{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:17:13Z","timestamp":1771330633927,"version":"3.50.1"},"reference-count":45,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,7]]},"abstract":"<jats:p>Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol \/ internet protocol (TCP\/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets.<\/jats:p>","DOI":"10.4018\/ijdcf.2019070104","type":"journal-article","created":{"date-parts":[[2019,4,23]],"date-time":"2019-04-23T12:56:26Z","timestamp":1556024186000},"page":"65-89","source":"Crossref","is-referenced-by-count":50,"title":["A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs)"],"prefix":"10.4018","volume":"11","author":[{"family":"Vinayakumar R","sequence":"first","affiliation":[{"name":"Center for Computational Engineering and Networking (CEN), Amrita School of Engineering, Coimbatore, Amrita Vishwa Vidyapeetham, India"}]},{"family":"Soman KP","sequence":"additional","affiliation":[{"name":"Center for Computational Engineering and Networking (CEN), Amrita School of Engineering, Coimbatore, Amrita Vishwa Vidyapeetham, India"}]},{"given":"Prabaharan","family":"Poornachandran","sequence":"additional","affiliation":[{"name":"Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa Vidyapeetham, India"}]}],"member":"2432","reference":[{"key":"IJDCF.2019070104-0","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2007.234"},{"key":"IJDCF.2019070104-1","unstructured":"Anderson, J. P. (1980). Computer security threat monitoring and surveillance (Technical report). James P. Anderson Company, Fort Washington, PA."},{"key":"IJDCF.2019070104-2","first-page":"29","article-title":"Neural networks vs. decision trees for intrusion detection.","volume":"Vol. 28","author":"Y.Bouzida","year":"2006","journal-title":"IEEE\/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM)"},{"key":"IJDCF.2019070104-3","unstructured":"Brugger, S. T., & Chow, J. (2007). An assessment of the DARPA IDS Evaluation Dataset using Snort. UCDAVIS department of Computer Science, 22."},{"key":"IJDCF.2019070104-4","doi-asserted-by":"publisher","DOI":"10.1109\/ITCC.2004.1286428"},{"key":"IJDCF.2019070104-5","doi-asserted-by":"crossref","unstructured":"Cho, K., Van Merri\u00ebnboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., & Bengio, Y. (2014). Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv:1406.1078","DOI":"10.3115\/v1\/D14-1179"},{"key":"IJDCF.2019070104-6","doi-asserted-by":"publisher","DOI":"10.1109\/ICECE.2008.4769258"},{"key":"IJDCF.2019070104-7","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.1992.226942"},{"key":"IJDCF.2019070104-8","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"IJDCF.2019070104-9","doi-asserted-by":"publisher","DOI":"10.1207\/s15516709cog1402_1"},{"issue":"Aug","key":"IJDCF.2019070104-10","first-page":"115","article-title":"Learning precise timing with LSTM recurrent networks.","volume":"3","author":"F. A.Gers","year":"2002","journal-title":"Journal of Machine Learning Research"},{"key":"IJDCF.2019070104-11","doi-asserted-by":"publisher","DOI":"10.1109\/IDAACS.2007.4488487"},{"key":"IJDCF.2019070104-12","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"IJDCF.2019070104-13","unstructured":"Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., & Atkinson, R. (2017). Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey. arXiv:1701.02145"},{"key":"IJDCF.2019070104-14","article-title":"Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets.","author":"H. G.Kayacik","year":"2005","journal-title":"Proceedings of the third annual conference on privacy, security and trust"},{"key":"IJDCF.2019070104-15","unstructured":"Kim, J., & Kim, H. (2017, February). An Effective Intrusion Detection Classifier Using Long Short-Term Memory with Gradient Descent Optimization. In 2017 International Conference on Platform Technology and Service (PlatCon) (pp. 1-6). IEEE."},{"key":"IJDCF.2019070104-16","first-page":"1863","article-title":"A clockwork rnn.","author":"J.Koutnik","year":"2014","journal-title":"International Conference on Machine Learning"},{"key":"IJDCF.2019070104-17","doi-asserted-by":"crossref","unstructured":"Lallement, P. (2013). The cybercrime process: an overview of scientific challenges and methods. Editorial Preface, 4(12).","DOI":"10.14569\/IJACSA.2013.041211"},{"key":"IJDCF.2019070104-18","unstructured":"Le, Q. V., Jaitly, N., & Hinton, G. E. (2015). A simple way to initialize recurrent networks of rectified linear units. arXiv:1504.00941"},{"key":"IJDCF.2019070104-19","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"key":"IJDCF.2019070104-20","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Haines, J., Fried, D., Korba, J., & Das, K. (2000). Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In Recent Advances in Intrusion Detection (pp. 162-182). Springer Berlin\/Heidelberg.","DOI":"10.1007\/3-540-39945-3_11"},{"key":"IJDCF.2019070104-21","first-page":"12","article-title":"Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DARPA Information Survivability Conference and Exposition. DISCEX\u201900.","volume":"2","author":"R. P.Lippmann","year":"2000","journal-title":"Proceedings"},{"issue":"Nov","key":"IJDCF.2019070104-22","first-page":"2579","article-title":"Visualizing data using t-SNE.","volume":"9","author":"L. V. D.Maaten","year":"2008","journal-title":"Journal of Machine Learning Research"},{"key":"IJDCF.2019070104-23","doi-asserted-by":"crossref","unstructured":"Mahoney, M., & Chan, P. (2003). An analysis of the 1999 DARPA\/Lincoln Laboratory evaluation data for network anomaly detection. In Recent advances in intrusion detection (pp. 220-237). Springer.","DOI":"10.1007\/978-3-540-45248-5_13"},{"key":"IJDCF.2019070104-24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45248-5_13"},{"key":"IJDCF.2019070104-25","unstructured":"Martens, J. (2010, June). Deep learning via Hessian-free optimization. In ICML (Vol. 27, pp. 735-742)."},{"key":"IJDCF.2019070104-26","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"IJDCF.2019070104-27","doi-asserted-by":"crossref","unstructured":"Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25(1-3), 18-31.","DOI":"10.1080\/19393555.2015.1125974"},{"key":"IJDCF.2019070104-28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-44999-7_23"},{"key":"IJDCF.2019070104-29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24677-0_65"},{"key":"IJDCF.2019070104-30","first-page":"807","article-title":"Rectified linear units improve restricted boltzmann machines.","author":"V.Nair","year":"2010","journal-title":"Proceedings of the 27th international conference on machine learning (ICML-10)"},{"key":"IJDCF.2019070104-31","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2003.1174909"},{"key":"IJDCF.2019070104-32","first-page":"1310","article-title":"On the difficulty of training recurrent neural networks.","author":"R.Pascanu","year":"2013","journal-title":"International Conference on Machine Learning"},{"key":"IJDCF.2019070104-33","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2005.06.003"},{"key":"IJDCF.2019070104-34","first-page":"209","author":"M.Sabhnani","year":"2003","journal-title":"Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In"},{"key":"IJDCF.2019070104-35","unstructured":"Simonyan, K., Vedaldi, A., & Zisserman, A. (2013). Deep inside convolutional networks: Visualising image classification models and saliency maps. arXiv:1312.6034"},{"key":"IJDCF.2019070104-36","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1999.816048"},{"key":"IJDCF.2019070104-37","doi-asserted-by":"crossref","unstructured":"Staudemeyer, R. C., & Omlin, C. W. (2014). Extracting salient features for network intrusion detection using machine learning methods. South African computer journal, 52(1), 82-96.","DOI":"10.18489\/sacj.v52i0.200"},{"key":"IJDCF.2019070104-38","doi-asserted-by":"publisher","DOI":"10.1109\/SAINT.2003.1183050"},{"key":"IJDCF.2019070104-39","author":"I.Sutskever","year":"2013","journal-title":"Training recurrent neural networks"},{"key":"IJDCF.2019070104-40","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"IJDCF.2019070104-41","unstructured":"Vaidya, T. (2015). 2001-2013: Survey and Analysis of Major Cyberattacks. arXiv:1507.06673"},{"key":"IJDCF.2019070104-42","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1990.2.4.490"},{"key":"IJDCF.2019070104-43","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1989.1.2.270"},{"key":"IJDCF.2019070104-44","doi-asserted-by":"crossref","unstructured":"Yeung, D. Y., & Chow, C. (2002). Parzen-window network intrusion detectors. In Proceedings. 16th International Conference on Pattern Recognition (Vol. 4, pp. 385-388). IEEE.","DOI":"10.1109\/ICPR.2002.1047476"}],"container-title":["International Journal of Digital Crime and Forensics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=227640","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,5]],"date-time":"2022-05-05T21:56:15Z","timestamp":1651787775000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJDCF.2019070104"}},"subtitle":["Deep Learning for N-IDSs"],"short-title":[],"issued":{"date-parts":[[2019,7]]},"references-count":45,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijdcf.2019070104","relation":{},"ISSN":["1941-6210","1941-6229"],"issn-type":[{"value":"1941-6210","type":"print"},{"value":"1941-6229","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7]]}}}