– neural networks, including recurrent [ 13 ], [ 14 ], [ 15 ], convolutional [ 16 ], [ 17 ], [ 18 ] and others [ 19 ], [ 20 ], [ 21 ], [ 22 ].

Most of these works use a KDD99 intrusion dataset that is quite old and has no modern examples of intrusions. However, today exists large set of publically available labeled datasets with intrusions examples. We use UNSW-NB15 dataset.

Intrusion detection systems and datasets, which they use to training, can be classified in two big classes: network-based and host-based. Host based systems make a decisions using information from defended host machines, like CPU usage, processes launched, errors occurrence etc. Network-based systems make a decisions using information about network traffics between defended hosts and\or outside networks. There are exist examples of both type of systems and combinations of them. Datasets, also can be of these two types, here we deal only with network-based ones, but always remember that for practice better to combine various approaches and use hybrid IDS systems and corresponding datasets. Below short description of existing publically available datasets is presented.

One of the first and still most popular intrusion dataset was a KDD99Cup [ 23 ], available since 1998-99 and based on DARPA Intrusion Dataset. It is open, free for researchers, dataset made in Information and Computer Science University of California. It consists from about 5 million records about network transaction. Each record includes 41 parameters of network traffic (for example destination IP\port, source IP\port etc.) of three type: categorical, logical (flags) and numeric. Dataset includes information about 22 types of intrusion in four main classes: Denial of Service (DoS, 3883370 records), Remote to User (R2L, 1126 records), User to Root (U2R, 52 records), Probe (41102 records) and one class of Normal packets (972780 records). As we can see, number of records of different classes is quite different. Although dataset was criticized [ 24 ], it is yet the most popular dataset. Main disadvantages are: - large number of duplicated, redundant records (about 80%!), - lack of records of some intrusion classes (U2R, R2L), - moral obsolescence – dataset was collected in 1998-99 and does not contain information about modern attacks.

In 2009, ten years after, KDD99Cup was modified in NSL-KDD [ 24 ], redundant records was dropped, some work for refining was made and dataset reduced 4 times, see Table 1. Many authors try to modify this dataset, for example PU-IDS [ 25 ] in which statistics of data was used to generate new, unreal but similar, records (about 200 000 new records), and generic framework to generate new similar records was presented.

In 2012, the UNB ISCX 2012 Intrusion Detection Evaluation Data Set [ 26 ] was created and announced at the Canadian Institute for Cybersecurity (CIC). This dataset, as well as KDD99, contains information about network connections, but also offers records of all traffic. Traffic was received within 7 days from a test computer network (6 local subnets, NAT server, main and secondary server, traffic monitoring tools), under various attack scenarios. Includes 2450324 connections (about 90GB of traffic), of which 68792 are attacks. CIC continue works on this dataset and, in 2017, the UNB ISCX 2017 (known also as CICIDS2017) dataset was announced. Dataset containing the latest attack scenarios. A tool for traffic analysis was also presented [ 27 ]. This dataset was used in [ 28 ] for training of different types of neural network classifiers. It is shown that recurrent neural networks like LSTM or GRU achieve a good results (accuracy >97%).

In 2015, the UNSW-NB15 dataset [ 29 ] was created at the Australian Center for Cyber Security. Dataset contains both records about network connections, and the traffic itself (about 100GB) from the test computer network (3 servers). Dataset contains 9 types of attacks: Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, Worms. Each records contains 47 fields - information about network connections and 2 fields - information about the type of intrusion (or normal packets). The total number of records is about 2 million. Information about network connections is divided into 4 text files (csv format). Files for training and testing of classifiers, containing respectively 175341 and 82332 records, are separately presented. We will use this dataset in our work. Records amount and description of used intrusions are shown in Table 2 [ 29 ].

It is important to note, than mostly intrusion features, measured in the UNSW-NB15 dataset are comparable with ones in the NSL-KDD dataset, so combinations of these datasets can be used for increasing of amount of available data.

Comprehensive comparison of another existing dataset can be found in [ 30 ].

Also it can be mention about ADFA dataset from Australian Defense Force Agency which works in different principle, it consist not from records about network traffic, but from information about running processes on host machine, so can be used in host-based intrusion detection systems, which is beyond of our work now. 3 Short review of UNSW-NB15 dataset applications in machine learning approaches to intrusion detection and classification Recent time UNSW-NB15 dataset is used to create machine learning classifiers by some authors. Some results are described below1. Hereafter we use the definition and abbreviation according to [ 31 ], “false alarm rate” is synonymous to “false positive rate”.

