Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.

We would like to thank the research environment provided by the Information Sciences, Technologies, and Architecture Research Center (ISTAR), supported by Fundação para a Ciência e a Tecnologia (FCT), Portugal, under projects UIDB/04466/2020 and UIDP/0446

Network intrusion detection system (NIDS),Intrusion detection,Anomaly detection,Deep learning (DL),Long short-term memory (LSTM)

• Computer and Information Sciences - Natural Sciences
• Physical Sciences - Natural Sciences
• Civil Engineering - Engineering and Technology
• Electrical Engineering, Electronic Engineering, Information Engineering - Engineering and Technology

This publication is an output of the following project(s):

• Alternative Shaper
• Impact of Blockchains and Decentralised Ledger Technologies