Two-level intrusion detection system for Internet of Things network based on deep learning

Along with the growth in the use of Internet of Things networks for various applications, threats and attacks related to these types of networks have also increased. Intrusion detection systems are designed and used to detect and identify attacks in this type of networks, and to identify intrusions or abuses that are going to take place from the network, and to inform the relevant authorities about this issue. In most intrusion detection systems, various methods and algorithms are used, including deep neural networks (DNNs), support vector machines (SVM), or multilayer perceptron (MLP), and other traditional machine learning models. Each method has advantages and disadvantages, but it usually has a lower accuracy rate than combined methods. In recent years, the idea of combining classifications has been used for anomaly-based diagnosis. In this research, to reach better accuracy, we used the combination of principal component analysis (PCA) and convolutional neural network (CNN) algorithms to design our intrusion detection system. In the initial step of the proposed method, after preprocessing including conversions and normalizations, valuable features for classification are extracted. In this study, the NSL-KDD dataset, which has been mentioned in many scientific articles as a valid reference dataset in the field of intrusion detection, has been used. In fact, due to the high number of data dimensions and the high dispersion of feature values, we used a dimension reduction method. The dimensionality reduction method used in this research is principal component analysis (PCA). In the PCA method, the dimensions of the data are reduced in such a way that the reduced dimension data also includes the vital information of the dataset. We used PCA in order to reduce the size and volume of the input data to help increase the efficiency of our main algorithm and the new data generated with this algorithm is provided to the CNN classifier. A convolutional neural network is a special type of neural network with multiple layers that processes data that has a grid arrangement and then extracts important features from them. Here, accurate pattern learning and deep insight from the given data are our two main reasons for using CNN. In the proposed approach, we have two level classification including binary CNN and multi-class CNN, for detecting attacks and exact type of them, respectively. That is, firstly attacks and normal data are identified by binary classification and then by multi-class classification, the types of attacks are identified and separated. In fact, the type of attacks which includes one of DoS, U2R, R2L and Probe cases is determined using second convolutional neural network. Based on the obtained results, we have witnessed the growth of the accuracy rate of the proposed method compared to many other popular methods. In the evaluation of accuracy parameter values for different phases of training and testing, competitive results are observed for binary classification phase. Here we consider the number of 15 rounds. As it is clear from the graph related to training, the accuracy values in the final courses have reached 0.94. The accuracy of the test has also approached the value of 0.9 in the last round. Also, the results obtained in multi-class CNN are such that the accuracy value is 0.99 in the classification of the training data samples and 0.97 in the classification of the test data samples. Moreover, the cost graphs for training and testing courses of multi-class CNN are shown. The cost of training and testing in the final round is 0.06 and 0.09, respectively.