CNN-based Network Intrusion Detection and Classification Model For Cyber-Attacks
CNN-based Network Intrusion Detection and Classification Model For Cyber-Attacks
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
CNN-based Network Intrusion Detection and
Classification Model for Cyber-Attacks
Uwadia Anthony. O
Department of Information and Communication Engineering
Elizade University, Ilara-mokin, Ondo State
Abstract:- A Convolution Neural Network (CNN)-based Due to the increasing number of network attacks, the
Network Intrusion Detection Model for Cyber-attacks is Intrusion Detection System (IDS) has gained more
of great value in identifying and classifying attacks on importance and attention in practical applications for
any network. The Knowledge Discovery in Database network security [24]. An IDS is considered the second line
Cup '99 dataset containing approximately 4,900,000 of defense used to prevent an intruder from accessing the
single connection vectors was divided into two phases; network and protects the network's data, confidentiality,
75% of the total dataset was used during the learning integrity, and availability[8]. The signature-based IDS or
process of the machine learning technique, while 25% misuse detection methods can detect only known attacks
was used on a fully trained model to validate and and occur with the help of a database of attack signatures.
evaluate its performance. The model's performance However, the problem occurs with unknown attacks, i.e.,
indicated that it can detect and classify different classes zero-day attacks, because no signature is detected for the
of attacks with an accuracy of 98% with 20 epochs at a new attacks such as DDoS, phishing, and ransomware
0.001 learning rate using machine learning. The model attacks. The consequence of a security breach might be
loss for the training and validation was 7.48% and rather severe, but large-scale cyber-attacks could be
7.98%, respectively, over 20 epochs, which implies that countered by effective Network Intrusion Detection
the model performed better on the training dataset. Systems (NIDS) [18]. NIDS involves identifying
This study demonstrated that the convolutional Neural unauthorised access to networks through the collection and
network-based Network Intrusion Detection and analysis of network connections and is essential to securing
classification model shows high detection and low false and protecting the communication infrastructure. Network
negative rates. The CNN model offers a high detection Intrusion detection systems have a wide range of
rate and fidelity to unknown attacks, i.e., it can applications, including fraud detection, network monitoring
differentiate between already-seen attacks and new and security. In surveys, intrusion detection techniques
zero-day attacks. At the end of the experiment, the have been identified as a significant field of research in
proposed approach is suitable in modeling the network ensuring network security.
IDS for detecting intrusion attacks on computer networks
thereby enabling a secured environment for the proper Moreover, new techniques and methods are in high
functioning of the system demand, among which the methods and techniques of ML
and ANNs have been widely accepted. Due to the large
Keywords:- Component; Network; Intrusion Detection volume of data, complexity and irregularity of the attacks,
System (IDS); Convolutional Neural Network(CNN); machine learning-based techniques can be adopted for an
Artificial Neural Network(ANN); Machine Learning (ML) attack detection system. However, supervised learning
increases the chances of a false positive rate during
I. INTRODUCTION detection.
The internet has become an unavoidable part of CNNs have become increasingly popular for network
people’s lives, permeating every sector of human activity. intrusion detection because of their major characteristics,
The importance of the internet is not lost to cybercriminals, such as automatic feature extraction and parameter sharing,
who now prefer the cyber domain over the traditional that reduce computational complexity during training. In
world[14]. Cyber-attacks on computer systems have essence, CNN-based models have specific attributes that
increased rapidly over the years. Any computer system make them suitable. With CNNs showing good results in
connected to a network with open ports is at high risk of various pattern recognition problems, it is believed that this
being accessed. With the increasing complexity and method - CNN can be used to classify different attacks. A
quantity of network packets transmitted in networks, the CNN can learn and filter out irrelevant features, reducing
threat of cyberattacks is on the rise [12]. In the past, the risk of false positive alerts [23]. CNNs are a segment of
firewall systems provided a good enough level of security deep learning, and they are widely used in various fields
by following the defense-in-depth principle. However, with ranging from computer vision [4] to object and pattern
the advancement of cyber-attacks, the same level of recognition.
security can’t be ensured.
