Research Article

A deep learning‑based multi‑agent system for intrusion detection

Faten Louati1   · Farah Barika Ktata2

Received: 5 December 2019 / Accepted: 2 March 2020

© Springer Nature Switzerland AG 2020

Abstract
Intrusion detection systems play an important role in preventing attacks which have been increased rapidly due to the
dependence on network and Internet connectivity. Deep learning algorithms are promising techniques, which have
been used in many classification problems. In the same way, multi-agent systems become a new useful approach in
intrusion detection field. In this paper, we propose a deep learning-based multi-agent system for intrusion detection
which combines the desired features of multi-agent system approach with the precision of deep learning algorithms.
Therefore, we created a number of autonomous, intelligent and adaptive agents that implanted three algorithms, namely
autoencoder, multilayer perceptron and k-nearest neighbors. Autoencoder is used as features reduction tool, and mul-
tilayer perceptron and k-nearest neighbors are used as classifiers. The performance of our model is compared against
traditional machine learning approaches and other multi-agent system-based systems. The experiments have shown
that our hybrid distributed intrusion detection system achieves the detection with better accuracy rate and it reduces
considerably the time of detection.

Keywords  Intrusion detection system · Deep learning · Multi-agent system · KDD 99 · Multilayer perceptron ·
Autoencoder · K-nearest neighbors

1 Introduction (ANN), support vector machine (SVM) and naive Bayes. On

the other hand, multi-agent system (MAS) is an another
Nowadays, with the increased use of the Internet which concept widely investigated in intrusion detection field.
becomes an essential tool in daily life, various types of Since most of the traditional machine learning meth-
attacks are faced. Therefore, security in networks becomes odologies cannot effectively solve the massive intrusion
a serious issue. data classification problem [29], deep learning-based
Intrusion detection system (IDS) can be an efficient methods have been recently successfully applied to built
solution for this problem. The concept of intrusion detec- IDSs. Studies have shown that deep learning completely
tion (ID) dates back to 1980, and it was proposed by Ander- outperforms traditional methods [29].
son [1]. An intrusion detection system (IDS) is a type of Furthermore, most of existing IDSs suffer from their
security software that monitors, analyzes network traffics monolithic architectures that contain a central analyzer.
and alerts administrators automatically when a malicious If this analyzer fails, other components will be affected. A
activity is detected. hopeful feature of an IDS architecture is its ability to imple-
Various techniques have been used to develop IDSs. On ment a distributed format which can make the IDS more
the one hand, a wide range of machine learning method- robust. For this reason, several researches are oriented
ologies have been used such as artificial neural network

*  Faten Louati, faten1louati@[Link]; Farah Barika Ktata, [Link]@[Link] | 1Institut Supérieur de Gestion de Sousse, Rue
Abdelaziz Il Behi, 4000 Sousse, Tunisia. 2Institut Supérieur des Sciences Appliquées et de Technologie de Sousse, Rue ibn Khaldun, Cité
Taffala, 4003 Sousse, Tunisia.

SN Applied Sciences (2020) 2:675 | [Link]

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

toward the multi-agent system (MAS) for intrusion detec-

tion task.
For this motivation, a combination of aforementioned
approaches is proposed to take advantages of both deep
learning and multi-agent system. We present an anom-
aly intrusion detection scheme based on adaptive and
intelligent agents. It is a distributed IDS that integrates
the features provided by multi-agent approach with the
performance of deep learning technique. Therefore, the
agents in the proposed IDS implement three algorithms:
autoencoder (AE), multilayer perceptron (MLP) and k-near-
Fig. 1  A deep neural network example [24]
est neighbors (K-NN) to identify intrusions on networks:
Autoencoder is used as a feature reduction tool that is
followed by MLP and K-NN classifiers. KDD CUB 99 bench-
mark dataset is used for testing the proposed solution.
The remaining part of the paper is organized in the
following way: In Sect. 2, we present an overview of the
main concepts used in this paper. In Sect. 3, we discuss
same related works. The description of the proposed solu-
tion is introduced in Sects. 4 and 5. Section 6 presents the
experimental results and compares them with other works.
Finally, in Sect. 7 we conclude the entire work and present
our future works.
Fig. 2  Autoencoder structure [14]

