Mohammad Kazim Hooshmand,Doreswamy Hosahalli

DOI: https://doi.org/10.1049/cit2.12078

IF: 7.985

2022-01-31

CAAI Transactions on Intelligence Technology

Abstract:Convolutional neural networks (CNNs) are the specific architecture of feed‐forward artificial neural networks. It is the de‐facto standard for various operations in machine learning and computer vision. To transform this performance towards the task of network anomaly detection in cyber‐security, this study proposes a model using one‐dimensional CNN architecture. The authors' approach divides network traffic data into transmission control protocol (TCP), user datagram protocol (UDP), and OTHER protocol categories in the first phase, then each category is treated independently. Before training the model, feature selection is performed using the Chi‐square technique, and then, over‐sampling is conducted using the synthetic minority over‐sampling technique to tackle a class imbalance problem. The authors' method yields the weighted average f‐score 0.85, 0.97, 0.86, and 0.78 for TCP, UDP, OTHER, and ALL categories, respectively. The model is tested on the UNSW‐NB15 dataset.

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.1109/ISNCC49221.2020.9297358

2020-01-01

Abstract: With the rapid technological advancements, organizations need to rapidly scale up their information technology (IT) infrastructure viz. hardware, software, and services, at a low cost. However, the dynamic growth in the network services and applications creates security vulnerabilities and new risks that can be exploited by various attacks. For example, User to Root (U2R) and Remote to Local (R2L) attack categories can cause a significant damage and paralyze the entire network system. Such attacks are not easy to detect due to the high degree of similarity to normal traffic. While network anomaly detection systems are being widely used to classify and detect malicious traffic, there are many challenges to discover and identify the minority attacks in imbalanced datasets. In this paper, we provide a detailed and systematic analysis of the existing Machine Learning (ML) approaches that can tackle most of these attacks. Furthermore, we propose a Deep Learning (DL) based framework using Long Short Term Memory (LSTM) autoencoder that can accurately detect malicious traffics in network traffic. We perform our experiments in a publicly available dataset of Intrusion Detection Systems (IDSs). We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our method provides great confidence in securing these networks from malicious traffic.

Konstantina Fotiadou,Terpsichori-Helen Velivassaki,Artemis Voulkidis,Dimitrios Skias,Sofia Tsekeridou,Theodore Zahariadis

DOI: https://doi.org/10.3390/info12050215

2021-05-19

Information

Abstract:Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Amrik Singh -,Sukhpreet Singh -,Mohammad Nazmul Alam -,Gurpreet Singh -

DOI: https://doi.org/10.36948/ijfmr.2024.v06i04.24601

2024-07-14

International Journal For Multidisciplinary Research

Abstract:The proliferation of Internet of Things (IoT) devices has revolutionized various sectors by enabling real-time data collection and processing, leading to unprecedented levels of efficiency and convenience. However, this increased connectivity and data flow also introduce significant security risks, particularly in the realm of anomaly detection. This study delves into the use of deep learning techniques for identifying abnormalities in IoT systems, providing a thorough analysis of state-of-the-art methods, assessing their effectiveness across different IoT scenarios, and exploring future research directions. We review current deep learning-based anomaly detection techniques, examine their applications in real-world settings, and discuss potential improvements and innovations. By synthesizing the latest research and developments, this paper aims to offer a comprehensive understanding of how deep learning can bolster the security and performance of IoT systems. Our findings highlight the importance of robust anomaly detection mechanisms in safeguarding IoT networks and underscore the need for continued advancements in this area. Through this study, we seek to contribute valuable insights into the application of deep learning for enhancing IoT system security and reliability, ultimately supporting the sustainable growth and integration of IoT technologies across various domains.

Isra Al-Turaiki,Najwa Altwaijry

DOI: https://doi.org/10.1089/big.2020.0263

IF: 4.426

2021-06-01

Big Data

Abstract:Cybersecurity protects and recovers computer systems and networks from cyber attacks. The importance of cybersecurity is growing commensurately with people's increasing reliance on technology. An anomaly detection-based network intrusion detection system is essential to any security framework within a computer network. In this article, we propose two models based on deep learning to address the binary and multiclass classification of network attacks. We use a convolutional neural network architecture for our models. In addition, a hybrid two-step preprocessing approach is proposed to generate meaningful features. The proposed approach combines dimensionality reduction and feature engineering using deep feature synthesis. The performance of our models is evaluated using two benchmark data sets, namely the network security laboratory-knowledge discovery in databases data set and the University of New South Wales Network Based 2015 data set. The performance is compared with similar deep learning approaches in the literature, as well as state-of-the-art classification models. Experimental results show that our models achieve good performance in terms of accuracy and recall, outperforming similar models in the literature.

