification purposes. In the end, comparative results are generated after evaluating the performance of the proposed algorithm to other rival algorithms in the proposed field. ese algorithms include FGSM, JSMA, C&W, and ENM. After assessing the performance of these algorithms and the proposed algorithm based on different threshold values ranging, L p norms, and different parametric values for c, it was derived that the proposed algorithm outperforms with small L p values and high Kitsune scores. ese results show that the proposed research is capable of identifying intrusion and replicating the application of the proposed algorithms in the field of network security.

Data Availability
e proposed study has used the data avaliable online in the UCI Machine Learning Repository.  Security and Communication Networks