IJISRT24JUL1158 www.ijisrt.com 1839
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
In comparison to other machine learning models, There has been an increase in the use of deep learning
Convolutional Neural Network (CNN)-based models are algorithms in developing a Network Intrusion Detection
ideally used for detecting cyber-attacks by decomposing the System (NIDS) to detect known and unknown network
input data using filters. This work aims to model a CNN- attacks. Many software systems and network environments
based Network intrusion detection and classification of have become more complex and prone to security breaches
cyber-attacks [8]. Several of these NIDS based on deep learning have
demonstrated impressive detection accuracy by efficiently
In literature, several techniques for tackling NIDS creating model representations from input data.
have been presented in this respect. Still, many proposed
identifying methods impose excessive computational [11] proposed an intrusion detection model using
complexity and require a significant computing capability AlexNet for multi-class classification of DoS and DDoS
to identify intrusions. To address this concern, the deep attacks. The model has 8(eight) layers with 4(four)
learning strategy is used in this study as it has lately earned convolutions and 3(three) fully connected layers. In their
enormous attention due to its flexibility, scalability, and work, to balance the dataset, a Deep Convolutional
potential to largely assign to (automatic) detection. Generative Adversarial Network(DCGAN) model was used
to generate a fake real-time dataset in the same proportions
II. LITERATURE REVIEW as the actual real-time dataset where the MNIST data set
was used. The Adam Search Optimization Algorithm was
Network intrusion detection systems are the front-line used to optimise the ANN parameters.
defense for modern network security. IDSs play a pivotal
role in the cyber security of organisational computer In 2023, [12] performed experiments on reduced
networks. Traditionally, Intrusion detection is performed in feature sets (CCIDS 2018, UNSW 2016) and multiple
two stages: The first stage identifies threats, and the second supervised classification algorithms to assess the sensitivity
stage creates rules for security devices, including and influence of individual features. Deep CNN and
generating rules for an IDS to identify possible threats and convolutional layers were not used in their work. They
an IPS to save the organisation from possible threats based have only used 3(three) convolutional feature extractor
on these rules. The critical limitation of traditional IDS layers and 2(two) fully connected layers with digital
employing rule-based methods is invaluable to a precise dropout and rectified linear activation functions in their
measure [6]. The main aim of cyber security is to protect model design.
our systems, hardware, software and data from cyber-
attacks that may compromise one or more of the following In another study, [15] tried to achieve a more accurate
properties: Confidentiality, Integrity, Availability, and network packet classification by chopping the time-
Authenticity[2]. Cyber-attacks can be divided into two stamped packet headers to fixed-term intervals. In their
categories: Passive attacks, which use monitoring or work, three ordinal interceptions were captured to detect
viewing techniques, whereas Active attacks, typically network abnormities in the downstream traffic: Up-beam
referred to as altering, modifying and destroying the data, size, down-stream packet average length and the byte
can be achieved using various mechanisms. distribution range of the downstream packet.
In a rapidly evolving cybersecurity arms race, utilising This shows that studies have been conducted on
the most advanced tools and techniques is critical to ensure network-based intrusion detection systems designed using
timely and effective identification of unknown network machine-learning techniques [14]. Still, some of the
attacks [23]. ML technology has transformed the Network reviewed literature revealed that incorporating CNN for
Intrusion Detection System (NIDS) due to its ability to experiments that involve large volumes of traffic, CNN also
recognise unknown attacks effectively. Nowadays, most of proved to be faster than most machine learning models [3]
the research on NIDS is based on the ML technology [25].
Various ML techniques are introduced for the detection of III. METHODOLOGY
network attacks, including decision tree, support vector
machine (SVM), genetic algorithms, ANN, k-nearest The subsections below cover the methodologies
neighbours (KNN), and clustering [10]. ANN has received involved in the implementation of this study. Figure 1
extraordinary attention among these ML techniques due to shows the block diagram for the network Intrusion
its effectiveness. State-of-the-art convolutional neural Detection Model.
networks (CNNs) have produced numerous breakthrough
results in computer vision, speech recognition, and natural
language processing [26]. Machine learning-based IDSs
can provide semiautomatic mechanisms, which are good
learners and quick to secure organisational networks [24].
