scholarly journals FCNN: An Efficient Intrusion Detection Method Based on Raw Network Traffic

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Yue Wang ◽  
Yiming Jiang ◽  
Julong Lan
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Superior Performance ◽  
Detection Accuracy ◽  
Input Unit ◽  
Learning Methods ◽  
Training Time ◽  
Machine Learning Methods ◽  
Network Intrusion

When traditional machine learning methods are applied to network intrusion detection, they need to rely on expert knowledge to extract feature vectors in advance, which incurs lack of flexibility and versatility. Recently, deep learning methods have shown superior performance compared with traditional machine learning methods. Deep learning methods can learn the raw data directly, but they are faced with expensive computing cost. To solve this problem, a preprocessing method based on multipacket input unit and compression is proposed, which takes m data packets as the input unit to maximize the retention of information and greatly compresses the raw traffic to shorten the data learning and training time. In our proposed method, the CNN network structure is optimized and the weights of some convolution layers are assigned directly by using the Gabor filter. Experimental results on the benchmark data set show that compared with the existing models, the proposed method improves the detection accuracy by 2.49% and reduces the training time by 62.1%. In addition, the experiments show that the proposed compression method has obvious advantages in detection accuracy and computational efficiency compared with the existing compression methods.

scholarly journals Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

2019 ◽  
Vol 9 (20) ◽  
pp. 4396 ◽  
Author(s):  
Hongyu Liu ◽  
Bo Lang
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Cyber Security ◽  
Detection System ◽  
Research Area ◽  
Machine Learning Algorithms ◽  
Detection Accuracy ◽  
Learning Methods ◽  
Machine Learning Methods

Networks play important roles in modern life, and cyber security has become a vital research area. An intrusion detection system (IDS) which is an important cyber security technique, monitors the state of software and hardware running in the network. Despite decades of development, existing IDSs still face challenges in improving the detection accuracy, reducing the false alarm rate and detecting unknown attacks. To solve the above problems, many researchers have focused on developing IDSs that capitalize on machine learning methods. Machine learning methods can automatically discover the essential differences between normal data and abnormal data with high accuracy. In addition, machine learning methods have strong generalizability, so they are also able to detect unknown attacks. Deep learning is a branch of machine learning, whose performance is remarkable and has become a research hotspot. This survey proposes a taxonomy of IDS that takes data objects as the main dimension to classify and summarize machine learning-based and deep learning-based IDS literature. We believe that this type of taxonomy framework is fit for cyber security researchers. The survey first clarifies the concept and taxonomy of IDSs. Then, the machine learning algorithms frequently used in IDSs, metrics, and benchmark datasets are introduced. Next, combined with the representative literature, we take the proposed taxonomic system as a baseline and explain how to solve key IDS issues with machine learning and deep learning techniques. Finally, challenges and future developments are discussed by reviewing recent representative studies.

scholarly journals Advanced machine learning methods for network intrusion detection

2019 ◽  
Author(s):  
Δημήτριος Παπαμαρτζιβάνος
Keyword(s):  
Machine Learning ◽  
Genetic Algorithms ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Decision Trees ◽  
Network Intrusion Detection ◽  
Misuse Detection ◽  
Learning Methods ◽  
Machine Learning Methods ◽  
Network Intrusion

