Deep learning for network intrusion: A hierarchical approach to reduce false alarms

Computer networks form much of the infrastructure supporting day-to-day life in this digital age. Computer networks, however, are prone to attack and therefore require intrusion detection systems. Intrusion detection systems provide a mechanism to detect network attacks at an early stage and generate alerts. These systems, however, are far from a panacea. Rather, they tend to overwhelm their operators with alerts, which in more than 90% of cases can be false positives. As such, the problem of false positives in intrusion detection systems is a costly issue. This paper presents research to design a hierarchical network intrusion detector, using deep learning, which protects against raising vast numbers of false positives through the design and implementation of a hierarchical NIDS. This paper presents a valuable advancement in performance by reducing the occurrence of false alarms by 87.52%. The research contained in this paper presents three contributions to knowledge. The first of these is the comparison between hierarchical systems and non-hierarchical systems to understand which would yield fewer false alarms. The second contribution is the formulation of a hierarchical approach, which was able to reduce false alarms by 87.52%. Lastly, the proposed hierarchical model was deployed in a live IoT environment, exposed to genuine threats, and the performance in this environment was analysed.