Intrusion Detection on Switchports with LSTM as a Regression Problem

Year 2025, Volume: 37 Issue: 3, 272 - 280, 24.09.2025

İlhan Fırat Kılınçer

https://doi.org/10.7240/jeps.1664346

Abstract

With the rapid development of information technologies and smart devices, the protection of digital data has become an important issue. Intrusion detection systems (IDS) have become one of the indispensable security measures of today for the protection of digital data and for institutions and organizations to ensure service continuity. In this study, a method is presented to prevent attacks that may occur on the ports of switches used in online local networks. The Switchport Anomaly based Intrusion Detection System (SPA-IDS) dataset used in the proposed method is considered as a regression problem and the intrusion detection performance of the dataset is measured with the Long Short-Term Memory (LSTM). The performance values of the dataset used in the study were tested at different time step values and the highest estimated values were reached when the time step value was 10. Root-Mean-Square Error (RMSE) and R^2 score values were calculated as performance metrics in the study and the values of 0.0551 and 0.9953 were reached, respectively. Each data in the dataset used in the study was taken at one-second intervals. Therefore, the time step value of 10 indicates the data taken in 10 seconds. Attack detection is done quickly and with a high success rate based on data received every 10 seconds, which is an extremely positive outcome.

Keywords

IDS , LSTM , Regression , Switchport

Supporting Institution

Tübitak

Project Number

123E706

Thanks

This study was supported by TUBITAK project number 123E706.

Intrusion Detection on Switchports with LSTM as a Regression Problem

Abstract

Bilgi teknolojileri ve akıllı cihazların hızlı gelişimi ile birlikte dijital verilerin korunması önemli bir konu haline gelmiştir. Saldırı tespit sistemleri (IDS), dijital verilerin korunması, kurum ve kuruluşların servis sürekliliğini sağlayabilmeleri için günümüzün vazgeçilmez güvenlik önlemlerinden biri haline gelmiştir. Bu çalışmada çevrimiçi lokal ağlarda kullanılan switch’ lerin portlarında meydana gelebilecek saldırıların engellenmesine yönelik bir yöntem sunulmuştur. Önerilen yöntemde kullanılan SPA_IDS veri seti bir regresyon problem olarak ele alınmış ve Long Short-Term Memory (LSTM) derin öğrenme yöntemi ile veri setinin saldırı tespit performansı ölçülmüştür. Çalışmada kullanılan veri setinin farklı time step değerlerindeki performans değerleri test edilmiş ve time step değerinin 10 olduğu durumda en yüksek tahmin değerlerine ulaşılmıştır. Çalışmada performans metrikleri olarak Root-Mean-Square Error (RMSE) ve R^2 skor değerleri hesaplanmış ve sırasıyla 0,0551 ve 0.9953 değerlerine ulaşılmıştır. Çalışmada kullanılan veri setindeki her bir veri bir saniye aralıklar ile alınmıştır. Dolayısıyla time step 10 değeri, 10 saniyede alınan verileri göstermektedir. Her 10 saniyede bir alınan verilere göre hızlı ve yüksek başarım oranıyla saldırı tespitinin yapılıyor son derece pozitif bir çıktıdır.

