A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection

Today, as attacks against computer networks are evolving rapidly, Network Intrusion Detection System (NIDS) has become a valuable tool for the defense-in-depth of computer networks. It is widely deployed in network architectures in order to monitor, to detect and eventually respond to any anomalous behavior and misuse which can threaten confidentiality, integrity and availability of network resources and services. In this paper, we have proposed an optimal approach to build an effective anomaly NIDS based on Back Propagation Neural Network (BPNN) using Back Propagation Learning Algorithm, and employed a novel architecture for that network. Our approach consists firstly of generation of all possible combinations of most relevant values of the parameters included in construction of such classifier, or influencing its performance in anomaly detection, like feature selection, data normalization, architecture of neural network and activation function. Secondly, we have built 48 IDSs corresponding to those combinations. Finally, after considering all performance measurements like detection rate, false positive rate, F-score, AUC (ability to avoid false classification) etc., we have selected the two best IDSs. Experimental results on KDD CUP '99 dataset indicate that our two best IDSs use the novel architecture, and that compared to several traditional and new techniques, our proposed approach achieves higher detection rate and lower false positive rate. (C) 2018 Elsevier Ltd. All rights reserved.