Data Balancing and CNN based Network Intrusion Detection System

Cyber-security experts often require the help of an automated process that filters and classifies network attacks. To apply specific preventive measures for securing networks, the classification of the attack type is the key. Many Machine Learning (ML) models have been proposed as a base for Network Intrusion Detection (NID) systems. However, their performance varies based on multiple factors. For instance, an ML model fitted on a highly imbalanced dataset can be biased toward over-represented attack types. On the other hand, paying attention only to the ML model's performance in the minority classes can negatively affect its performance in the majority classes. This paper proposes an NID system that addresses the issue of imbalanced datasets and uses Convolutional Neural Networks (CNN) to classify the different attack types. We compare the performance of our proposed system to other systems that use: Random Over-Sampling (ROS), Synthetic Minority Oversampling TEchnique (SMOTE), Adaptive Synthetic Sampling (ADASYN), and Generative Adversarial Networks (GAN). Using the NSL-KDD and the BoT-IoT datasets for benchmarking, we show that our proposed system performs well in the minority classes: recall scores of 70.50% and 72.08% on the User to Root (U2R) and Remote to Local (R2L) attack classes of the NSL-KDD dataset, respectively, while maintaining an overall False Alarm Rate (FAR) of 6.50% and a recall of 90.46% on the binary classification task. Our proposed system scores a weighted average F1-Score of 99.45% on the multi-class classification task using the BoT-IoT dataset.