In recent years, deep learning-based models, specifically
Convolutional Neural Networks (CNNs), have begun to
demonstrate tremendous potential in tackling the problems
of Network Intrusion Detection.
IJISRT24JUL1158 www.ijisrt.com 1840
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
A. Data Collection
The first step in creating an intrusion detection system
is to examine the dataset to detect intrusion attacks [7]. This
stage is the Data Acquisition Process, which collects
different connections.
The KDD Cup 99 dataset, based on the DARPA
Intrusion Detection Evaluation dataset, was created at the
MIT Lincoln Lab in an emulated network environment
[16]. The dataset used in scenarios of this type typically
consists of traffic to be analysed to detect an intrusive
attack. It consists of approximately 4.9 million single
connection vectors with 41 packet features, labelled as
normal or an attack, with exactly one specific attack type
gathered through an internet connection implemented based
on TCP/IP connection settings [19].
The KDD Cup 99 Dataset, with an imbalanced class
distribution favouring the most frequent class (DoS
attacks), has been criticised for its deficiencies. Despite its
shortcomings, it is widely used in Intrusion Detection
Research Study and remains popular. The dataset includes
21 attacks grouped into four(4) categories: DoS, U2R, R2L
and Probing, or as normal, each with distinct characteristics
having different occurrences. 109,189 occurrences of
records were extracted, as shown in Table 1
Fig 1: Block Diagram of the Network Intrusion Detection
Model for Cyber-Attacks
Table 1: Data Distribution of the Classes of Intrusion Attacks and Normal Connections
IJISRT24JUL1158 www.ijisrt.com 1841
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
The fundamental features of any internet connection implemented based on the TCP/IP connection setting are shown in
Table 2.
Table 2: Basic Features of TCP/IP Connection.
Source: [1]
B. Data Pre-Processing and Cleaning in Figure 2 and implementing different statistical
After collecting the dataset from trusted sources, the measurement values such as occurrence distribution,
second stage is the Data pre-processing and cleaning stage, classes of attacks and percentage of occurrences.
which is the importing procedure of the dataset, as shown
Fig 2: Importing Procedure of KDD Cup ’99 Dataset
In the data preparation stage, data cleaning, which is (expected outcomes), which represent the 21 different
crucial, involves removing null values and duplicate entries classes of attacks. This stage strips the datasets of errors,
from the dataset and storing them in a pickle file for future missing values, and unnecessary features. This stage
use. The Characteristics of the KDD Cup ’99 dataset, usually involves decision-making before gleaning the
including data points, features and output labels, are information from the dataset.
counted and explored through Exploratory Data Analysis
(EDA) using Python libraries like matplotlib, pandas and C. Dataset Split
seaborn. Utility functions like Bi-variate and Univariate The dataset was split into two sections: a training set
Analysis are employed to create plots showing the to train the CNN detection algorithm and a test set
percentage distribution of the data points for each class and completely hidden from the training process. 75% of the
feature in the dataset. Data encoding converts categorical dataset was used for training, while 25% was used to
data into a numerical form for model training. Finally, the evaluate the model's performance, which was randomly
data is then organised into “x” (training variables) and “y” selected with their statistics, as shown in table 3
IJISRT24JUL1158 www.ijisrt.com 1842
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
Table 3: Dataset Percentage Splitting
D. Model Design and Development used the activation function to incorporate non-linearity
In this research study, an interlinked multi-layered effects into the developed model. Two activation (ReLU
neural network was used. The five-layered neural network and softmax) functions were used in this research. These
is structured with several trainable parameters, as shown in layered neural networks used the same activation function
table 4. (ReLU), while the Softmax activation function was used for
the last layer of the CNN, which is the denser layer (outer
The multiple layered neural networks earn over the layer) due to its capability to handle the classification of
input data using a selected kernel filter to extract important multi-classification problems.
