A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 7 Issue 3
Apr.  2020

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 11.8, Top 4% (SCI Q1)
    CiteScore: 17.6, Top 3% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
Hao Zhang, Yongdan Li, Zhihan Lv, Arun Kumar Sangaiah and Tao Huang, "A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine," IEEE/CAA J. Autom. Sinica, vol. 7, no. 3, pp. 790-799, May 2020. doi: 10.1109/JAS.2020.1003099
Citation: Hao Zhang, Yongdan Li, Zhihan Lv, Arun Kumar Sangaiah and Tao Huang, "A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine," IEEE/CAA J. Autom. Sinica, vol. 7, no. 3, pp. 790-799, May 2020. doi: 10.1109/JAS.2020.1003099

A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine

doi: 10.1109/JAS.2020.1003099
Funds:  This work was supported by the National Key Research and Development Program of China (2017YFB1401300, 2017YFB1401304), the National Natural Science Foundation of China (61702211, L1724007, 61902203), Hubei Provincial Science and Technology Program of China (2017AKA191), the Self-Determined Research Funds of Central China Normal University (CCNU) from the Colleges’ Basic Research (CCNU17QD00 04, CCNU17GF0002), the Natural Science Foundation of Shandong Province (ZR2017QF015), and the Key Research and Development Plan–Major Scientific and Technological Innovation Projects of Shandong Province (2019JZZY020101)
More Information
  • In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine (DBN-SVM). Sliding window (SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is implemented. Based on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method’s real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.