Οι σύγχρονες υποδομές τεχνολογίας πληροφοριών και επικοινωνίας έχουν μετατραπεί χωρίς αμφιβολία σε ένα χώρο ευκαιριών για κακόβουλες οντότητες, οι οποίες απειλούν την εμπιστευτικότητα, την ακεραιότητα και διαθεσιμότητα αυτών των συστημάτων. Το συνεχώς αυξανόμενο μέγεθος και η πολυπλοκότητα των κυβερνοεπιθέσεων δεν αφήνουν περιθώρια επανάπαυσης στους αμυνόμενους. Σε αυτό το πλαίσιο, η αναζήτηση ολοκληρωμένων και ευέλικτων αμυντικών μηχανισμών και μεθόδων καθίσταται υψίστης σημασίας. Σε αυτήν την κατεύθυνση, τα συστήματα ανίχνευσης και αντιμετώπισης εισβολών αποτελούν απαραίτητες οντότητες σε ένα δίκτυο για την προστασία των συστημάτων και την παροχή ενεργειών αποκατάστασης εναντίον των επιθέσεων. Ωστόσο, τέτοιου είδους μηχανισμοί είναι απαραίτητο να υποστηρίζονται από ευφυείς μεθόδους, για να είναι σε θέση να διατηρούν υψηλή επιχειρησιακή ετοιμότητα. Σε αυτό το πλαίσιο, η παρούσα διδακτορική διατριβή εστιάζει σε προηγμένες μεθόδους μηχανικής μάθησης, οι οποίες μπορούν να προσδώσουν ωφέλιμα χαρακτηριστικά σε συστήματα ανίχνευσης και αντιμετώπισης εισβολών. Πιο συγκεκριμένα, η παρούσα διατριβή αποτελείται από τρεις άξονες: α) την παροχή βέλτιστων αντιμέτρων στο πλαίσιο μηχανισμών αντιμετώπισης εισβολών, β) την εξαγωγή αξιόπιστων κανόνων ανίχνευσης για συστήματα ανίχνευσης εισβολών κακής χρήσης (Misuse Detection IDS), και γ) την ενσωμάτωση χαρακτηριστικών αυτοπροσαρμογής σε αυτά τα συστήματα. Σχετικά με τον πρώτο άξονα, η παρούσα διατριβή παρέχει μία εκτενή ανάλυση μηχανισμών αντιμετώπισης εισβολών, οι οποίοι στοχεύουν στην παροχή βέλτιστων αντίμετρων εναντίον κυβερνοεπιθέσεων. Η ανάλυσή μας στοχεύει να εξετάσει λεπτομερώς και με κριτικό πνεύμα τις σχετικές δημοσιεύσεις του συγκεκριμένου τομέα, να εντοπίσει τις μεθόδους τεχνίτης νοημοσύνης που αυτές αξιοποιούν και να προσφέρει μία σε βάθος συζήτηση και αναλυτική σύγκριση βάσει κριτηρίων. Επιπλέον, επισημαίνονται οι ελλείψεις και οι μελλοντικές ερευνητικές προκλήσεις του συγκεκριμένου ερευνητικού πεδίου. Ορμώμενοι από το γεγονός ότι οι μηχανισμοί αντιμετώπισης επιθέσεων θα πρέπει να ενεργοποιούνται βάσει ακριβούς πρόβλεψης της φύσης των επιθέσεων, ο δεύτερος άξονας της παρούσας διατριβής εστιάζει στο σχεδιασμό και την ανάπτυξη μίας μεθοδολογίας εξαγωγής κανόνων, με την ονομασία Dendron, για συστήματα ανίχνευσης εισβολών κακής χρήσης. Συγκεκριμένα, η μεθοδολογία μας εκμεταλλεύεται Δέντρα Απόφασης( Decision Trees) και Γενετικούς Αλγορίθμους (Genetic Algorithms), με σκοπό την ανάπτυξη μεταφράσιμων και αξιόπιστων κανόνων ανίχνευσης. Το Dendron είναι ικανό να προσδιορίζει σωστά την κατηγορία στην οποία ανήκουν οι επιθέσεις, ενώ επιτυγχάνει καλύτερη απόδοση, σε σύγκριση με άλλες κλασικές τεχνικές, στις περισσότερες μετρικές κατηγοριοποίησης.Επιπρόσθετα, με σκοπό την αντιμετώπιση του σημαντικότερου μειονεκτήματος των συστημάτων ανίχνευσης κακής χρήσης, που είναι η αδυναμία προσαρμογής σε νέες δικτυακές συνθήκες, ο τρίτος άξονας της διατριβής αποσκοπεί στην ανάπτυξη μίας αυτοπροσαρμοζόμενης μεθοδολογίας, η οποία μπορεί να αναζωογονήσει μία μηχανή ανίχνευσης μέσω της αυτοματοποίησης του μηχανισμού επανεκπαίδευσής της. Λαμβάνοντας υπόψη την εκτεταμένη κλίμακα των σύγχρονων δικτύων και την πολυπλοκότητα των δικτυακών δεδομένων, το πρόβλημα της προσαρμογής υπερβαίνει κατά πολύ τις δυνατότητες διαχείρισης από έναν ειδικό ασφάλειας. Έτσι μέσω της αξιοποίησης μεθόδων Βαθιάς Μάθησης (Deep Learning), η μεθοδολογία μας μπορεί να αντιληφθεί τη φύση μίας επίθεσης βάσει γενικευμένων ανασχηματισμένων χαρακτηριστικών (generalized feature reconstructions) που προέρχονται απευθείας από το άγνωστο δικτυακό περιβάλλον και τα δικτυακά δεδομένα, από τα οποία απουσιάζει η κατηγορική ετικέτα κλάσης. Τα πειραματικά αποτελέσματα δείχνουν ότι η μεθοδολογία μας μπορεί να αναζωογονήσει ένα σύστημα ανίχνευσης εισβολών, και επιπλέον επιτυγχάνει καλύτερη απόδοση σε σχέση με κλασικές μη-ευέλικτες προσεγγίσεις.