features seen as important in the model. The model training
Table 4: Summary of the CNN Model Parameter
Layer(type) Output Shape Trainable Parameters
Dense(Dense) None, 10 1,210
Dense_1(Dense) None, 50 550
Dense_2(Dense) None, 10 510
Dense_3 None, 1 11
Dense_4 None, 23 46
Total Trainable Parameters 2,327
E. Model Flowchart F. Model Implementation and Environment
The flowchart for the model developed in this study is This study was implemented in Python, using
shown in Figure 3. TensorFlow with Keras in the backend [9] on a core i3,
4GB DDR RAM, and a web IDE for colab with Windows
10 operating system. Machine learning libraries like Sci-kit
learn were used, other libraries such as Pandas were used
for data analysis and manipulation, NumPy was used for n-
dimensional array support, and Matplot lib was used to
produce graphs for the result.
G. Performance Evaluation
As an essential part of the process of research and
development of the network-based intrusion detection and
classification systems, performance metrics provide
transformation in developing the accuracy, precision, recall,
false positive rate, detection rate, and computational cost of
machine learning-driven detection model [13]. Thus, these
are used to model the system according to the specific
requirement of the problem because all the performance
matrix’s computation depends on the type of classes
present in it.
For the performance evaluation of the proposed
model, statistical metrics were used, which include
Detection Rate (DR), False Alarm Rate (FAR), Efficiency
(Ef), Micro Precision, Micro Recall and Micro F1-score.
Fig 3: Flowchart of the Network Intrusion Detection and
Classification Model
IJISRT24JUL1158 www.ijisrt.com 1843
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
(1) Where:
𝑇𝑃: True Positives is the number of legal packets
(2) identified correctly by the system and reach the destination
safely.
(3)
𝑇𝑁: True Negatives is the number of packets dropped in
the network before reaching the destination.
Precision (PN): the ratio of the number of cases the
model could accurately predict the class of test data
over the sum of correct predictions and those the model 𝐹𝑃: False Positives is the number of attack packets that
assumed to be correct but was wrong. [20] expressed are forwarded to the destination falsely.
precision mathematically as presented in equation 4
𝐹𝑁: False Negatives is the number of legal packets that are
discarded falsely
(4)
If RL or PN has a small value, then the F1-score tends
Accuracy: is the ratio of accurately classified data items to have a small value, which means that the larger f1-score
to the total number of observations. It is the closeness of depends on the larger RL or PN value. This unique metric
a measured value to a known value. [20] expressed has a value between 0 and 1; a larger f1-score indicates
accuracy mathematically as presented in equation 5. better performance.
Generally, the F1-score summarises the precision and
(5)
recall with an emphasis on the available threshold, which is
important because it compares different prediction models
Recall (RL): This is also referred to as sensitivity. It is
on the problem with varied probabilities, decision
the percentage of cases that the model was correct in
thresholds, and constraints for collaborating the NIDS with
predicting over the sum of correct predictions and
the same deployment.
incorrectly classified cases. [20] expressed recall
mathematically, as presented in equation 6
Confusion Matrix: Confusion matrix is one of the most
intuitive and descriptive metrics used to find the accuracy
RL = (6) and correctness of a machine learning algorithm. The
confusion matrix provides a more comprehensive
PN and RL values exist between 0 and 1; the larger evaluation of the performance of the NIDS by
value indicates better performance. classifying samples based on their true and predicted
F-measure (F1-score): is calculated by PN and RL due labels [21]. From the confusion matrix, the true positive
to multi-class Classification problems. The harmonic rate (TPR), false negative rate (FNR), false positive rate
mean of these two values forms the F1-score of the (FPR), and true negative rate (TNR) can be calculated
model and is a robust way to compare and evaluate the to compare the performance of the NIDS on different
developed model. [20] expressed F1-score classes of samples [14]. It is a visual representation of
mathematically as presented in equation 7 the model's performance, and its main usage is in
classification problems where the output contains two or more
classes. Precision, Accuracy, and Recall can be called
f1-score = = = 2* (7) through the confusion matrix for the model, which is
depicted in figure 4, showing the values of TP, TN, FP
and FN.