  • loading
  • [1]
    P. Y. Zhang, S. Shu, and M. C. Zhou, “An online fault detection model and strategies based on SVM-grid in clouds,” IEEE/CAA J. Autom. Sinica, vol. 5, no. 2, pp. 445–456, Mar. 2018. doi: 10.1109/JAS.2017.7510817
    D. E. Denning, “An intrusion-detection model,” in Proc. IEEE Symposium on Security and Privacy, Oakland, USA, 1986, pp. 118–131.
    D. E. Denning and P. G. Neumann, “Requirements and model for IDES: a real-time intrusion detection system,” SRI Int., 1985.
    B. Li, J. Z. Wang, P. Zhao, Z. J. Yan, and M. Yang, “Research of recognition system of web intrusion detection based on storm,” in Proc. 5th Int. Conf. Network, Communication and Computing, Kyoto, Japan, Dec. 2016, pp. 98–102.
    L. Zhu and C. S. Zhu, “Data stream sliding window clustering algorithm applied in IDS,” Comput. Eng. Appl., vol. 50, no. 1, pp. 87–90, Jan. 2014.
    C. C. Ge, “The research and application of data stream mining in intrusion detection,” M.S. thesis, Guangdong University of Technology, Guangzhou, China, 2013.
    N. C. N. Chu, A. Williams, R. Alhajj, and K. Barker, “Data stream mining architecture for network intrusion detection,” in Proc. IEEE Int. Conf. Information Reuse and Integration, Las Vegas, USA, 2004, pp. 363–368.
    Y. Yu, S. Q. Guo, and H. Huang, “Anomaly intrusion detection based on data stream,” Comput. Sci., vol. 34, no. 5, pp. 66–71, 114, May 2007.
    D. K. Sadhasivan and K Balasubramanian, “A fusion of multiagent functionalities for effective intrusion detection system,” Secur. Commun. Netw., pp. 6216078, Jan. 2017.
    S. Shamshirband, N. B. Anuar, M. L. M. Kiah, and A. Patel, “An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique,” Eng. Appl. Artif. Intell., vol. 26, no. 9, pp. 2105–2127, Oct. 2013. doi: 10.1016/j.engappai.2013.04.010
    A. Chauhan, G. Mishra, and G. Kumar, “Survey on data mining techniques in intrusion detection,” Int. J. Sci. Eng. Res., vol. 2, no. 7, pp. 1–4, Jul. 2011.
    J. J. Davis and A. J. Clark, “Data preprocessing for anomaly based network intrusion detection: a review,” Comput. Secur., vol. 30, no. 6–7, pp. 353–375, Sep.–Oct. 2011. doi: 10.1016/j.cose.2011.05.008
    S. A. Joshi and V. S. Pimprale, “Network intrusion detection system (NIDS) based on data mining,” Int. J. Eng. Sci. Innov. Technol., vol. 2, no. 1, pp. 95–98, Jan. 2013.
    G. V. Nadiammai and M. Hemalatha, “Effective approach toward intrusion detection system using data mining techniques,” Egypt. Inform. J., vol. 15, no. 1, pp. 37–50, Mar. 2014. doi: 10.1016/j.eij.2013.10.003
    M. Panda, A. Abraham, and M. R. Patra, “A hybrid intelligent approach for network intrusion detection,” Procedia Eng., vol. 30, pp. 1–9, 2012.
    A. Biswas, M. Sharma, T. Poddder, and N. Kar, “An approach towards multilevel and multiagent based intrusion detection system,” in Proc. IEEE Int. Conf. Advanced Communications, Control and Computing Technologies, Ramanathapuram, India, 2014, pp. 1787–1790.
    W. Wang, T. Guyet, R. Quiniou, M. O. Cordier, F. Masseglia, and X. L. Zhang, “Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks,” Knowl.-Based Syst., vol. 70, pp. 103–117, Nov. 2014. doi: 10.1016/j.knosys.2014.06.018
    Y. X. Chen and L. Tu, “Density-based clustering for real-time stream data,” in Proc. 13th ACM SIGKDD Int. Conf. Knowledge Discovery and Data Mining, San Jose, USA, 2007, pp.133–142.
    M. M. Rathore, A. Paul, A. Ahmad, S. Rho, M. Imran, and M. Guizani, “Hadoop based real-time intrusion detection for high-speed networks,” in Proc. Global Communications Conf., Washington, USA, 2017, pp.1–6.
    Y. Li, B. X. Fang, L. Guo, and Z. H. Tian, “Supervised intrusion detection based on active learning and TCM-KNN algorithm,” Chin. J. Comput., vol. 30, no. 8, pp. 1464–1473, Aug. 2007.
    S. A. Abdulla, S. Ramadass, A. Altaher, and A. Al Nassiri, “Setting a worm attack warning by using machine learning to classify NetFlow data,” Int. J. Comput. Appl., vol. 36, no. 2, pp. 49–56, Dec. 2011.
    D. S. Terzi, R. Terzi, and S. Sagiroglu, “Big data analytics for network anomaly detection from netflow data,” in Proc. Int. Conf. Computer Science and Engineering, Antalya, Turkey, 2017, pp.592–597.
    A. R. Syarif and W. Gata, “Intrusion detection system using hybrid binary PSO and K-nearest neighborhood algorithm,” in Proc. 11th Int. Conf. Information & Communication Technology and System, London, UK, 2017, pp.181–186.
    C. Wagner, J. François, R. State, and T. Engel, “Machine learning approach for IP-flow record anomaly detection,” in Proc. 10th Int. Networking Conf., Valencia, Spain, 2011.
    L. Khan, M. Awad, and B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” VLDB J., vol. 16, no. 4, pp. 507–521, Oct. 2007. doi: 10.1007/s00778-006-0002-5
    E. W. T. Ferreira, G. A. Carrijo, R. de Oliveira, and N. V. de Souza Araujo, “Intrusion detection system with wavelet and neural artifical network approach for networks computers,” IEEE Latin America. Trans., vol. 9, no. 5, pp. 832–837, Sep. 2011. doi: 10.1109/TLA.2011.6030997
    S. S. Sivatha Sindhu, S. Geetha, and A. Kannan, “Decision tree based light weight intrusion detection using a wrapper approach,” Expert Syst. Appl., vol. 39, no. 1, pp. 129–141, Jan. 2012. doi: 10.1016/j.eswa.2011.06.013
    P. Louvieris, N. Clewley, and X. H. Liu, “Effects-based feature identification for network intrusion detection,” Neurocomputing, vol. 121, pp. 265–273, Dec. 2013. doi: 10.1016/j.neucom.2013.04.038
    A. Karami and M. Guerrero-Zapata, “A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks,” Neurocomputing, vol. 149, pp. 1253–1269, Feb. 2015. doi: 10.1016/j.neucom.2014.08.070
    I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a hew intrusion detection dataset and intrusion traffic characterization,” in Proc. 4th Int. Conf. Information System Secwrity and Privacy (ICISSP), Portugal, pp. 108–116, Jan. 2018.
    N. Gao, L. Gao, and Y. Y. He, “Deep belief nets model oriented to intrusion detection system,” Syst. Eng. Electron., vol. 38, no. 9, pp. 2201–2207, Sep. 2016.


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(10)  / Tables(3)

    Article Metrics

    Article views (1225) PDF downloads(81) Cited by()


    • This method is based on NetFlow design and can capture the data flow in the network with high detection efficiency.
    • The method mines frequent patterns in data based on nested sliding windows (NSW) and a genetic algorithm. It then compares these patterns with a safe frequent pattern set and an attack frequent pattern set, determining whether they represent normal data, known attacks or unknown attacks, to detect network intrusion behaviors efficiently in real time.
    • For attack-type data, a classification algorithm based on the deep belief network and support vector machine (DBN-SVM) is applied to accurately classify the attack type. The combination of DBN and SVM effectively improved the classification accuracy.
    • Compared with the existing detection methods, the intrusion detection method proposed in this paper is found to have higher accuracy and detection efficiency. Therefore, it is suitable for the current high-capacity and high-speed network environment.


    DownLoad:  Full-Size Img  PowerPoint