2 Overview
predicated on the error propagation method. It consists
2.1 Deep learning of two phases, a feed-forward phase and a backforward
phase. In the first step, data propagate across the network
Deep learning is a new field of machine learning which to finally get the output and compare it with the real val-
has been applied in many areas such as speech and image ues to get the error and then to be minimized, the error
recognition, natural language processing, drug discovery is backpropagated to the previous layer, and then the
and recommended systems. In the last few years, deep weights are adjusted accordingly. This process is repeated
learning has proven its efficiency in the intrusion detec- until the error is below a predetermined threshold.
tion field and security area in general. The purpose of MLP in this paper is to solve a five-class
Deep learning is based on artificial neural network problem, i.e., assign the input patterns to one of the cat-
which is a computational model inspired from human egories that are represented in terms of neural networks
brain. It consists of a large number of connected nodes outputs (the four types of attacks, namely DoS, Probe, U2R
called neurons (a.k.a. perceptrons), and each neuron per- and R2L + normal.)
forms a simple mathematical operation (activation func-
tion). Each neuron’s output is determined by this opera- 2.1.2 Autoencoder
tion, as well as a set of parameters (weight and bias) that
are specific to that node. Autoencoder is a feed-forward neural network , very simi-
Deep neural network is a neural network with more lar to MLP except that output layer must have the same
than two layers: an input layer, at least one hidden layer number of nodes as the input layer (Fig. 2) since the pur-
and an output layer (Fig. 1). pose of the autoencoder is reconstructing its own inputs
(instead of predicting the target values Y given inputs
2.1.1 Multilayer perceptron X). Typically, autoencoder is used for dimensionality
reduction.
Multilayer perception is a subset of the deep neural net- Dimensionality reduction attempts to reduce the num-
work (is a feed-forward neural network). Multilayer per- ber of variables in the data, and it facilitates the classifica-
ceptron formula is based on backpropagation algorithm tion, visualization, communication and storage of high-
(short for “backward propagation of errors”) which is dimensional data [7]. There are two types of dimensionality

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

reduction: feature selection and feature extraction. Feature • Autonomy An agent can decide for itself what it needs
selection consists of removing unnecessary features. How- to do in order to satisfy its goals.
ever, feature extraction means the transformation of raw • Re-activity An agent perceives and acts on its environ-
data into features suitable for modeling. ment.
In this work, an autoencoder is used for features selec- • Pro-activity An agent may be able to take the initiative.
tion task and reduces efficiently the dimension of the data- • Sociability An agent can interact with other agents,
set from 120 to only 10. using an agent communication language (ACL). There-
fore, an agent is able to provide and ask for services,
2.1.3 Overfitting problem and solution can cooperate, coordinate, negotiate and so on.
• Mobility An agent may be able to move from one sys-
Is a problem that can occur during neural network training tem to another.
when the classification error on the training set is driven to • Adaptation An agent may—if needed—attempt to
a very small value, but when unknown data are faced, the adapt itself to new or changing environment or to deal
error increases. This can be explained by the fact that the with new or changing goals.
neural network has just memorized the training examples • Learning An agent may learn from past occurrences in
not learn to generalize the solution to new samples. the environment to predict the future.
To solve this problem, we used a technique known as
Early Stopping. This technique consists of dividing the data- 2.2.2 Advantages of MAS
set into three subsets, namely training set, testing set and
validating set. The training set is used to train the neural According to [5], there are two main advantages of MAS:
network, the testing set is used to test the neural network,
and the validating set is used to monitor the error during • Robustness The ability that the system can tolerate fail-
the training phase. The validating error will decrease simi- ures of one or more agents.
larly to the training error. However, when the error begins • it Scalability It should be easier to add new agents to a
to rise, then the neural network begins to overfit the data. MAS than to add new capabilities to a monolithic sys-
Thus, the training process is stopped, and the weights gen- tem.
erating the minimum error on the validating set are stored.
2.3 Intrusion detection system
2.1.4 K‑nearest neighbor
The concept of intrusion detection (ID) dates back to 1980,
K-nearest neighbor (K-NN) is one of the popular machine when it was proposed by Anderson [1]. There are three
learning algorithms. Despite its simplicity, K-NN is a power- types of IDS, namely host-based IDS, network-based IDS
ful algorithm which can be used in classification task and and distributed IDS. Host-based intrusion detection sys-
in a variety of applications such as intrusion detection. It tem (HIDS) is placed on a particular computer or server
separates instances in a given dataset into several classes (host) and monitors activity only on that system. How-
so that it can predict the classification of a new sample. ever, network-based intrusion detection system (NIDS)
K-NN memorizes the training instances to be used further analyzes network traffic and monitors multiple hosts to
in prediction phase. Therefore, it does not explicitly learn identify intrusions. Once an attack is identified, or abnor-
a model [30]. The concept consists of calculating distance mal behavior is sensed, the alert can be sent to the admin-
between two data points to make a vote between the K istrator. Finally, a distributed IDS (DIDS) consists of multiple
most similar data points to a given “new” data point. intrusion detection systems monitoring a large network,
and all of them communicate with each other, or with a
2.2 Multi‑agent system central server.
IDSs usually are built using two major techniques: sig-
Multi-agent system is a system composed of multiple nature-based detection (or misuse detection) and anom-
interactive computing elements called agents [26]. An aly detection.
agent is a computer system (software or robot) with two Signature-based detection attempts to define a set of
important capabilities: autonomous and interaction [26]. rules (or signatures) that can be used to decide that a given
pattern is an attack. Therefore, signature-based systems
2.2.1 Features of an agent are able to attain high levels of accuracy and minimal num-
ber of false positives in identifying intrusions [16]. How-
According to [27, 28], an agent has the following ever, for unknown attacks it gives a very high false alarm
characteristics: rate. As a result, signature-based intrusion detection is