IJISRT24JUL1158 www.ijisrt.com 1844
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
Fig. 4: Confusion Matrix for the Model
IV. RESULT AND DISCUSSION
Figure 4 shows that the model has 446 misclassified
The model loss curve of the trained model depicted in attacks, which implies that the total false positive rate was
Figure 5 shows that the training and validation loss curves 446 connections, meaning that approximately 1.2% of
overlap. The graph shows that the model performed normal connections were classified into wrong categories
optimally on the trained and validation set, with a and an average detection rate of approximately 98.8%.
decreasing validation loss, until the 20th epoch. This
investigated the model fitting and overfitting over the The model loss obtained through certain iterations
training dataset. recorded a training loss of 7.48% and a validation loss of
7.98% over 20 epochs, as illustrated in Figure 6. The model
learning rate starts decreasing right from the beginning of
the training and slowly stabilises at the 12th epoch; the
learning rate of 0.001 used with the batch size indicates a
good model training process.
Fig 5: Model Loss Curve for the Trained Model
IJISRT24JUL1158 www.ijisrt.com 1845
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
Fig 6: Snippet of Model Training Process with Epoch
A summary of the experimental hyperparameters used REFERENCES
to train the CNN Model in this study is shown in table 5.
[1]. M. Almseidin, M. Alzubi, S. Kovacs, and M.
Table 5: Hyperparameters used for Training the CNN Alkasassbeh, “Evaluation of machine learning
Model in this Study algorithms for the intrusion detection system”, In
2017 IEEE 15th International Symposium on
Intelligent Systems and Informatics (SISY), 2017,
000277-000282
[2]. I. Al-Turaiki, and N. Altwaijry, “A Convolutional
Neural Network for Improved Anomaly-Based
Network Intrusion Detection”,2021,
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC823
3218/
[3]. A. Andalib, and V. Vakili Tabataba, “An
Autonomous Intrusion Detection System Using an
Ensemble of Advanced Learners”, 2020,
https://arxiv.org/pdf/2001.11936
[4]. B. Cao, C. Li, Y. Song, and X. Fan, “Network
Intrusion Detection Technology Based on
Convolutional Neural Network and BiGRU”, 2022,
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC901
V. CONCLUSION 9421/
[5]. L. D’hooge, M. Verkerken, T. Wauters, F. De
This study developed a CNN-based Network Intrusion Turck, and B. Volckaert, “Investigating Generalised
detection/classification model for cyber-attacks to classify Performance of Data-Constrained Supervised
different cyber-attacks using the KDD Cup 99 dataset. Machine Learning Models on Novel, Related
After applying hyperparameter optimisation techniques, a Samples in Intrusion Detection”, 2023,
single dataset – KDD Cup 99 dataset, which contains 21 https://www.ncbi.nlm.nih.gov/pmc/articles/PMC996
classes of attacks was used to train the model. 0990/
[6]. M. Dima Genemo, “Suspicious activity recognition
The experimental result shows that the developed for monitoring cheating in exams”, 2022,
model achieved an accuracy of 98% over 20 epochs with a https://www.ncbi.nlm.nih.gov/pmc/articles/PMC886
learning rate of 0.001, which accurately classified and 6922/
detected 21 different classes of attacks.
The result shows that the hyperparameter and
optimisation improved the overall performance of the
developed model.
IJISRT24JUL1158 www.ijisrt.com 1846
Volume 9, Issue 7, July – 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24JUL1158
[7]. M. Gao, L.. Ma, H. Liu, Z. Zhang, Z. Ning, and J. [19]. M. Tavallaee, E. Bagheri, W. Lu, and A. A.
Xu, “ Malicious Network Traffic Detection Based Ghorbani, “A detailed analysis of the KDD CUP 99
on Deep Neural Networks and Association data set”, In 2009 IEEE symposium on
Analysis”, 2020, computational intelligence for security and defense
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC708 applications, 2009, pp. 1-6
5765/ [20]. M. Vakili, M. Ghamsari, and M. Rezaei,
[8]. A. Henry, S. Gautam, S. Khanna, K. Rabie, T. “Performance Analysis and Comparison of Machine
Shongwe, P. Bhattacharya, B. Sharma, and S. and Deep Learning Algorithms for IoT Data
Chowdhury, “Composition of Hybrid Deep Classification”, arXiv preprint arXiv:2001.09636,
Learning Model and Feature Optimization for 2020, pp. 1-13.