Firstly, in 2015, creators of UNSW-NB15 dataset propose and compare significant feature selection approach to UNSWNB15 and KDD99 datasets and build classifiers based on Naive Bayes and EM-clustering approaches [ 32 ]. They show that such simple approaches works with accuracy about 30-40% but some classes are not recognized at all. In [ 33 ] (2017) other authors combine Random forest classification method and feature selection approach, and reach better results both for KDD99 and UNSW-NB15 dataset. In same 2017, another author [ 34 ] combine Random Forest method with “Logitboost” [ 35 ] boosting algorithm and show better results on both datasets compared to clear Random forest methods [ 36 ] and some previous approaches, see Table 3 (for Random Forest application in intrusion detection see also [ 37 ]). Boosting is quite attractive approach to create classifiers, as example in [ 38 ] authors compare a set of boosting methods (Bagged Tree, AdaBoost, GentleBoost, LogitBoost and RUSBoost algorithms) on UNSW-NB15 dataset and show that Bagged Tree and GentleBoost classifiers show superior performance (see [ 38 ] for details). Another comparison of boosting presented in [ 39 ] and ensembling methods in [ 40 ].

1 This review based on IEEEXPLORE publications search engine on the July 2019.

https://ieeexplore.ieee.org/search/searchresult.jsp?queryText=unsw%20nb15&highlight=true&returnFacets=ALL&returnType=SEARCH&sortType=n ewest

In 2016 researches apply genetic search to select appropriate features to each class and use Support Vector Machine to classify intrusions with such features [ 41 ]. They achieve high accuracy, more than 90% for all classes except of “Exploits” (~80%), and false positive rates less then 0.1%.

In 2018 quite interesting approach was introduced in [ 42 ]. Authors use multiscale wavelet transform and perceptron-like neural network with Hebbian learning for anomaly detection in records with HTTP protocol. They achieve Mean Accuracy 93.56% (wherein Mean TPR is 73.55%, Mean FPR is 4.46%, Mean TNR is 95.53%, Mean FNR: is 26.44%).

Creators of UNSW-NB15 continues their work and propose a Collaborative Anomaly Detection Framework, which is based on modification of Gaussian Mixture Model [ 43 ]. This system installed on each node of cloud network and each node in training phase create a statistical model of normal data by approximation of probability distribution function using Gaussian Mixture Model. Then, in testing phase, such model can be used to detect an anomaly, which is interpreted as intrusion. Such approach can be applied only to detection but not to classification of intrusion. Authors achieve results 96% in accuracy and detection rate and 4-9% in false positive rate. Similar approaches but with Hidden Markov Models also was applied in [ 44 ], with Beta Mixture Model in [ 45 ], with Dirichlet Mixture Mechanism in [ 46 ].

Some comparison of machine learning approaches for intrusion classification over UNSW-NB15 dataset are made in [ 47 ]. Authors compare Support Vector Machine, Multilayer Perceptron, Restricted Boltzmann Machine, Sparse Autoencoder and deep learning architecture with embedding (like word2vec approach). They show that deep learning approach is better in average than others, but, unfortunately, does not provide information about performance on each classes for UNSW-NB15 dataset. Autoencoders is also interesting approach to intrusion detection, in [ 48 ] authors present a two stage approach with autoencoders then second stage uses a results (score – output of classification unit) from first stage. Such approach shows follow results: 89.134% in accuracy and a 0.7495% in FAR for the UNSW-NB15 dataset. Combination of deep autoencoder, Support Vector Machine and Artificial Bee Colony searching method was used in [ 49 ] and show detection accuracy about 90% and FAR about 5%.

In [ 50 ] authors provide using a Long-Short-Term-Memory (LSTM) neural network, which is a type of Recurrent Neural Network, for intrusion detection over UNSW-NB15 dataset. They achieve quite high results (Precision=98.02%; Accuracy=99.41%; TPR=97.97%; TNR=99.53%, FNR=2.03%, and FPR=0.47%) in detection and show that such approach works better than, for example, Support Vector Machine. Bidirectional LSTM was used in [ 51 ] and show average 85% in precision and 88% in recall metrics. It is also shown that some classes are not recognized at all, due to imbalance amount of data.