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

not sweet for detecting new attacks, even though a slight and their DBN-SVM model is performed: The result shows
variation of known attack can deceive it while anomaly- that using both DBN-SVM gives better classification accu-
based detection is able to search the abnormal traffic by racy than using SVM or DBN as a single classifier also, and
comparing the actual behavior with the normal system it enhances the testing time due to data dimensionality
behavior. Unlike to misuse detection method, anomaly reduction. The evaluation of the system was performed
detection method can efficiently detect unknown attacks; on NSL KDD dataset.
therefore, a low false alarm rate for unknown attacks can Chaurasia and Jain [2] proposed an ensemble intrusion
be obtained. detection system that combines two classifiers: k-nearest
neighbors and artificial neural network. They used bag-
ging technique. They compared the results in the case of
3 Related works using bagging technique and in the case of using ANN or
K-NN as single classifiers: Bagging provides better accu-
A number of approaches based on deep learning meth- racy and lower false-positive rate.
odologies have been proposed and have proved its suc- Sammany and Sharawi [21] developed an IDS using MLP
cess in the intrusion detection field. Yin et al. [29] have with two hidden layers and three classes output neurons.
performed a deep learning approach for intrusion detec- However, this IDS is able to distinguish only two types of
tion using recurrent neural networks which is a kind of attacks (Neptune, Satan) from normal traffic.
ANN that represents loops between layers and between Siddiqui and Farooqui [23] have proposed an IDS based
nodes. Two experiments have been performed to study on the combination of support vector machine and neural
the performance of the model on the NSL KDD dataset for network.
binary classification (normal, anomaly) and five-category Ugtakhbayar et al. [25] proposed a hybrid system that
classification (normal, DoS, R2L, U2R and Probe). Also a combines the advantages of both anomaly-based and
comparison between the performance of the RNN-IDS signature-based techniques. The signatures-based detec-
with an ANN, naive Bayesian, random forest, multilayer tion consists of using Snort IDS to detect know intrusion in
perceptron and support vector machine is also performed real time while anomaly-based detection consists of apply-
in both binary classification and multi-classification cate- ing naive Bayes algorithm as classifier. Experiments were
gories. The accuracy rate was better when using RNN than performed on KDD 99 and NUM15 datasets. Authors also
other machine learning techniques. utilized features selection process to reduce the number
RNN is also has been chosen by Kim and Kim [9]; how- of features of the dataset from 41 to 25 using information
ever, it has been improved by Hessian-free optimization. gain technique. The proposed model evaluation results
Javaid et al. [8] have proposed a self-taught learning- show that the accuracy rates are 97.5%.
based IDS, and STL is one of the most popular DL algo- Ren et al. [18] used K-means algorithm to prepare KDD
rithms that consists of two phases. In the first step, the 99 dataset before prediction. They used neural network for
model learns a feature representation from a large col- detection. Experimental results on KDD 99 dataset show
lection of unlabeled data known as unsupervised feature that the proposed model gives almost 90% accuracy rate.
learning (UFL); then, this learnt representation is applied to Sarnovsky and Paralic [22] proposed a hierarchical
labeled data for classification. In their proposed model, the detection system based on the combination of machine
implemented STL was composed by sparse auto encoder learning with knowledge-based approaches in the form
for UFL and soft max regression (SMR) for classification. of ontology. After being evaluated on KDD 99 dataset, the
They verify the performance of their model on NSL KDD model achieves the detection task with 97.5% accuracy
dataset. Their approach was based on using a separate rate.
datasets for training and testing. A comparison between Ding et al. [3] used an other deep learning algorithm,
SMR classifier preceded by the sparse auto encoder (the namely convolutional neural network (CNN), to detect
proposed STL) and SMR as a single classifier was per- attacks on networks. Experiments performed on KDD 99
formed. SLT achieved better accuracy rate than SMR for dataset show a high accuracy rate: 99.84%.
the binary classification; however, it achieved lesser pre- Kumar et al. [10] used meanshift clustering algorithm
cision. For the multi-classification, STL achieved a better to detect networking attacks. Meanshift clustering is an
accuracy than SMR. unsupervised machine learning algorithm based on find-
Salama et al. [20] developed an IDS which combines the ing the center of each group in the dataset by calculat-
advantages of deep belief network (DBN) and support vec- ing the mean of all data points until convergence is met.
tor machine (SVM), and DBN is used to reduce the dimen- Experiments on KDD 99 dataset present 81.2% accuracy.
sionality of the features set and was followed by SVM to On the other hand, many early researches were
classify the intrusions. A comparison between SVM, DBN interested in multi-agent system-based IDSs, such as

