WEDL-NIDS: Improving Network Intrusion Detection Using Word Embedding-Based Deep Learning Method

  • Jianjing Cui
  • Jun LongEmail author
  • Erxue Min
  • Yugang Mao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11144)


A Network Intrusion Detection System (NIDS) helps system administrators to detect security breaches in their organization. Current research focus on machine learning based network intrusion detection method. However, as numerous complicated attack types have growingly appeared and evolved in recent years, obtaining high detection rates is increasingly difficult. Also, the performance of a NIDS is highly dependent on feature design, while a feature set that can accurately characterize network traffic is still manually designed and usually costs lots of time. In this paper, we propose an improved NIDS using word embedding-based deep learning (WEDL-NIDS), which has the ability of dimension reduction and learning features from data with sophisticated structure. The experimental results show that the proposed method outperforms previous methods in terms of accuracy and false alarm rate, which successfully demonstrates its effectiveness in both dimension reduction and practical detection ability.


Network intrusion detection Deep neural networks Word embedding Long short-term memory networks 



This research work is supported by National Natural Science Foundation of China under grant number 61105050.


  1. 1.
    Wang, W., Zhu, M., Zeng, X., et al.: Malware traffic classification using convolutional neural network for representation learning. In: International Conference on Information Networking, pp. 712–717. IEEE (2017)Google Scholar
  2. 2.
    Wang, W., Sheng, Y., Wang, J., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)CrossRefGoogle Scholar
  3. 3.
    Mikolov, T., Yih, W.T., Zweig, G.: Linguistic regularities in continuous space word representations. In: HLT-NAACL (2013)Google Scholar
  4. 4.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: International Conference on Neural Information Processing Systems, pp. 1097–1105. Curran Associates Inc. (2012)Google Scholar
  5. 5.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  6. 6.
    Tang, T.A., Mhamdi, L., McLernon, D., et al.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE (2016)Google Scholar
  7. 7.
    Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha, A., Takahashi, R., Schaefer, G., Costa, L. (eds.) Soft Computing in Industrial Applications. AINSC, vol. 96, pp. 293–303. Springer, Heidelberg (2011). Scholar
  8. 8.
    Fiore, U., Palmieri, F., Castiglione, A., et al.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)CrossRefGoogle Scholar
  9. 9.
    Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA (2015)Google Scholar
  10. 10.
    Javaid, A., Niyaz, Q., Sun, W., et al.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp. 21–26 (2016)Google Scholar
  11. 11.
    Yu, Y., Long, J., Cai, Z.: Session-based network intrusion detection using a deep learning architecture. In: Torra, V., Narukawa, Y., Honda, A., Inoue, S. (eds.) MDAI 2017. LNCS (LNAI), vol. 10571, pp. 144–155. Springer, Cham (2017). Scholar
  12. 12.
    Yu, Y., Long, J., Cai, Z.: Network intrusion detection through stacking dilated convolutional autoencoders. Secur. Commun. Netw. 2017, 1–10 (2017)CrossRefGoogle Scholar
  13. 13.
    Yin, C., Zhu, Y., Fei, J., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)CrossRefGoogle Scholar
  14. 14.
    Mikolov, T., Le, Q.V., Sutskever, I.: Exploiting similarities among languages for machine translation. arXiv preprint arXiv:1309.4168 (2013)
  15. 15.
    Goldberg, Y., Levy, O.: word2vec Explained: deriving Mikolov et al.’s negative-sampling word-embedding method. arXiv preprint arXiv:1402.3722 (2014)
  16. 16.
    Pennington, J., Socher, R., Manning, C.: GloVe: global vectors for word representation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1532–1543 (2014)Google Scholar
  17. 17.
    Gu, J., Wang, Z., Kuen, J., et al.: Recent advances in convolutional neural networks. arXiv preprint arXiv:1512.07108 (2015)
  18. 18.
    Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: Advances in Neural Information Processing Systems, pp. 3104–3112 (2014)Google Scholar
  19. 19.
    Tavallaee, M., Bagheri, E., Lu, W., et al.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, CISDA 2009, pp. 1–6. IEEE (2009)Google Scholar
  20. 20.
    Song, J., Takakura, H., Okabe, Y.: Description of Kyoto University benchmark data.
  21. 21.
    Lippmann, R., Cunningham, R.K., Fried, D.J., et al.: Results of the DARPA 1998 offline intrusion detection evaluation. In: Recent Advances in Intrusion Detection, vol. 99, pp. 829–835 (1999)Google Scholar
  22. 22.
    Mchugh, J.: Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000)CrossRefGoogle Scholar
  23. 23.
    Shiravi, A., Shiravi, H., Tavallaee, M., et al.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)CrossRefGoogle Scholar
  24. 24.
    Akyol, A., Hacibeyoglu, M., Karlik, B.: Design of multilevel hybrid classifier with variant feature sets for intrusion detection system. IEICE Trans. Inf. Syst. E99.D(7), 1810–1821 (2016)CrossRefGoogle Scholar
  25. 25.
    Sallay, H., Ammar, A., Saad, M.B., et al.: A real time adaptive intrusion detection alert classifier for high speed networks. In: IEEE International Symposium on Network Computing and Applications, pp. 73–80. IEEE (2013)Google Scholar
  26. 26.
    Yassin, W., Udzir, N.I., Muda, Z., et al.: Anomaly-based intrusion detection through K-Means clustering and Naives Bayes classification (2013)Google Scholar
  27. 27.
    Tan, Z., Jamdagni, A., He, X., et al.: Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans. Comput. 64(9), 2519–2533 (2015)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: IEEE International Conference on Smart Computing, pp. 1–8. IEEE (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceNational University of Defense TechnologyChangshaChina

Personalised recommendations