In [ 52 ] deep learning architecture (16 layers, including fully connected with ReLU activation, dropout, and batch normalization layers) was created and tested on various intrusion datasets, including UNSW-NB15. Results not so high as in previous researches, but this architecture in used for large set of different datasets, and clearly show a problem of imbalanced classes.

Authors of [ 53 ] provide a set of techniques (Bootstrap Aggregation, Synthetic Minority Over-sampling, Under-sampling, and Class Balancer) to deal with imbalanced classes in intrusion detection system. They show minor advantages in term of area under ROC-curve to whole dataset, but, unfortunately, did not provide any information for classes.

Latest article [ 54 ] use a multiple-layer approach consisting of a coarse layer and a fine layer, in which the coarse layer with the deep convolutional neural network model focuses on identification of N abnormal classes and a normal class. While in the fine layer, an improved model based on gcForest (caXGBoost) further classifies the abnormal classes into N-1 subclasses. The proposed framework has been compared with the existing deep learning models using dataset NBC, a combination of UNSW-NB15 and CICIDS2017 including 101 classes. The experimental results show that method outperforms other single deep learning methods in terms of accuracy, detection rate and FAR and works well with imbalanced classes.

Convolutional neural network consists from some number of layers of the next basic types: convolutional layers, fully connected layers, activation layers. In addition, network can contain different layers, such as normalization layers, dropout layers etc.

Convolutional layer performs a convolution of input data and some kernel – set of parameters also known as weights. Such kernels may be adjustable during training or not. In the last case weights is not changing during training and example of such layer is pooling layer which is widely use in image processing to decrease number of adjustable parameters, but for our work number of parameter is not large, so we will not use a convolution with nonadjustable weights. Convolution can be applied to data of different dimension, for example, 2D convolution is more usable in image processing. In our work, we will use 1D convolution, because input data presented as a vector, 1D array. In this case, mathematically convolution can be described as follow. Let xi be the i-th element of the input vector, i = 1 ... N, where N is the number of input parameters, wk is the k-th element of the kernel (which is also represented as a vector), k = 1..K; w0 is separate coefficient which is called bias, then the output of a one-dimensional convolutional layer yj defined as (no stride, no padding):

yj=∑k (xi+k*wk)+w0 , j=1..N-K Schematically this is shown in Fig.1 (top).

Layer can contain some number of kernels, ordinary with the same number of parameters. In this case, output of layer is an union of outputs of each kernel.

Fully connected layer consists of neurons, each of them multiplies corresponding element of input by its own weight, summarizes results and adds bias. Inputs to all neurons in a layer is the same. Let xi be the i-th element of the input vector, i=1...N, where N is the number of input parameters, wi,j is the i-th weights of the j-th neuron, w0,j is the bias of the j-th neuron, then the output yj of the fully-connected layer is defined as:

yj=∑i (xi*wi,j)+w0,j Schematically this is shown in Fig.1 (bottom).

Comparing convolutional and fully connected layers we can understand that convolutional layer is some particular case of fully connected one with some weights equal to zero and some weights in different neurons are the same (shared between neurons). Example of such equivalence for small layer is shown in Fig.1. Convolutional layer uses less number of weights but still able to perform complex transformation from input to output. 0 w1 w2 w3 0 w0

Activation layer performs some nonlinear transformation from its inputs to outputs. Both, convolutional and fully connected layers perform, as we can see, a linear transformation of inputs. Because of this, if we use two of such layers sequentially, this equivalent to use only one layer (linear transformation of linear transformation is a linear transformation). Therefore, in practice, convolutional or fully connected layers alternates with activation layers. Activation layers apply some activation function to inputs. For example, so called ‘sigmoid’ calculates each output y as y=1/(1+e -x), x – input. Piecewise linear activation function ReLU calculates output as a maximum between 0 and input x. ‘Softmax’ activation function calculates output yj as yj=exp(xj)/[∑i exp(xi)] , xi - i-th input. There are exist large number of different activation functions. Overall, convolutional neural network consists of alternated convolutional and activation layers and has some number of fully connected layers at the end, also alternated with activation.

Structure of network, which we use in our work, is shown in Fig.2. It consist from 5 convolutional layers with ‘sigmoid’ activations and 3 fully connected layers, first and second with ‘sigmoid’ and last with ‘softmax’ activation. Number of inputs – 190 (see Section IV), number of outputs – 10 (number of classes, 9 intrusions and Normal).

To use chosen dataset we need preprocess data to be suitable to neural network. We made it in three stage: choosing of relevant features, coding of nonnumeric data and scaling of numeric data.

