International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 08 Issue: 04 | Apr 2021 www.irjet.net p-ISSN: 2395-0072 © 2021, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 5016 Network Intrusion Detection System Using Deep Learning Tejas Kadam 1 , Akansh Shetty 2 , Adarsh Kanekar 3 , K. S. Suresh Babu 4 1-3 Department of Information Technology, Pillai College of Engineering, New Panvel, Navi Mumbai, Maharashtra, India - 410 206 4 Assistant Professor, Department of Computer Engineering, Pillai College of Engineering, New Panvel, Navi Mumbai, Maharashtra, India - 410 206 ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Intrusion detection is a major research topic in the fight against external attacks on business and personal networks. A Network Intrusion Detection System (NIDS) software that keeps track of network and system activity. A network intrusion detection system (NIDS) is responsible for detecting malicious activity and unauthorized access to computers. The aim of designing NIDS is to protect the integrity and confidentiality of data. Internet security is a critical concern, so the goal of designing NIDS is to protect data integrity and confidentiality. The high volume, variety, and speed of data produced in the network has made conventional data analysis techniques for detecting attacks extremely difficult. This project will use a variety of machine learning algorithms, such as Artificial Neural Networks, Multi- class Logistic Regression and Logistic Regression to solve the problems. The algorithms will be correlated and contrasted. Key Words: NIDS, Machine Learning, Deep Learning, Artificial Neural Networks, Logistic Regression, Multi- class Logistic Regression, NSL-KDD Datasets. 1. INTRODUCTION Intrusion detection systems are typically integrated into other security systems or applications and are designed to safeguard information systems. Firewalls and anti-malware tools alone are insufficient to safeguard an entire network. They serve as a minor component of a larger security scheme. The use of a full-fledged IDS as part of your protection framework is critical, because it's designed to function through your entire network in a variety of ways. An IDS uses its intelligence with the help of trends acquired with the help of algorithms and thus decide when an attack is taking place. Knowing the reach of an attack is also important for deciding your response and obligations to stakeholders who rely on your systems' protection. A Network Intrusion Detection System (NIDS) is typically installed or positioned at strategic points in the network to protect traffic from attack. It's usually applied to whole subnets, and it tries to fit any traffic going through with a database of documented attacks. It observes network traffic passing through the points on the network where it is installed in a passive manner. They can be relatively simple to secure and make intruders difficult to detect. This means that an intruder cannot realize the potential attack that is being detected by the NIDS. Since network-based intrusion detection systems analyze a large amount of network traffic, their accuracy can be poor. This means they can miss an attack or fail to detect anything in encrypted traffic on occasion. They can need more manual intervention from an administrator in some cases to ensure they're configured correctly. 2. LITERATURE SURVEY 2.1 Clustering approach based on k means for Intrusion Detection System over Big data On large datasets, the traditional K-means algorithm is inefficient. Peng et al. [1] proposed an improved K-means detection method with mini batch to increase detection efficiency. They began by preprocessing data from the KDD99 dataset. The nominal features were converted to numerical forms, and the max-min approach was used to normalize each dimension of the features. The principal components analysis (PCA) algorithm was then used to reduce the dimensions. Finally, they used the K-means algorithm to cluster the samples, but they made two improvements to K-means. (1) To avoid being trapped in a local optimum, they altered the initialization process. (2) They used the mini-batch technique to cut down on the time it took to complete a task. The proposed method outperformed the standard K-means in terms of accuracy and performance. 2.2 Intrusion detection in enterprise systems by combining and clustering diverse monitor data In this paper, Bohara et al. [2] proposed an unsupervised learning detection system. They used the VAST 2011 Mini Challenge 2 dataset to perform experiments and extract features from the host and network logs. They chose features based on the Pearson correlation coefficient because each function has different influences. The logs were then clustered using the K-means and DBSCAN algorithms. Clusters were linked to irregular behaviors by testing the salient cluster characteristics. Finally, they manually examined the irregular clusters to assess the attack forms.