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

Sadhasivan and Balasubramanian [19], who have com- distributed IDS that combines the advantages of multi-
bined the definition of adaptive rules and the responsibili- agent approach with the high accuracy of deep learning
ties for each agent for anomaly and misuse-based detec- algorithms.
tion (ARMA-IDS) in which a combination of data mining The choice of deep learning with multi-agent meth-
techniques (clustering and rules) with multi-agent system odology was for many reasons: firstly, because Intrusion
is performed. They created five agents: sniffer agent which detection is usually equivalent to a binary or multi-classi-
capture the packets; filter agent which receives captured fication problem, i.e., identifying whether network traffic
packets from the first agent and try to isolate the irrelevant behavior is normal or not [29]. Therefore, deep learning is
packets; anomaly detection agent which uses cluster- very sweet to attack detection problem, especially with
ing technique to identify the intrusions in the network; its generalization feature; neural networks could be a
association rule-based agent which uses the association good solution for detection of known as well as unknown
rule technique to identify the relationship between the attacks unlike traditional IDSs which are usually signatures
selected features and traffic characteristics; and sequen- based.
tial rule-based agent which defines the usual and unusual Also, artificial neural networks (ANNs) are the most
patterns of normal traffic using sequential rules technique. commonly used approaches in intrusion detection sys-
Experimental results of the framework on KDD 99 dataset tems and it surpasses traditional methods. Moradi and
give a good accuracy rate with low false-positive rate and Zulkernine [12] and Yin et al. [29] because it is a powerful
false-negative rate. tool in multiple class classification [21].
Lui et al. [11] developed an adaptive NIDS using data Furthermore, deep learning allows feature selection
mining and five types of agents based on clustering, asso- which helps in the elimination of redundant features and
ciation rules and sequential rules approaches with the noises and extracts a subset of relevant features of the traf-
adaptive learning. fic dataset to enhance classification results [4].
Riyad et al. [17] proposed a distributed IDS using multi- In case of using multi-agent system, deep learning
agent system approach. The MAS used in this work is com- allows agents to be more intelligent and adaptive: It
posed of four types of agents: (1) coordinator agent which increases significantly the detection rate and the accuracy
pass information the agents of the network; (2) sniffer of detection, and it allows them to learn a new pattern of
agent which collects the data; (3) filtering agent whose attacks.
role is preprocessing the data collected by the sniffer Overall, the contribution of this work consists of com-
agent; and (4) analysis and detection agent which ana- bining DL and MAS approaches to create an intelligent
lyzes the data and detects attacks if exists using a number and distributed IDS. This idea will cure the flaws of both
of classifiers. Experimental results show a good accuracy machine learning-based IDSs and multi-agent system-
rate: in average 95.8%. based IDSs and decrease considerably the detection time.
We leverage the intelligent algorithms of DL to provide
intelligence to the agents of MAS and . Thus, our solution
4 The proposed solution consists of building a distributed IDS that integrates the
desired features of MAS approach with the performance
The main drawback of the existing IDSs is their central and exactitude of DL.
architecture, and this leads to a single point of failure. Hence, our IDS is composed of a number of agents
Furthermore, centralized IDSs usually fail in distributed that implanted three algorithms, namely autoencoder
types of attacks such as DDoS (distributed denial of ser- (AE), multilayer perceptron (MLP) and k-nearest neighbor
vices) [17]. For this reason, several recent studies were (K-NN). Autoencoder performs the feature reduction task,
directed toward distributed systems, e.g., multi-agent and MLP and K-NN perform the classification task. KDD
systems, to build IDSs. Such architecture gives the system 99 benchmark dataset is used to evaluate the proposed
more robustness so that the fault tolerant becomes impor- model.
tant because an agent can substitute another, and also
the system becomes easily scalable since the number of
agents can be easily increased if needed. In addition, the 5 DL‑MAFID scheme
analysis of the data can be achieved in parallel, and this
reduces the time considerably. On the other hand, distrib- Deep learning approach is largely used for intrusion
uted IDSs suffer from many problemes, e.g., false-positive detection system; in this paper, we used three algorithms:
rates, low efficiency, etc. [13], because most of them are autoencoder, multilayer perceptron and k-nearest neigh-
signature based so they are able to detect only previously bors. Combining two or more algorithms is a technique
known attacks [11]. To tackle this problem, we propose a used in many previous works. The contribution of this