Intrusion Detection Syste”, 2023, [21]. W. Wang, F. Harrou, B. Bouyeddou, S. M. Senouci,
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC986 and Y. Sun, Y, “A stacked deep learning approach
6711/ to cyber-attacks detection in industrial systems:
[9]. N. Ketkar, “Introduction to keras”, In Deep application to power system and gas pipeline
Learning with Python, Apress, Berkeley, CA, 2017, systems”, 2022,
pp. 99-111. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC849
[10]. M. Kodys, Z. Lu, K. Wai Fok, and V. L. Thing, 0 44/
“Intrusion Detection in Internet of Things using [22]. Z. Wang, F. A. Ghaleb, A. Zainal, M. Md Siraj, and
Convolutional Neural Networks”, 2022, X. Lu, “An efficient intrusion detection model
https://arxiv.org/pdf/2211.10062 based on convolutional spiking neural network,
[11]. A. Kumar Silivery, and R. Mohan Rao Kovvur, “A 2024,
model for multi-attack classification to improve https://www.ncbi.nlm.nih.gov/pmc/articles/PMC109
intrusion detection performance using deep learning 63367/
approaches”, 2023, https://arxiv.org/pdf/2310.16380 [23]. P. Wu, H. Guo, and R. Buckland, “A Transfer
[12]. A. Kumar Silivery, K. Ram Mohan Rao, and L. Learning Approach for Network Intrusion
Suresh Kumar, “An Effective Deep Learning Based Detection”,2019, https://arxiv.org/pdf/1909.02352
Multi-Class Classification of DoS and DDoS Attack [24]. T. Ahmad, D. Truscan, J. Vain, and I. Porres, “Early
Detection” 2023, https://arxiv.org/pdf/2308.08803 Detection of Network Attacks Using Deep Learning,
[13]. M. Mihailescu, D. Mihai, M. Carabas, M. 2022, https://arxiv.org/pdf/2201.11628
Komisarek, M. Pawlicki, W. Hołubowicz, and R. [25]. O. Ceviz, P. Sadioglu, S. Sen, and V. G. Vassilakis,
Kozik, “The Proposition and Evaluation of the “A Novel Federated Learning-based Intrusion
RoEduNet-SIMARGL2021 Network Intrusion Detection System for Flying Ad Hoc Networks’,
Detection Dataset”, 2021, 2023, https://arxiv.org/pdf/2312.04135
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC827 [26]. H. Dhillon and A. Haque, “Towards Network
2217/ Traffic Monitoring Using Deep Transfer Learning”,
[14]. X. H. Nguyen, X. D. Nguyen, H. H. Huynh, and K. 2021, [ https://arxiv.org/pdf/2101.00731
H. Le, “Realguard: A Lightweight Network
Intrusion Detection System for IoT Gateways” 2022,
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC877
8231/
[15]. V. Ramanathan, K. Mahadevan, and S. Dua, “A
Novel Supervised Deep Learning Solution to Detect
Distributed Denial of Service (DDoS) attacks on
Edge Systems using Convolutional Neural Networks
(CNN) ”, 2023, https://arxiv.org/pdf/2309.05646
[16]. M. Ring, S. Wunderlich, D. Scheuring, D. Landes,
and A. Hotho, “A survey of Network-Based
Intrusion Detection Data Sets”, Computers &
Security, 2019, vol. 86, pp 147-167
[17]. A. A. Sayed, A. A. Taher Azar, A. Ella Hassanien,
and S. El-Ola Hanafy, “Negative Selection
Approach Application in Network Intrusion
Detection Systems”, 2014,
https://arxiv.org/pdf/1403.2716
[18]. I. Shivhare, J. Purohit, V. Jogani, S. Attari, and D.
Madhav Chandane, “Intrusion Detection: A Deep
Learning Approach”, 2023,
https://arxiv.org/pdf/2306.07601