computer science, theory & methods, interdisciplinary applications

Rahul Kale,Zhi Lu,Kar Wai Fok,Vrizlynn L. L. Thing

DOI: https://doi.org/10.48550/arXiv.2212.00966

2022-12-02

Cryptography and Security

Abstract:Cyber intrusion attacks that compromise the users' critical and sensitive data are escalating in volume and intensity, especially with the growing connections between our daily life and the Internet. The large volume and high complexity of such intrusion attacks have impeded the effectiveness of most traditional defence techniques. While at the same time, the remarkable performance of the machine learning methods, especially deep learning, in computer vision, had garnered research interests from the cyber security community to further enhance and automate intrusion detections. However, the expensive data labeling and limitation of anomalous data make it challenging to train an intrusion detector in a fully supervised manner. Therefore, intrusion detection based on unsupervised anomaly detection is an important feature too. In this paper, we propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.

Salwa Elsayed,Khalil Mohamed,Mohamed Ashraf Madkour

DOI: https://doi.org/10.1109/access.2024.3389096

IF: 3.9

2024-05-03

IEEE Access

Abstract:This study introduces a deep learning approach for network intrusion detection (NIDS), which excels in both binary and multi-classification tasks. This approach combines the strengths of six distinct deep learning algorithms: DNN, CNN, RNN, LSTM, GRU, and a Hybrid CNN-LSTM architecture. The NSL-KDD dataset, a widely recognized benchmark for intrusion detection research, was utilized for implementation and evaluation. In binary classification, the approach demonstrates exceptional capabilities, with the GRU approach outperforming others. Similarly, the DNN, LSTM, CNN, and RNN approaches exhibit robust performance, showcasing their efficacy in detecting anomalies within network data. In the multi-classification setting, the DNN approach stands out with outstanding performance. While other approaches, including RNN, CNN, LSTM, GRU, and the Hybrid CNN-LSTM approach, also maintain commendable results, the DNN approach proves to be the most effective in handling complex network patterns. This research provides valuable insights into the application of deep learning approaches using the NSL-KDD dataset for network anomaly detection, emphasizing their versatility and reliability across different classification scenarios. The findings lay the groundwork for further exploration and utilization of deep learning methodologies in enhancing network security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Emad Hmood Salman,Montadar Abas Taher,Yousif I Hammadi,Omar Abdulkareem Mahmood,Ammar Muthanna,Andrey Koucheryavy

DOI: https://doi.org/10.3390/s23010206

2022-12-25

Abstract:Telecommunication networks are growing exponentially due to their significant role in civilization and industry. As a result of this very significant role, diverse applications have been appeared, which require secured links for data transmission. However, Internet-of-Things (IoT) devices are a substantial field that utilizes the wireless communication infrastructure. However, the IoT, besides the diversity of communications, are more vulnerable to attacks due to the physical distribution in real world. Attackers may prevent the services from running or even forward all of the critical data across the network. That is, an Intrusion Detection System (IDS) has to be integrated into the communication networks. In the literature, there are numerous methodologies to implement the IDSs. In this paper, two distinct models are proposed. In the first model, a custom Convolutional Neural Network (CNN) was constructed and combined with Long Short Term Memory (LSTM) deep network layers. The second model was built about the all fully connected layers (dense layers) to construct an Artificial Neural Network (ANN). Thus, the second model, which is a custom of an ANN layers with various dimensions, is proposed. Results were outstanding a compared to the Logistic Regression algorithm (LR), where an accuracy of 97.01% was obtained in the second model and 96.08% in the first model, compared to the LR algorithm, which showed an accuracy of 92.8%.

Yang Qin,Junjie Wei,Weihong Yang

DOI: https://doi.org/10.23919/apnoms.2019.8892873

2019-01-01

Abstract:Software Defined Networking (SDN) has attracted more and more attention due to its prominent features that are different from the traditional network. SDN is programmable through which controller can modify the rules in the switch. However, security was not considered in its initial design, and many manufacturers no longer support Transport Layer Security (TLS) due to the cost. Although many machine learning based approaches have been implemented in SDN, they all need features that experts extract from original data. However, the manual extraction increases the level of human interaction and decreases detection accurate. This paper presents a malicious network traffic classification method based on Convolutional Neural Network (CNN) and Recurrent Neural Network (RNN) to address these concerns. Our proposed method is implemented in Graphic Process Unit (GPU) enabled TensorFlow. We evaluated our proposal on three datasets. The results demonstrate that our proposal achieves improvements in term of detection accuracy and stability over existing approaches and strong potential for user in SDN security.