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

work is that in addition to implementing more than one DL 5.1.2 Autoencoder feature reduction
algorithm, we used multi-agent approach to build our IDS.
In this work, autoencoder reduces efficiently the dimen-
5.1 The deep learning‑based IDS scheme sion of the dataset from 120 to only 10. It is composed of
one input layer with 120 nodes representing the feature
Our model DL-MAFID is composed of three main phases: vector obtained after preprocessing phase, three hidden
preprocessing phase, feature reduction phase and classi- layers with 80, 40 and 20 nodes, respectively, composing
fication phase. the encode part, also the bottleneck layer which is the
middle layer whose output represents the new reduced
5.1.1 Data preprocessing data that will be used in classification phase. Bottleneck
layer is composed of ten nodes representing the reduced
There are three categories of feature in the KDD 99 data- dataset. The decode part is also composed of three hidden
set. The first type is a symbolic feature (e.g., protocol type, layers which are symmetrical to those of encode parts with
service and flag). The second type is a binary feature (e.g., 20, 40 and 80 nodes, respectively. Finally, the output layer
land, logged_in and root_shell) and the numerical fea- is composed of 120 nodes representing the reconstructing
tures (Table 1) . Therefore, the dataset should be prepared data. Figure 3 depicts the structure of our autoencoder.
before use.
KDD CUP99 dataset preprocessing contains four 5.1.3 Intrusion classification
processes:
1. MLP classification MLP is a kind of deep neural net-
1. Convert symbolic features to numerical values: Numer- work consists of an input layer, one or more hidden
icalization is necessary since the feature vector fed to layers and an output layer. MLP in this work is able
the input of the neural network must be numerical. to well distinguish attacks pattern from benign and
2. Removing attributes with missing data. even recognize attack type (DoS, Probe, U2R, R2L).
3. Data scaling: The data have large varying ranges, so We build a four-layer MLP classifier composed of an
they have to be normalized. The normalization range input layer with ten nodes representing the relevant
used in this paper is from − 1 to 1. z score is used for features resulting from feature reduction phase, three
normalization task: hidden layers with 20, 15 and 20 nodes, respectively,
x−𝜇 and the output layer with five nodes representing the
z= five classes: the four attack types and the normal class.
𝜎
Figure 4 depicts the structure of our MLP.
where: 2. K-NN classification Since we build a distributed IDS,
  𝜇 is the mean of the data. using one classifier is not enough, we need a number
  𝜎 is the standard deviation of the data. of classifiers in such way each classifier is located in a
4. The class attribute is in binary format (normal or different segment in the network; if one classifier fails,
a specific kind of attack). However, in this work, a other classifiers can give better results.
five-classification model is performed. Therefore, we   To increase the effectiveness and robustness of the
assign attack names to one of the five classes, 0 for IDS, we are not limited to one solution; therefore, we
DoS (denial of service), 1 for Probe, 2 for R2L (remote used another machine learning classifier based on
to local), 3 for U2R (user to root) and 4 for normal. k-nearest neighbor algorithm.
  After several experiments and fine-tuning of param-
The total number of features after performing the above eter K, we conclude that for our case the best value
preprocessing steps becomes 120. giving the highest accuracy rate is K = 5.

5.2 Multi‑agent IDS scheme

Table 1  Features with different data types in KDD 99 dataset
Feature type Features Several works have been proposed using MAS approach
in the intrusion detection field such as in [4, 11, 17, 19].
Nominal 2 ,3, 4
The use of MAS enables taking advantage of some of
Binary 7, 12, 14, 15, 21, 22
the properties of agents such as re-activity, pro-activity
Numeric 1 ,5, 6, 8, 9, 10, 11, 13, 16, 17, 18, 19,
and sociability and makes the task of intrusion detection
20, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
more robust, faster and easier since the tasks are shared
33, 34, 35, 36, 37, 38, 39, 40, 41
between several agents in the system.

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

Fig. 4  Structure of the proposed MLP

attacks. In the case of using the multi-agent system

based on deep learning, we make the agents more intel-
ligent because they used intelligent DL algorithms to
detect the known attacks and more adaptive because
deep learning allows them to learn and adapt them-
selves in such a way they can detect unknown attacks.
The proposed deep learning-based multi-agent for IDS
is composed of four types of agents:

• Preprocessor agent
• Reducer agent
• Agent classifier
• Decision-maker agent

5.2.1 Preprocessor agent (PA)

The task of the agent preprocessor is to pre-process the

Fig. 3  Structure of the proposed autoencoder
data as already explained in Sect. 5.1.1 and shown in
Fig. 6.
However, generally previous works used signature- This agent can be extensible so it can be adapted to
based technique with which the system does not enable an online version, and then, it will have to collect the
to detect unknown or a variation of known attacks [6]. data end information about the traffic of the network.
In this work, we use deep learning algorithms which After preparing the data, PA sent it in a format accepted
are known for their effectiveness in detecting unseen by a neural network to the agent reducer.

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

5.2.2 Reducer agent (RA)

Agent reducer executes the autoencoder algorithm to

reduce the dimension of the data. The structure of our
autoencoder is represented in Sect. 5.1.2 and Fig. 3. Then,
the reduced data are sent to the agents classifier to per-
form the classification task.

