Enhancing The Performance of Intrusion Detection Using CNN And Reduction Techniques

Recall) are evaluated. Classifier performs better than the other approaches at determining if the data stream is normal or malicious. which is used to assess deep learning's effectiveness, the suggested model results from a high level of accuracy. The experimental findings demonstrate the suggested system's ability to accelerate the intrusion detection process while reducing memory and CPU usage. Experimental results prove the theoretical considerations.Because the UNSW-NB15 data set contains a wide range of patterns that accurately represent contemporary real network traffic, New NIDS algorithms can therefore be assessed using it. MSC..

Intrusion Detection System is a useful technique for computer networks' defense-in-depth.Networkbased IDS scans network traffic for known or prospective harmful actions and issues a warning anytime anything suspicious is found.For the creation of IDS, neural networks, fuzzy logic, and Support Vector Machines (SVM) consider having been machine learning [1].To enhance classification performance for the training data.Some features in the high-dimensional feature space problem might be unnecessary or unimportant.It is crucial to eliminate these unnecessary or redundant characteristics because doing so could damage classifier performance.Finding a subset of characteristics that will increase prediction accuracy or reduce the size of the structure without significantly lowering the classifier's built-in prediction accuracy is known as feature selection [2].reduce dimensionality by providing a linear map of n-dimensional feature space to a reduced m-dimensional feature space.estimate the UNSW-NB15 dataset and propose an anomaly intrusion detection system relying on deep learning CNN, where PCA is applied for feature reduction, examining the effectiveness of this suggested system.convolutional neural network (CNN), a regularized multi-layer perceptron, is a component of the proposed deep learning model [3,4].Custom -hyper parameters for convolution operations include filter size, filter counts, and output matrix generation strides.While the input propagates through several convolutional layers, jointed input padding is used to accommodate diminishing tensor dimensions [5].In order to down sample or lower the feature dimensions across the layers, the pooling layer is employed between subsequent convolutional layers.classification output layer is next mentioned, followed by a fully linked layer with regularization.Network intrusion detection systems that incorporate pertinent elements and typical cyber problems and weaknesses, employing the most recent dataset of simulated web traffic.The proposed deep learning classification architecture with the PCA technique exhibited considerable improvements to classification models when compared to the results of similar deep learning-CNNbased network IDSs [6,7].A method for improving the definition of patterns belonging to different classes is feature reduction (RF), which involves deleting unnecessary and redundant characteristics and selecting the best subset of features [7,12].In this study, reduction features were created using PCA reduce approaches.
The main contributions of the study can be summed up as follows: • By fusing IDS strategies and deep learning techniques, this study evaluates the state of an IDS network.

• Deep learning-based intrusion detection systems should become more predictable. Neural Convolutional Networks
• Use CNN to process a dataset by extracting characteristics in different ways, predicting upcoming incursions, and obtaining more precise detection results.
• To increase efficiency, enhance the suggested model using the PCA feature reduction methods.
• Assess and contrast the proposed NIDSCNN using the datasets from UNSW-15.
The paper's structure includes.The following contains information on intrusion detection system research: previous works in section 2. Section 3's background information.Provide a proposed model in section 4. Section 5 contains experimental findings and discussions.Finally, section 6 provides a conclusion.