Ömer KASIM

DOI: https://doi.org/10.1016/j.comnet.2020.107390

IF: 5.493

2020-10-01

Computer Networks

Abstract:<p>The number of devices connected to the Internet is increasing day by day. This increase causes cyber-attacks to be larger and more complex. It is important to sdetect the anomalies rapidly when there is a cyber-attack. In detecting anomalies, high false positive rate is obtained by using feature extraction based on statistical calculations and machine learning algorithms. In proposed approach, the measured values obtained from the network are normalized between 0 and 1. These values applied to autoencoder model trained with optimum hyper parameters. This model contributes to feature learning and dimensional reduction. Support vector machines effectively differentiate between normal and DDOS attack traffic by using these features. The CICIDS dataset and virtually generated DDOS traffic are used to validate the proposed approach and measure its performance. The results show that the proposed approach speeds up training and testing times and performs better classification performance metrics than most previous approaches. The novelty of the study is that AE-SVM trained with CICIDS successfully captures virtually generated DDOS traffic data. Despite the unbalanced data set, 99.1% test success was achieved in detection of DDOS ​​traffic which is produced with Kali Linux. This success contributed to the solution of the high false-positive problem compared to other models.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Vibekananda Dutta,Michał Choraś,Marek Pawlicki,Rafał Kozik

DOI: https://doi.org/10.3390/s20164583

2020-08-15

Abstract:Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection.

Jordan Lam,Robert Abbas

DOI: https://doi.org/10.48550/arXiv.2003.03474

2020-03-07

Abstract:Protecting the networks of tomorrow is set to be a challenging domain due to increasing cyber security threats and widening attack surfaces created by the Internet of Things (IoT), increased network heterogeneity, increased use of virtualisation technologies and distributed architectures. This paper proposes SDS (Software Defined Security) as a means to provide an automated, flexible and scalable network defence system. SDS will harness current advances in machine learning to design a CNN (Convolutional Neural Network) using NAS (Neural Architecture Search) to detect anomalous network traffic. SDS can be applied to an intrusion detection system to create a more proactive and end-to-end defence for a 5G network. To test this assumption, normal and anomalous network flows from a simulated environment have been collected and analyzed with a CNN. The results from this method are promising as the model has identified benign traffic with a 100% accuracy rate and anomalous traffic with a 96.4% detection rate. This demonstrates the effectiveness of network flow analysis for a variety of common malicious attacks and also provides a viable option for detection of encrypted malicious network traffic.

Cryptography and Security,Machine Learning

Jun Li,Noel B. Linsangan,Huiguo Dong

DOI: https://doi.org/10.62677/ijetaa.2407123

2024-08-25

Abstract:This paper proposes an intelligent solution for network traffic prediction and anomaly detection in campus networks, addressing the increasingly severe network security challenges. The proposed approach innovatively integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory networks (LSTM) to simultaneously extract local features and capture dynamic temporal dependencies of network traffic, significantly improving prediction accuracy. Based on this, an adaptive threshold anomaly detection algorithm is designed to automatically adjust detection sensitivity according to traffic variations, achieving a better balance between accuracy and recall rates. Additionally, an anomaly visualization scheme is presented, intuitively displaying the spatiotemporal distribution of network anomalies through heatmaps, assisting administrators in decision-making. Large-scale experiments demonstrate that this approach can effectively identify various security threats such as DDoS attacks, scanning probes, and botnets, with an overall detection rate exceeding 90% while maintaining a low false positive rate. Compared to traditional statistical and machine learning methods, the proposed approach exhibits stronger adaptability and generalization capabilities, providing crucial support for building an intelligent, precise, and reliable campus network security protection system. Future work will focus on further improving the real-time performance and robustness of the solution, expanding its application in new network scenarios such as IoT and edge computing.

