Resumen
In computer networks, Network Intrusion Detection System (NIDS) plays a very important role in identifying intrusion behaviors. NIDS can identify abnormal behaviors by analyzing network traffic. However, the performance of classifier is not very good in identifying abnormal traffic for minority classes. In order to improve the detection rate on class imbalanced dataset, we propose a network intrusion detection model based on two-layer CNN and Cluster-SMOTE + K-means algorithm (CSK-CNN) to process imbalanced dataset. CSK combines the cluster based Synthetic Minority Over Sampling Technique (Cluster-SMOTE) and K-means based under sampling algorithm. Through the two-layer network, abnormal traffic can not only be identified, but also be classified into specific attack types. This paper has been verified on UNSW-NB15 dataset and CICIDS2017 dataset, and the performance of the proposed model has been evaluated using such indicators as accuracy, recall, precision, F1-score, ROC curve, AUC value, training time and testing time. The experiment shows that the proposed CSK-CNN in this paper is obviously superior to other comparison algorithms in terms of network intrusion detection performance, and is suitable for deployment in the real network environment.