Previous works
R. Almarshdi et al. [8] Using the UNSW-NB15 dataset, construct an (IDS) architecture that relies on a (CNN) and Long Short-Term Memory (LSTM) model combination to find security breaches in IoT.A balanced and unbalanced dataset was used to compare the suggested model to the CNN model.The model performed with an accuracy of 92.10%.M. Hassan et al. [9] using a crossbred deep learning technique that effectively detects network intrusions using a weight decrease long -short term memory (WDLSTM) and a (CNN) network.to extract relevant features from IDS vast data to prevent overfitting on recurrent connections.results obtained 97.1% accuracy on the sizable UNSW-NB15 dataset.P. Wu and H. Guo [10] coordinate Recurrent Neural Networks(RNN) and CNN so that they can acquire the inputs at a comparable level of detail.To speed up learning, batch normalization is also incorporated into the architecture The UNSW-NB15 sets, have accuracy ratings of 84.98%.M. Azizjon et al. [11] create a machine-learning model for the Standardized regression on the 1D-CNN, by serializing Transmission Control Protocol / Internet Protocol (TCP/IP) packets through an identified time.Testing using the UNSW NB15 IDS dataset, and the findings show detection performance of 89.93%, A.Aleesa et al. [12] IDS based on Deep Learning ( DL) algorithms including Artificial neural network (ANN), Deep Neural Networks (DNN), and Recurrent Neural Networks (RNN) has been proposed.To find abnormal patterns, the UNSW-NB15 the suggested deep learning techniques achieved accuracy in the multi-class category of 99.59% and accuracy in the binary classification of 99.26%.L. Ashiku et al. [13] deep learning techniques for developing a network-based (IDS) that can recognize and classify threats.effectiveness of the model was demonstrated using the UNSW-NB15 dataset.results revealed a performance accuracy of 95.6%.this technique requires massive data to perform better.M. Hooshmand et al. [14] constructed a base for a 1D-CNN framework.The proposed approach initially organizes NetFlow data for the (TCP), User Datagram Protocol (UDP), and OTHER protocols before processing each group independently., The accuracy rate is 76.3% using the UNSWNB15 dataset.
In all related works, I focused on accuracy at the end of each work, in order to compare it with the model proposed in my work, and to indicate that the accuracy I obtained was higher than in previous works.

3.1.deep learning CNN techniques
Designing (NIDS) using several supervised deep-learning classifiers , this study explores how well classifiers perform when the PCA technique is used to reduce the dimensions and decrease the time required to detect assaults.The weights are shared locally in convolutional neural networks (CNN), which means that they are applied consistently across the input [15].Together, the weights coupled to the same output device form a filter.(1)A CNN layer is made up of the input convolutional with a number of trainable filters to extract local features.(2) A point-wise non-linearity that allows deep architectures to learn non-linear representations of the input data, similar to the logistic function.(3) a pooling operator that combines the statistics of the features at neighbouring locations to reduce computational costs as a result of the image's decreasing spatial size.Adding an output layer with all connections after the final convolutional layer [16].

3.2.dimensionality reduction techniques
The dimensionality curse problem is typically overcome by the initial data's low-dimensional data representation, which also makes analysis, processing, and visualization simple.benefits of applying dimensionality reduction techniques to a dataset [17].
1-diminution of the dimensions number and the data storage space size.2-The computation takes less time.3-It is possible to eliminate redundant, noisy, and irrelevant data.4-It's possible to improve data quality.5-Increasesaccuracy and facilitates the efficient operation of an algorithm.6-Enable data visualization 7-It streamlines classification and boosts output as well [18,19].
With the constant production of data at an ever-increasing rate, feature selection (FS) is regarded as a crucial strategy since it allows for the effective reduction of redundancy, the elimination of unneeded data, and an improvement in the readability of findings.Furthermore, To enhance the competence of data processing and storage, feature extraction, determining the most distinct, perceptive, and condensed set of attributes are solved.

3.2.1.principal component analysis
Unsupervised learning techniques like the PCA reduce the dimensionality of data.The PCA, a dimensionality reduction technique created by Karl Pearson in 1901, is commonly used to divide the features of large data sets into smaller features that contain the most data [20].PCA is frequently used to analyze data in an enormous range of fields.reviewed the PCA method for a number of theoretical and practical aspects [21].One of PCA's benefits is that it can eliminate duplicate features in a data set.
(2) Useful data is gathered to explain the high contrast and best resolution.(3) It improves the data's display.(4) It makes computations simpler and more effective.this tool enables the analysis of datasets that could include multi-collinearity, missing values, categorical data, and erroneous measurements.The objective is to identify the key information in the data and express it as a collection of summary indices known as primary components.deep learning algorithms and using PCA as a Dimensionality Reduction(DR) Method for classification is one of the most crucial uses [22,23] some undesired features may arise.In order to address these issues, begin calibrating the variants.Each data value is centered and divided into segments by the standard deviation from the vector measurements [24] when units change in one or more variables, according to the PCA (variance) standard that is based on the units of measure Computers based on a matrix covariance can change.sincethe covariance matrix of the standard dataset is practically the correlation matrix of the original data set so PCA considers the correlation matrix for standard data.matrix's eigenvectors used to describe the linear combinations to standard variables [25].These PCAs are not primarily connected with the covariance matrix's previously established PCAs [26] the matrix of correlation is directly proportional to the number of variables employed in the analysis.therefore PCAs are the best option because they are invariant to linear changes in measurement units.The covariance of the PCA matrix is significant.Because to the similarity of the variances in the original component, a PCA correlation matrix is produced.A portion of the overall variance is represented by the first two matrix PCs.For different datasets, differences may be more significant [27,28].
The stages of the PCA are shown [29,30]: • X represent a PCA input matrix with just an n-vector and an m-dimensional data collection.
• Use the given Eq. ( 2) to determine the covariance matrix (C x) [30]: (2) • Using Eq. ( 3), determine the eigen-values , eigen-vectors (v m) of the covariance matrix [30]: eigen-values denoted by m eigen-vectors denoted by v m (3) • The eigenvalues put in descending order.. • A set of eigenvectors known as a principal component (PC) corresponds to the arranged eigenvalues from step 5.