5.2.3 Agents classifier (CA)

The number of the agents classifiers can be more than 1

(from 1 to n) located on the same node of the network;
each one builds its model; and once the model is built, it
can be used for next predictions. Finally, each agent sends
its result to the decision-maker agent. In experiments, two
Fig. 5  Agents architecture in the network
agents classifiers are built: K-NN agent and MLP agent.
Since we made experiments on an off-line traffic using
the KDD 99 data benchmark dataset, we assume that Step 4: PA scales the data.
both K-NN and MLP agents are situated in the same loca- Step 5: PA sends the preprocessed data (120 features) to
tion in the network and that the test set representing the the reducer agent (RA).
unknown data is the real network traffic. K-NN runs the Step 6: RA reduces the data from 120 features to 10 fea-
k-nearest neighbors algorithm explained and MLP agent tures using autoencoder algorithm.
runs the multilayer perceptron algorithm. Both K-NN and Step 7: RA sends the reduced data to the agents clas-
MLP algorithms are detailed in Sect.  5.1.3. They make sifier (CA).
their predictions and send their results with the values of Step 8: If first time, MLP and K-NN classifiers enter in
the accuracy rate as a justification to the decision-maker training phase in order to build their own models. Else,
agent. both use their built models to make predictions on new
patterns (testing set).
Step 9: Agents classifier sent the results of prediction
5.2.4 Decision‑maker agent (DA) with the accuracy rates to the decision-maker agent
(DA).
DA asks periodically for the decisions of agents classifiers. Step 10: DA analyzes the situation:
Once they are received, DA analyzes the situation: If one if predictions are received from one agent in a given
CA sent, its prediction for a given location; DA takes this location then: final decision = this prediction.
prediction as a final decision. In the case of the existing Otherwise,
of several CA in the same location, the DA compares the if agents are agree then: final decision = prediction.
results: If they are identical, DA takes it as a final decision; else: final decision = prediction having the maximum
if there is a difference, DA takes the prediction having the accuracy rate.
highest accuracy rate as a final decision.
Note that in each segment of the network, we have to
find one PA, one RA and at least one CA which send peri- 6 Experimental results
odically its report (results of prediction) to the DA to give
a conclusion (final decision) about the state of the system 6.1 KDD CUP99 dataset
(Fig. 5).
The overall workflow of the proposed IDS is shown in To evaluate the performance of our proposed approach,
Fig. 6 and described as follows: we present tests on KDD CUP99 anomaly intrusion detec-
tion dataset. KDD 99 dataset, created in 1999, is widely
Step 1: PA receives the dataset (41 features). In case of used in academic research, especially machine learning
an online traffic, it has to collect the data. research and intrusion detection systems. KDD 99 is pub-
Step 2: PA converts symbolic features to numerical val- licly available and is considered benchmark dataset for
ues. testing of intrusion detection algorithms. It has labeled
Step 3: PA removes attributes with missing values. attack samples which are obtained by passive monitoring.

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

Fig. 6  The structure of DL-

MAFID

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

Table 2  Number of samples for Class Counts Our experiment environment is as follows:

each class
Dos 391458 • CPU: Intel i3, 2.20GHZ
Probe 4107 • GPU: GPU acceleration not used
R2L 1126 • RAM: 4GB
U2R 52 • OS: Windows 10
Normal 97278
To evaluate the performance of a model, there are num-
bers of performance metrics such as accuracy rate, detec-
Table 3  Types of KDD 99 dataset tion rate, false-positive rate (FPR) and true-positive rate
Dataset Number of records
(TPR).
In the proposed model, we have taken accuracy rate,
Corrected KDD 311 029 precision, TPR, TNR, FPR, FNR and detection rate. Also, we
10-percent Corrected KDD 494 021 back to the confusion matrix to get our metrics. The confu-
Whole KDD 4 898 430 sion matrix is composed of true positive (TP), true negative
(TN), false positive (FP) and false negative (FN).

Each record of the dataset is labeled as either normal or • True positive legitimate attack and IDS gives alarm
a specific kind of attack (Table 2). The attacks can be clas- • True negative no attack and IDS gives no alarm
sified in one of the four known categories, namely denial • False positive no attack and IDS gives alarm
of service (DoS), user to root (U2R), remote to local (R2L) • False negative legitimate attack and IDS gives no alarm
and Probe.

– Denial of service (DoS): This kind of attack deprives All metrics are calculated using the following formulas:
legitimate users of the service or resource they
FP
expected. DoS attacks accomplish this by flooding the FPR =
(FP + TN)
target with traffic and requests in order to make the
FN
resources too busy so that the system becomes over- FNR =
(FN + TP)
loaded, e.g., back, land, Neptune.
– Remote to user attacks (R2L): In this type of attack, TP
Recall or TPR =
an intruder sends packets to a computer through the (TP + FN)
Internet so that the machine’s vulnerabilities exposes, TN
Specificity or TNR =
and thus, it could exploit the privileges of the user. (TN + FP)
– User to root attacks (U2R): In this type of attack, a (TP + TN)
Accuracy =
hacker holds the account and password information of TP + TN + FN + FP
an authorized user and can own the privilege of access (TP)
Detection rate =
to the whole system, e.g., loadmodule, perl, rootkit. TP + TN + FN + FP
TP
– Probing (Probe): The hacker scans computer in order Precision =
to determine a weak point through which it gain access (TP + FP)
to the system. The results show that both proposed MLP and K-NN clas-
sifiers are performing; however, K-NN agent is a bit better,
Table 3 presents the different types of KDD 99 dataset. and it achieves its task with lower values of FPR and FNR
In this paper, 10-percent corrected KDD is used. It has 494 and higher values of accuracy, precision, TPR and TNR. For
021 records, in each record, there are 41 attributes describ- example, values of accuracy are 99.73% for MLP agent ver-
ing different features of the data, and the 42nd attribute sus 99.95% for K-NN agent.
contains label which assigns to each record either an Also, the time of both training and testing phases is
attack type or normal. considerably reduced due to the reduction in the dimen-
sionality of the data which was performed by the agent
6.2 Experiments and analysis reducer using autoencoder algorithm. Agent reducer
achieved its task with good accuracy rate: 89.42%.
We take an experiment for measuring the performance of Figures 7 and 8 show two confusion matrices. The first
our model. We developed IDS using Python programming matrix shows the result of the model using only MLP
language.

