Analysis of anomalous behaviour in network systems using deep reinforcement learning with convolutional neural network architecture

• Published in: CAAI Transactions on Intelligence Technology Vol. 9; no. 6; pp. 1467 - 1484
• Main Authors: Modirrousta, Mohammad Hossein, Forghani Arani, Parisa, Kazemi, Reza, Aliyari‐Shoorehdeli, Mahdi
• Format: Journal Article
• Language: English
• Published: Beijing John Wiley & Sons, Inc 01.12.2024; Wiley
• Subjects: Accuracy; Algorithms; Artificial intelligence; Artificial neural networks; Behavior; Classification; Datasets; Decision making; Decision trees; Deep learning; deep reinforcement learning; Feature selection; Internet of Things; intrusion detection; Intrusion detection systems; Machine learning; Methods; Neural networks; Q‐Learning; Regression analysis; transferability
• ISSN: 2468-2322; 2468-6557; 2468-2322
• DOI: 10.1049/cit2.12359

To gain access to networks, various intrusion attack types have been developed and enhanced. The increasing importance of computer networks in daily life is a result of our growing dependence on them. Given this, it is glaringly obvious that algorithmic tools with strong detection performance and dependability are required for a variety of attack types. The objective is to develop a system for intrusion detection based on deep reinforcement learning. On the basis of the Markov decision procedure, the developed system can construct patterns appropriate for classification purposes based on extensive amounts of informative records. Deep Q‐Learning (DQL), Soft DQL, Double DQL, and Soft double DQL are examined from two perspectives. An evaluation of the authors’ methods using UNSW‐NB15 data demonstrates their superiority regarding accuracy, precision, recall, and F1 score. The validity of the model trained on the UNSW‐NB15 dataset was also checked using the BoT‐IoT and ToN‐IoT datasets, yielding competitive results.