Tamilselvan Arjunan

DOI: https://doi.org/10.22214/ijraset.2024.58946

2024-03-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In light of the increasing sophistication of cyberattacks and the rapid growth in network traffic, it is essential to detect network traffic anomalies or intrusions as they occur. Manual inspection is inefficient due to the large volume, speed, and variety network traffic data. This paper suggests using deep learning techniques in order to build intelligent models which can detect network traffic anomalies automatically within big data environments. We present a framework for anomaly detection using long-short-term memory models (LSTM) and convolutional neural network (CNN). The models are based on data extracted from packet captures. The models are evaluated on benchmark intrusion datasets as well as a large scale real network traffic dataset. The results show that deep learning models are able to detect anomalies more effectively than traditional shallow learning methods. Models can handle high-volume streaming data with low latency and in real time. To improve detection efficiency, we also propose optimization methods such as model compression and transfer learning. This work shows the effectiveness of deep learning for real-time anomaly detection within big data environments

Donghwoon Kwon,Hyunjoo Kim,Jinoh Kim,Sang C. Suh,Ikkyun Kim,Kuinam J. Kim

DOI: https://doi.org/10.1007/s10586-017-1117-8

2017-09-27

Cluster Computing

Abstract:A great deal of attention has been given to deep learning over the past several years, and new deep learning techniques are emerging with improved functionality. Many computer and network applications actively utilize such deep learning algorithms and report enhanced performance through them. In this study, we present an overview of deep learning methodologies, including restricted Bolzmann machine-based deep belief network, deep neural network, and recurrent neural network, as well as the machine learning techniques relevant to network anomaly detection. In addition, this article introduces the latest work that employed deep learning techniques with the focus on network anomaly detection through the extensive literature survey. We also discuss our local experiments showing the feasibility of the deep learning approach to network traffic analysis.

Dr. Uma Maheswari,Dr. R. Venkatesh

DOI: https://doi.org/10.17762/ITII.V9I2.419

2021-03-31

INFORMATION TECHNOLOGY IN INDUSTRY

Abstract:Deep learning based intrusion detection cyber security methods gained increased popularity. The essential element to provide protection to the ICT infrastructure is the intrusion detection systems (IDSs). Intelligent solutions are necessary to control the complexity and increase in the new attack types. The intelligent system (DL/ML) has been widely used with its benefits to effectively deal with complex and great dimensional data. The IDS has various attack types like known, unknown, zero day attacks are attractive to and detected using unsupervised machine learning techniques. A novel methodology has been proposed that combines the benefits of Isolation forest (One Class) Support Vector Machine (OCSVM) with active learning method to detect threats without any prior knowledge. The NSL-KDD dataset has been used to evaluate the various DL methods with active learning method. The results show that this method performs better than other techniques. The design methodology inspires the efforts to emerging anomaly detection.

Engineering,Computer Science

Asma Alfardus,Danda B. Rawat

DOI: https://doi.org/10.3390/electronics13101962

IF: 2.9

2024-05-17

Electronics

Abstract:In-vehicle networks (IVNs) are networks that allow communication between different electronic components in a vehicle, such as infotainment systems, sensors, and control units. As these networks become more complex and interconnected, they become more vulnerable to cyber-attacks that can compromise safety and privacy. Anomaly detection is an important tool for detecting potential threats and preventing cyber-attacks in IVNs. The proposed machine learning-based anomaly detection technique uses deep learning and feature engineering to identify anomalous behavior in real-time. Feature engineering involves selecting and extracting relevant features from the data that are useful for detecting anomalies. Deep learning involves using neural networks to learn complex patterns and relationships in the data. Our experiments show that the proposed technique have achieved high accuracy in detecting anomalies and outperforms existing state-of-the-art methods. This technique can be used to enhance the security of IVNs and prevent cyber-attacks that can have serious consequences for drivers and passengers.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.1145/3416013.3426457

2020-01-01

Abstract:Anomaly detection aims to discover patterns in data that do not conform to the expected normal behaviour. One of the significant issues for anomaly detection techniques is the availability of labeled data for training/validation of models. In this paper, we proposed a hyper approach based on Long Short Term Memory (LSTM) autoencoder and One-class Support Vector Machine (OC-SVM) to detect anomalies based attacks in an unbalanced dataset, by training the models using only examples of normal classes. The LSTM-autoencoder is trained to learn the normal traffic pattern and to learn the compressed representation of the input data (i.e. latent features) and then feed it to an OC-SVM approach. The hybrid model overcomes the shortcomings of the separate OC-SVM, in which its low capability to operate with massive and high-dimensional datasets. Additionally, we perform our experiments using the most recent dataset (InSDN) of Intrusion Detection Systems (IDSs) for SDN environments. The experimental results show that the proposed model provides higher detection rate and reduces the processing time significantly. Hence, our method provides great confidence in securing SDN networks from malicious traffic.