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

training process and prevent the model from over-fitting

(Sect. 5.1.3).
Figure 9 describes the evaluation of the loss function
during the training phase of MLP agent with respect to the
progress of training epochs for the training and validating
sets. In this work, we used categorical cross-entropy loss
function. Furthermore, to more evaluate our solution, we
compare it with other related works in which either ML
and DL algorithms or MAS are leveraged. This comparison
is based on accuracy rate. Since we evaluate our model
on KDD 99 dataset, we choose to compare results with
some existing (presented in Sect. 3) which used the same
dataset or its extension NSL-KDD dataset.
Table  4 shows that our intelligent distributed IDS
based on combining DL and MAS outperforms others
approaches in terms of accuracy rate also, and Table 5
Fig. 7  Confusion matrix (model without autoencoder) shows that our system achieves the detection task with
very small false alarm rate. This proves the efficiency of
our solution.

7 Conclusions

DL-MAFID model is aimed to solve a multi-class problem

of intrusion detection using multi-agent system based on
deep learning in which not only the attack records are dis-
tinguished from normal ones, but also the attack type is
recognized. We have used three algorithms: autoencoder
for dimensionality reduction, which provides a good result
in this task, reduces efficiently the dimensional of KDD
CUP99 dataset to nearly 91% of its original size, and then,
it was followed by two classifiers, namely K-NN and MLP
classifiers, to classify the reduced data into five classes, i.e.,
normal or one of the main types of networking attacks
(DoS, R2L, Probe and U2R). Also, we benefited from the
Fig. 8  Confusion matrix (model using autoencoder)
desired features of MAS approach which make our IDS

algorithm performed by the MLP agent (without the con-

tribution of the reducer agent); however, the second one
shows the result of the model using both autoencoder and
MLP algorithms.
We observe that the metrics in the first confusion matrix
(Fig. 7) are a bit better than the second matrix (Fig. 8), and
this is due to the fact that the data has been compressed
by the autoencoder. However, the use of autoencoder
allows us to benefit from the advantages of dimensional-
ity reduction, such as removal of irrelevant and redundant
features and the reduction in both training and testing
time, and also this difference does not affect the accuracy
rate of the classification of MLP agent.
Early stopping criterion for validation set was applied
by both reducer agent and MLP agent classifier to stop the Fig. 9  Categorical cross-entropy loss function

Vol.:(0123456789)
Research Article SN Applied Sciences (2020) 2:675 | [Link]

Table 4  Comparison between References Approach Dataset Accuracy rate (%)

the intelligent distributed IDS
using MAS based on DL with [20] Deep belief network + support vector machine NSL KDD 92.84
other previous approaches on
[15] Naive Bayes KDD 99 95
KDD 99 or NSL KDD datasets
[29] Recurrent neural network NSL KDD 91.29
[8] Self-taught learning NSL KDD 79.10
[19] Multi-agent system + data mining KDD 99 97.47
[25] Combining anomaly-based (naive Bayes) and KDD 99 + NUM15 97.5
signature-based detection (Snort system)
[18] K-means + artificial neural network KDD 99 97.5
[22] Combining ML with ontology KDD 99 99.8
[3] Convolutional neural network K-NN KDD 99 99.84
[10] Meanshift clustering algorithm KDD 99 81.2
[17] Multi-agent system KDD 99 95.82
Our model Deep learning-based multi-agent system KDD 99 99.95

Table 5  Metrics of both K-NN FPR (%) FNR (%) TNR (%) TPR (%) Acc. (%) DR (%) Precision (%)
and MLP classifiers
K-NN 0.03 0.12 99.97 99.88 99.95 99.88 99.88
MLP 0.17 0.68 99.83 99.32 99.73 99.32 99.32

