An efficient network behavior anomaly detection using a hybrid DBN-LSTM network

Keywords Network behavior anomaly detection; Deep belief network; Feature extraction; Detection efficiency; Long short-term memory Abstract The Internet environment is exposed to diverse and increasingly numerous intrusion attacks due to its continuously expanding scale, threatening the information and assets of individuals and companies. The application of machine learning and deep learning methods has significantly improved the performance of network behavior anomaly detection (NBAD). However, existing NBAD methods based on machine learning classify network behaviors with hand-selected feature vectors, which are not flexible enough to adapt to various cyber environments and new categories of attacks, resulting in low accuracy. Moreover, high-dimensional and large-scale data have significantly increased the training, retraining, and detection time, resulting in low scalability. To solve these problems, an efficient NBAD algorithm based on deep belief networks (DBN) and long short-term memory (LSTM) networks is proposed. First, a nonlinear feature extraction method using a DBN is applied to extract features automatically and reduce the dimension of the original data while guaranteeing accuracy. Then, a light-structure LSTM network is used to obtain the classification results. The results of multiple experiments show that the proposed approach performs well in feature learning and has high accuracy while obtaining results in a timely manner and easily updating the model. Author Affiliation: School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China * Corresponding author. Article History: Received 24 February 2021; Revised 23 November 2021; Accepted 28 December 2021 Byline: Aiguo Chen [agchen@uestc.edu.cn], Yang Fu [201921080322@std.uestc.edu.cn] (*), Xu Zheng [xzheng@uestc.edu.cn], Guoming Lu [lugm@uestc.edu.cn]