4-Proposed Classification Model
the structure suggested on this side.The major steps are necessary to accomplish the goals.Each phase is covered in detail in the following subsections, The first step in data preparation is standardization.Second, PCA techniques lower the number of features required during the classification phase and determine which ones are most important.With the help of the suggested (NIDCNN) model, the third stage estimate the network data flow is normal or abnormal.In the end, a variety of metrics were used to assess the results of the proposed model.

First Stage:
Load UNSW-NB15 dataset to create the arriving network packets for the UNSW-NB 15 dataset in the UNSW Canberra Cyber Range Lab, IXIA PerfectStorm program was used to provide a blend of real-world contemporary daily operations and synthetic current attack,characteristics.The tcpdump application was used to record 100 GB of unprocessed traffic (e.g., Pcap files).There are nine types of attacks in this dataset, by Using 12 algorithms, the Argus and Bro-IDS tools are utilized to generate 49 characteristics with the class label.The UNSW-distinctive traits NB15 The features are described in a CSV file, There are a total of 540,044 records in the four CSV files UNSW-NB15 (1,2,3,4.csvUNSW-NB15) in the four CSV files.
By separating this data into a training set of 175.341 records and a testing set of 82,332 files for the UNSW NB15.csv.

Second stage : UNSW-NB15 Dataset division
The Hold-out-validation method was used to guarantee accurate generalization and avoid overtraining.70% of the sets are for training, while 30% are for testing.theUNSW-NB15 dataset was divided into two subsets.The details of this approach are explained as follow: Algorithm 1 The "Dataset division" • UNSW-NB15 dataset as inputs • Show the values by splitting the dataset into practice and examination sets (70/30).

• start
• Sets of model parameter values for evaluation are explained.
• any group coefficient resulting from all iterations of repetition and sampling • Conclusion: Apply the model to the remaining data after removing a particular sample.
• Learn about the recalcitrant samples.

• pause for
• It is important to assess how hold-out estimates typically perform.

• pause for
• Choose the best possible combination of parameters.
• Using the idealistic parameter group, fit the final model to the entire set of workout data.

Third stage: Preprocessing UNSW-NB15 Dataset
Preprocessing, , seeks to transform the raw dataset into a straightforward and effective format.the primary goal of creating a dataset suitable for deep learning algorithms is to ensure its reliability.In this case, the conventional scaler strategy is used to finish this level.according to algorithm (2), When the data had been separated in the previous stage, it was employed as a preprocessing.Both situations include this procedure (training and testing).• Find • Find standard deviation , represent result as σ.