Firstly, we need to drop some irrelevant features. UNSW-NB15 has 47 features field, some of them relates only to that computer network which used for dataset collection. Namely, we drop following 7 fields from dataset: - ‘srcip’ (source IP address), - ‘dstip’ (destination IP address), - ‘sport’ (source port number), - ‘dsport’ (destination port number), - ‘stime’ (record start time), - ‘ltime’ (record last time), -‘res_bdy_len’ because this field does not change in dataset.

Among other fields, dataset contains 3 categorical (string) fields: - ‘proto’ (transaction protocol), has 129 different values (‘udp’, ‘tcp’, arp’ etc.); - ‘servis’, has 8 values (‘http’, ‘ftp’, ‘smtp’, ‘ssh’, ‘dns’, ‘ftp-data’, ‘ir and '-‘ if not used); - ‘state’, depend on transaction protocol and has 16 values (ACC, CLO, CON, ECO, ECR, FIN, INT, MAS, PAR, REQ, RST, TST, TXD, URH, URN and ‘-‘ if not applicable).

We code this categorical fields using one-hot encoding scheme then a sparse vector with ‘0’ and only one ‘1’ show the value of fields. Therefore, for categorical fields we have output vector of 153 (129+8+16) length. 15 of 37 numerical fields scaled by division to appropriate value to make range almost equal and remaining 22 fields unchanged.

For computational experiments we use next software products: - programming language: Python 3.5 with Anaconda 4.2.0; - Microsoft Visual Studio 2017, v15.5.2; - neural networks training: : keras 2.0.2 with tensorflow (GPU version) 1.1.0; - additional: pandas 0.20.1 for text file processing, numpy 1.13.1 for calculations, scikit-learn 0.18.1 for data encoding, matplotlib 2.0.2 for visulization. and hardware: - computer with IntellCore i7, 3.4GHz, 32 Gb - graphical processing unit Nvidia Quadro K600, 1Gb We use the following configuration of neural networks: - structure showed in Fig.2; - batch size: 256; - learning rate lr=0.001; - maximum allowed training epochs: 200; - other parameters are by default of keras library [ 55 ].

We train and compare neural network in two variants: with random batches (default) and with class-balanced batches. Test data differ from train data, experiments repeat several times, mean results are shown.

Fig. 4 and 5 shows results of experiment. Fig. 4 shows confusion matrix on train and test data. Confusion matrix show how much data recognized well (diagonal elements) and how many mistakes (non-diagonal elements). Fig.5 shows value of loss function and accuracy during training both on train and test data. Loss-function is a categorical cross-entropy [ 55 ].

Analyzing the results we can see that class-balanced approach to batch forming can improve recognition performance of classes with small number of examples. Without such balance it is possible that some classes will be absolutely ignored by neural network (‘worms’, ‘backdoors’ in our experiment). In addition, we can see that better accuracy (and loss) does not guaranteed that classification will be better (see Fig.4 and 5 that shows that accuracy is better for random batch forming but some classes does not recognized at all).

But it is need to understand that better recognition of classes with small number of examples achieved at the expense of worse recognition of classes with large number of examples (compare ‘Normal’ and ‘Exploits’ for both cases). Therefore, such approach allow to control, is some degree, recognition performance of different classes and can be used in systems with different importance of classes. Note also that usage of class-balanced approach is not a guarantee of good recognition and only a one means to increasing of such recognition (see for example on class ‘Analysis’ which is not recognized nor by random batch forming nor by class-balanced one).

In this work we show that for intrusion detection tasks it is a common situation then amount of examples of data of various classes is quite different. In this case training process of neural networks for intrusion recognition need to be modified to achieve better recognition of classes with small amount of examples. We describe an approach of class-balanced batch forming and show in experiment that it can improve recognition performance of classes with small number of examples by the expense of decreased recognition performance of classes with large number of examples.

Approach can be enlarged to control relative importance of classes by varying proportion of classes presented in batch.

Previously reported UNSW-NB15 dataset were used to support this study and it is available at 10.1080/19393555.2015.1125974, and can be downloaded from https://www.unsw.adfa.edu.au/unsw-canberracyber/cybersecurity/ADFA-NB15-Datasets/ .These prior studies (and datasets) are cited at relevant places within the text as references [ 29 ].

Support from the Basic Research Program of the National Research University Higher School of Economics is gratefully acknowledged.