Keywords

STS , LSTM , Regresyon , Switchport

Project Number

123E706

References

• Reddy, P., & Shariff, N. (2022). An anomaly-based intrusion detection system using recursive feature elimination technique for improved attack detection. Theoretical Computer Science, 1, 1–9. https://doi.org/10.1016/j.tcs.2022.07.030.
• Zhong, M., Lin, M., Zhang, C., & Xu, Z. (2024). A survey on graph neural networks for intrusion detection systems: Methods, trends and challenges. Computers & Security, 141, 103821. https://doi.org/10.1016/j.cose.2024.103821.
• Noorbehbahani, F., Fanian, A., Mousavi, R., & Hasannejad, H. (2017). An incremental intrusion detection system using a new semi-supervised stream classification method. International Journal of Communication Systems. https://doi.org/10.1002/dac.3002.
• Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems.
• Mahdavi, E., Fanian, A., Mirzaei, A., & Taghiyarrenani, Z. (2022). Knowledge-Based Systems ITL-IDS: Incremental Transfer Learning for Intrusion Detection Systems. Knowledge-Based Systems, 253, 109542. https://doi.org/10.1016/j.knosys.2022.109542.
• Muneer, S., Farooq, U., Athar, A., Raza, M.A., Ghazal, T.M., & Sakib, S. (2024). A Critical Review of Artificial Intelligence Based Approaches in Intrusion Detection: A Comprehensive Analysis. Journal of Engineering (United Kingdom), 2024. https://doi.org/10.1155/2024/3909173.
• Catania, C.A., & Garino, C.G. (2012). Automatic network intrusion detection: Current techniques and open issues. Computers and Electrical Engineering. https://doi.org/10.1016/j.compeleceng.2012.05.013.
• Qiu, W., Ma, Y., Chen, X., Yu, H., & Chen, L. (2022). Hybrid intrusion detection system based on Dempster-Shafer evidence theory. Computers & Security, 117, 102709. https://doi.org/10.1016/j.cose.2022.102709.
• Ozkan-Okay, M., Samet, R., Aslan, O., & Gupta, D. (2021). A Comprehensive Systematic Literature Review on Intrusion Detection Systems. IEEE Access. https://doi.org/10.1109/ACCESS.2021.3129336.
• Dwivedi, S., Vardhan, M., Tripathi, S., & Shukla, A.K. (2020). Implementation of adaptive scheme in evolutionary technique for anomaly-based intrusion detection. Evolutionary Intelligence, 13, 103–117. https://doi.org/10.1007/s12065-019-00293-8.
• Qureshi, A.U.H., Larijani, H., Ahmad, J., & Mtetwa, N. (2019). A Novel Random Neural Network Based Approach for Intrusion Detection Systems. In: 2018 10th Computer Science and Electronic Engineering Conference (CEEC) - Proceedings. https://doi.org/10.1109/CEEC.2018.8674228.
• Devan, P., & Khare, N. (2020). An efficient XGBoost–DNN-based classification model for network intrusion detection system. Neural Computing and Applications. https://doi.org/10.1007/s00521-020-04708-x.
• Ragab, M., & Farouk, S. Sabir. (2022). Outlier detection with optimal hybrid deep learning enabled intrusion detection system for ubiquitous and smart environment. Sustainable Energy Technologies and Assessments, 52, 102311. https://doi.org/10.1016/j.seta.2022.102311.
• Yao, R., Wang, N., Liu, Z., Chen, P., Ma, D., & Sheng, X. (2021). Intrusion detection system in the Smart Distribution Network: A feature engineering based AE-LightGBM approach. Energy Reports. https://doi.org/10.1016/j.egyr.2021.10.024.
• B M, P., M, N.G., & Hema, M.S. (2022). Towards an effective deep learning-based intrusion detection system in the internet of things. Telematics and Informatics Reports, 7, 100009. https://doi.org/10.1016/j.teler.2022.100009.
• Abdallah, E.E., Eleisah, W., & Otoom, A.F. (2022). Intrusion Detection Systems using Supervised Machine Learning Techniques: A survey. Procedia Computer Science, 201, 205–212. https://doi.org/10.1016/j.procs.2022.03.029.
• Alazab, M., Abu Khurma, R., Awajana, A., & Camacho, D. (2022). A New Intrusion Detection System Based on Moth-Flame Optimizer Algorithm. SSRN Electronic Journal, 210. https://doi.org/10.2139/ssrn.4087656.
• Balla, A., Habaebi, M.H., Islam, R., & Mubarak, S. (2022). Applications of deep learning algorithms for Supervisory Control and Data Acquisition intrusion detection system. Clean Engineering and Technology, 9, 100532. https://doi.org/10.1016/j.clet.2022.100532.
• Aydın, H., Orman, Z., & Aydın, M.A. (2022). A long short-term memory (LSTM)-based distributed denial of service (DDoS) detection and defense system design in public cloud network environment. Computers & Security, 118. https://doi.org/10.1016/j.cose.2022.102725.
• Gupta, N., Jindal, V., & Bedi, P. (2021). LIO-IDS: Handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system. Computer Networks, 192. https://doi.org/10.1016/j.comnet.2021.108076.
• Firat, I., Tuncer, T., Ertam, F., & Sengur, A. (2023). Microprocessors and Microsystems SPA-IDS: An intelligent intrusion detection system based on vertical mode decomposition and iterative feature selection in computer networks. Microprocessors and Microsystems, 96, 104752. https://doi.org/10.1016/j.micpro.2022.104752.
• Yasasin, E., Prester, J., Wagner, G., & Schryen, G. (2020). Forecasting IT security vulnerabilities – An empirical analysis. Computers & Security. https://doi.org/10.1016/j.cose.2019.101610.
• Li, X.K., Chen, W., Zhang, Q., & Wu, L. (2020). Building Auto-Encoder Intrusion Detection System based on random forest feature selection. Computers & Security, 95. https://doi.org/10.1016/j.cose.2020.101851.
• r2_score. (n.d.).https://scikit-learn.org/stable/modules/generated/sklearn.metrics.r2_score.html.
• Coefficient of Determination-R2 score. (n.d.). https://www.geeksforgeeks.org/python-coefficient-of-determination-r2-score/.