• End
Forth Stage: Reduce features firstly using PCA, Algorithm Input: Standardized data (SD) Output: Reduced features (RF) • start • Establish a data matrices with each of the values for the parameters in the columns and then each row represents a distinct item in the row.• Compute covariance matrix using Eq. .• End

Experimental Results and Discussions
With the UNSW-NB15dataset, the new standard intrusion detection data set, deep learning CNN methods using PCA are tested.These algorithms are tested on an Intel(R) Core(TM) i7-8565U CPU running at 1.80 GHz or 1.99 GHz, 10 GB of Memory, a 64-bit operating system, and Python 3.6.
all the data textual converted to numerical form.data is divided into testing and training data.The proposed are built using PCA the most often used linear feature extraction techniques.Precision, recall, accuracy, and F-score, According to the pre-processing methodology utilized the results of the proposed system are split into two sections: first without the use of any feature reduction techniques, and second using PCA to reduce features in three scenarios (PCA-10, PCA-15, PCA-20), factors mentions up are used to compare the models' performances

performance evaluation
For the purpose of evaluating the suggested NIDCNN approach, we used a variety of evaluation techniques., measures are used to assess a classifier's accuracy, F-Score, precision, and sensitivity (Recall) [31,32].
Where, correspondingly, the acronyms for positive and true negative are TP and TN, whereas false positive and false negative are denoted by FP and FN, respectively [31,32].

2 results and discussions
The NIDCNN model was developed specifically to handle input that is only one dimension.Researchers have previously employed a number of general strategies as well as supplementary deep learningbased techniques for the identification of network breaches.For practice take 70% and traineeship take 30%, these dataset partitions of the total data.We measured the accuracy, precision, recall, and F-score of the NIDCNN model to assess its effectiveness.Each measure is explained separately in Equations (7 to 10) .
using the proposed model with 42 features without feature reduction techniques (pure), the outcomes were a time of 0.532 seconds, 100% accuracy, 100% precision, 31% recall, and a 48% F-score.table (1) displays these results and the chart explained figure (2).Table (1) to (4) shows that employing the suggested 1D-CNN with PCA-10 based approaches in time 0.106, we obtained 100% testing accuracy, 100% precision, 63% recall, and a 79% F-score.The results are remarkably equivalent when utilizing 1D-CNN with PCA-15 based techniques in time of 0.29 to achieve testing accuracy, precision, recall, and F-score of 79%, 100%, and 100% respectively.The results of the measurements, we obtained 100% testing accuracy, 100% precision, 63% recall, and a 79% F-score with PCA-20 in time 0.313 in sec.however, were 100% accuracy, 100% precision, 31% recall, and 48% F-score, in time 0.532, when using a model without feature reduction techniques.Table (5) shows what was explained in the previous tables, and figure (6).

Comparative Findings from Relevant Studies
A thorough comparison of the architecture used with the UNSW-NB15 dataset can be seen in Table (7) figures (7,8,9, and 10) show the type of technique and performance evaluation to the same data.Fig (10).Relation between F-Score and Techniques

Conclusions
proposition a 1D-CNN-based proposed NIDCNN model for identifying both normal and abnormal network packets.In order to execute multi-class classification detection, we applied the most recent algorithms deep learning and 1D-CNN.The proposed model design is simple uses little processing power.We achieved a total accuracy of with this approach.Additionally, PCA is the method that Techniquse reduces dimensionality most commonly.In essence, it shrinks a big data set's high dimensions to lesser dimensions, which speeds up storing and processing of the data makes it easier to understand.It is a statistical method that retains the most information while removing extraneous noise and data.Hence, results with (DR) are substantially better than without it.The work can be expanded to include the crucial aspects of intrusion detection,using PCA techniques led to reducing in the size of data and a limited number of dimensions so take time lesser than without using PCA made data improved increasing accuracy and effective operation algorithms and the classification model becomes simpler all these results more idea to using other reduce dimensions method to reach the best level to take the better features.,Simulation results have shown that using PCA gives better results.

7-The Future Scope
1-With the help of the proposed NIDCNN model, network intrusion can be detected in real-time, giving rise to the possibility to stop any potential intrusion problems and guaranteeing the security of user data.
2-is compatible with a variety of IDS types, including host-based and application-based IDS.
3-Try using Linear Discriminant Analysis (LDA) or other feature reduction methods while processing the dataset.
4-utilizing an intrusion data-containing dataset that is distinct from the ones used in this study., as KDD99 benchmark data collection.that the UNSW-NB15 data set is more complicated than the KDD99 data set.

•
Calculate covariance matrix's eigenvalues and eigenvectors and • Using eigenvalues to reduce the dimension data • Return (Reduced Features) • finish Fifth Stage: Create a 27-layer NIDCNN classification model.The proposed categorization model was demonstrated in diagram (1) and algorithm (4).