Study on Network Intrusion Detection Method Using Discrete Pre-Processing Method and Convolution Neural Network

The network intrusion detection system is a core technology of network security that detects packets for malicious activities occurring in the network and is an essential element for stable services in extended network environments such as big data and IoT. These network intrusion detection systems have been studied together with machine learning and deep learning, but performance is not guaranteed in the actual environment or the class balance problem has not been solved. Therefore, in this study, we investigate the performance of a discretization preprocessing method with a CNN-based classifier on the class imbalance problem of network traffic data. The preprocessing method adds a discretization algorithm for continuous variables in the commonly used conventional preprocessing method and converts 1D network packet vectors into 2D image vectors to improve relational analysis and generalization performance. Since the convolution neural network has immutability to the input data, it improves statistical efficiency in learning network packets converted into images. To evaluate the proposed model, we compared the computational complexity and generalization performance using NSL-KDD and CSE-CIC-IDS 2018, which is a representative network packet data. As a result of the experiment, it was confirmed that in the case of computational complexity, training time and parameters were reduced compared to the model designed similarly to the proposed model, and accuracy and F1 score improved in generalization performance.