Application of deep learning model in network reconnaissance attack detection


  • Nguyễn Thị Dung
  • Nguyễn Văn Quân
  • Nguyễn Việt Hùng



network reconnaissance, anomaly detection, intrusion detection system, machine learning, deep learning

Tóm tắt

Abstract— In recent years, the number of new types of attacks has increased dramatically. Although there are many types of attack techniques, all of them are following the similar chain of attack, beginning with network reconnaissance phase. Therefore, network reconnaissance attack detection problem is important for every Intrusion Detection System (IDS). In fact, network intrusion detection systems are based on pre-defined rules so they are not able to detect new attacks or variants of known attacks. Meanwhile, hackers have developed many automated toolkits that allow subtle changes to the attack  behavior sufficient for IDS to treat as a zero-day attack. To overcome this limitation, many machine learning models have been applied in IDS and implemented in a real network. In this paper, we propose a new approach that uses two stage AutoEncoder to detect network reconnaissance attacks. The proposed approach is evaluated on network security datasets: NSL-KDD, UNSW_NB15, four scenarios of the CTU13 datasets and compared to existing methods.


Download data is not yet available.


Elias Bou-Harb, Mourad Debbabi, and Chadi Assi, Cyber Scanning: A Comprehensive Survey, IEEE Communications Surveys and Tutorials, 2014, 16.3: 1496-1519.

Lee, S. Y, Kim, Y. S., Lee, B. H., Kang, S. H.,Youn, C. H., A probe detection model using the analysis of the fuzzy cognitive maps, Computational Science and Its ApplicationsICCSA 2005, 287-291

Vidhya. M, Efficient classification of portscan attacks using

Support Vector Machine, Green High Performance Computing (ICGHPC), 2013 IEEE International Conference, 2013.

Meijuan Gao, Jingwen Tian, Mingping Xia, Intrusion Detection Method Based on Classify Support Vector Machine, secondInternational Conference on Intelligent Computation Technology and Automation, ICICTA ’09, vol. 2, pp. 391-394.

BHUYAN, Monowar H.; BHATTACHARYYA, Dhruba K.; KALITA, Jugal K, AOCD: An Adaptive Outlier Based oordinated Scan Detection Approach, IJ Network Security, 2012, 14.6: 339-351.

Nguyen Viet Hung, Nguyen Van Quan, Le Thi Trang Linh, Shone Nathan, (2018), “Using Deep Learning Model for Network Scanning Detection”, ICFET '18: Proceedings of the 4th International Conference on Frontiers of Educational Technologies , [117–121].

Van Quan Nguyen; Viet Hung Nguyen; Van Loi Cao; Nhien - An Le Khac; Nathan Shone, (2020), “Clustering-Based Deep Autoencoders for Network Anomaly Detection”, Future Data and Security Engineering (pp.290-303).

Nour Moustafa, Jill Slay, (2015), “NSW-NB15 A Comprehensive Data set for Network Intrusion Detection Systems”, School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy Canberra, Australia.

Xavier Glorot, Yoshua Bengio, (2010), “Understanding the difficulty of training deep feedforward neural networks”, Journal of Machine Learning Research 9, [249-256].

Thang, N. M., & Luong, T. T. (2022). Algorithm for detecting attacks on Web applications based on machine learning methods and attributes queries. Journal of Science and Technology on Information Security, 2(14), 26-34.


Abstract views: 196 / PDF downloads: 197



How to Cite

Dung, N. T., Quân, N. V., & Hùng, N. V. (2023). Application of deep learning model in network reconnaissance attack detection. Journal of Science and Technology on Information Security, 2(16), 60-72.