more robust and more efficient than using a monolithic 2. Chaurasia S, Jain A (2014) Ensemble neural network and K-NN
system. Experimental results show that the proposed sys- classifiers for intrusion detection. Int J Comput Sci Inf Technol
5:2481–2485
tem is capable of classifying records with 99.95% accuracy 3. Ding N, Liu Y, Fan Y, Jie D (2020) Network attack detection
rate. method based on convolutional neural network, chapter, vol
For future work, we plan to: 68. Springer, Berlin, pp 610–620
4. Erlank AO, Bridges CP (2017) A hybrid real-time agent plat-
form for fault-tolerant, embedded applications. Auton Agents
• Apply this solution in a real network traffic (i.e., online Multi-Agent Syst 32(2):252–274
IDS). 5. Glavic M (2006) Agents and multi-agent systems: a short intro-
• Benefit from other machine leaning algorithms by add- duction for power engineers. Technical report, University of
ing more agents classifiers to increase the accuracy of Liege, 4000 Liege, Belgium
6. Herrero Á, Corchado E (2009) Multiagent systems for network
intrusion detection. intrusion detection: a review. In: Herrero Á, Gastaldo P, Zunino
• Take more advantages of MAS such as mobility and R, Corchado E (eds) Advances in intelligent and soft comput-
cloning. ing, vol 63. Springer, Berlin, pp 143–154
• Extend our IDS so that it can be used with cloud com- 7. Hinton GE, Salakhutdinov RR (2006) Reducing the dimension-
ality of data with neural networks. Science 313:7
puting, fog computing and Internet of things for secu- 8. Javaid A, Niyaz Q, Sun W, Alam M (2015) A deep learning
rity purpose. approach for network intrusion detection system. In: BICT’15
proceedings of the 9th EAI international conference on bio-
inspired information and communications technologies (for-
merly BIONETICS), pp 21–26, New York City, United States
9. Kim J, Kim H (2015) Applying recurrent neural network to
intrusion detection with hessian free optimization. In: 16th
Compliance with ethical standards  international workshop, WISA 2015, pp 357–369
10. Kumar A, Glisson W, Cho H (2020) Network attack detection
Conflict of interest  On behalf of all authors, the corresponding au- using an unsupervised machine learning algorithm
thor states that there is no conflict of interest. 11. Lui C-L, Fu T-C, Cheung T-Y (2005) Agent-based network intru-
sion detection system using data mining approaches. In: Third
international conference on information technology and
applications (ICITA’05), Sydney, NSW, Australia. IEEE
References 12. Moradi M, Zulkernine M (2004) A neural network based system
for intrusion detection and classification of attacks. In: Pro-
1. Anderson JP (1980) Computer security threat monitoring and ceedings of 2004 IEEE international conference on advances
surveillance. Technical report, James P. Anderson Company, Fort in intelligent systems
Washington

Vol:.(1234567890)
SN Applied Sciences (2020) 2:675 | [Link] Research Article

13. Mukhin V, Kornaga Y, Steshyn V, Mostovoy Y (2016) Adaptive 24. Templeton G (2017) Google reveals automatic machine learning:
security system based on intelligent agents for distributed com- A.i. can create itself. https​://[Link]​[Link]/artic​le/31952​-ai-
puter systems. In: International conference of development and googl​e -machi​ne-learn​ing-autom​l
application systems (DAS), pp 320–325 25. Ugtakhbayar N, Usukhbayar B, Baigaltugs S (2020) A hybrid
14. Nelwamondo FV, Golding D, Marwala T (2009) A dynamic pro- model for anomaly-based Intrusion detection system, chap-
gramming approach to missing data estimation using neural ter 44. Springer, Berlin, pp 419–431
networks. Inf Sci 237:49–58 26. Wooldridge M (2009) An introduction to multiagent systems,
15. Panda M, Patra MR (2007) Network intrusion detection using chapter preface. Willey, Hoboken
Naïve Bayes. Int J Comput Sci Netw Secur 7(12):258–262 27. Wooldridge M, Jennings NR (1995) Ecai-94 proceedings of the
16. Patel HJ, Patel R (2014) A survey on intrusion detection system workshop on agent theories, architectures, and languages on
in cloud) based on data mining. Int J Eng Techn Res 2:5 intelligent agents. In: Agent theories, architectures and lan-
17. Riyad AM, Irfan Ahmed MS, Raheemaa Khan RL (2019) An adap- guages: a survey, Amsterdam, The Netherlands. Springer, Berlin,
tive distributed intrusion detection system architecture using pp 1–39
multi agents. Int J Electr Comput Eng 9(6):4951–4960 28. Wooldridge M, Jennings NR (1995) Intelligent agents: theories,
18. Ren B, Hu M, Yan H, Yu P (2019) Classification and prediction of architectures and languages, vol 890. ACM Digital Library, New
network abnormal data based on machine learning. In: Interna- York
tional conference on robots and intelligent system (ICRIS). IEEE 29. Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for
19. Sadhasivan DK, Balasubramanian K (2017) A fusion of multia- intrusion detection using recurrent neural networks. IEEE Access
gent functionalities for effective intrusion detection system. 5:7
Secur Commun Netw 30. Zakka K (2016) A complete guide to k-nearest-neighbors
20. Salama MA, Eid HF, Ramadan RA, Darwish A, Hassanien AE (2011) with applications in python and r. https​://kevin​zakka​.githu​
Hybrid intelligent intrusion detection scheme. Soft computing [Link]/2016/07/13/k-neare​st-neigh​bor/
in industrial application, vol 96. Springer, Berlin, pp 293–303
21. Sammany M, Sharawi I Saroit M, El-Beltagy M (2011) Artificial Publisher’s Note Springer Nature remains neutral with regard to
neural networks architecture for intrusion detection systems jurisdictional claims in published maps and institutional affiliations.
and classification of attacks. Technical report, Faculty of Science,
Cairo University, Egypt
22. Sarnovsky M, Paralic J (2020) Hierarchical intrusion detection
using machine learning and knowledge model. Symmetry
12:203
23. Siddiqui AK, Farooqui T (2017) Improved ensemble technique
based on support vector machine and neural network for intru-
sion detection system. Int J Online Sci 3:12

Vol.:(0123456789)