scholarly journals Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4736
Author(s):  
Sk. Tanzir Mehedi ◽  
Adnan Anwar ◽  
Ziaur Rahman ◽  
Kawsar Ahmed
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Transfer Learning ◽  
Security Requirements ◽  
Detection Accuracy ◽  
Area Network ◽  
Complex Data ◽  
Network Intrusion

The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

scholarly journals Sequential Model Based Intrusion Detection System for IoT Servers Using Deep Learning Methods

Sensors ◽  
2021 ◽  
Vol 21 (4) ◽  
pp. 1113
Author(s):  
Ming Zhong ◽  
Yajin Zhou ◽  
Gang Chen
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Language Processing ◽  
Intrusion Detection System ◽  
Detection System ◽  
Learning Methods ◽  
Sequential Model ◽  
Machine Learning Methods ◽  
Model Based

IoT plays an important role in daily life; commands and data transfer rapidly between the servers and objects to provide services. However, cyber threats have become a critical factor, especially for IoT servers. There should be a vigorous way to protect the network infrastructures from various attacks. IDS (Intrusion Detection System) is the invisible guardian for IoT servers. Many machine learning methods have been applied in IDS. However, there is a need to improve the IDS system for both accuracy and performance. Deep learning is a promising technique that has been used in many areas, including pattern recognition, natural language processing, etc. The deep learning reveals more potential than traditional machine learning methods. In this paper, sequential model is the key point, and new methods are proposed by the features of the model. The model can collect features from the network layer via tcpdump packets and application layer via system routines. Text-CNN and GRU methods are chosen because the can treat sequential data as a language model. The advantage compared with the traditional methods is that they can extract more features from the data and the experiments show that the deep learning methods have higher F1-score. We conclude that the sequential model-based intrusion detection system using deep learning method can contribute to the security of the IoT servers.

scholarly journals Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

2021 ◽  
Author(s):  
Giovanni Apruzzese ◽  
Mauro Andreolini ◽  
Luca Ferretti ◽  
Mirco Marchetti ◽  
Michele Colajanni
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Learning Methods ◽  
Detection Systems ◽  
Machine Learning Methods ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to adversarial attacks that create tiny perturbations aimed at decreasing the effectiveness of detecting threats. We observe that existing literature assumes threat models that are inappropriate for realistic cybersecurity scenarios because they consider opponents with complete knowledge about the cyber detector or that can freely interact with the target systems. By focusing on Network Intrusion Detection Systems based on machine learning methods, we identify and model the real capabilities and circumstances that are necessary for an attacker to carry out a feasible and successful adversarial attack. We then apply our model to several adversarial attacks proposed in literature and highlight the limits and merits that can result in actual adversarial attacks. The contributions of this paper can help hardening defensive systems by letting cyber defenders address the most critical and real issues, and can benefit researchers by allowing them to devise novel forms of adversarial attacks based on realistic threat models.

scholarly journals Integrating Machine/Deep Learning Methods and Filtering Techniques for Reliable Mineral Phase Segmentation of 3D X-ray Computed Tomography Images

Energies ◽  
2021 ◽  
Vol 14 (15) ◽  
pp. 4595
Author(s):  
Parisa Asadi ◽  
Lauren E. Beckingham
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Random Forest ◽  
Ct Images ◽  
Ct Imaging ◽  
Learning Method ◽  
Learning Methods ◽  
X Ray ◽  
Machine Learning Methods ◽  
Filtering Techniques

X-ray CT imaging provides a 3D view of a sample and is a powerful tool for investigating the internal features of porous rock. Reliable phase segmentation in these images is highly necessary but, like any other digital rock imaging technique, is time-consuming, labor-intensive, and subjective. Combining 3D X-ray CT imaging with machine learning methods that can simultaneously consider several extracted features in addition to color attenuation, is a promising and powerful method for reliable phase segmentation. Machine learning-based phase segmentation of X-ray CT images enables faster data collection and interpretation than traditional methods. This study investigates the performance of several filtering techniques with three machine learning methods and a deep learning method to assess the potential for reliable feature extraction and pixel-level phase segmentation of X-ray CT images. Features were first extracted from images using well-known filters and from the second convolutional layer of the pre-trained VGG16 architecture. Then, K-means clustering, Random Forest, and Feed Forward Artificial Neural Network methods, as well as the modified U-Net model, were applied to the extracted input features. The models’ performances were then compared and contrasted to determine the influence of the machine learning method and input features on reliable phase segmentation. The results showed considering more dimensionality has promising results and all classification algorithms result in high accuracy ranging from 0.87 to 0.94. Feature-based Random Forest demonstrated the best performance among the machine learning models, with an accuracy of 0.88 for Mancos and 0.94 for Marcellus. The U-Net model with the linear combination of focal and dice loss also performed well with an accuracy of 0.91 and 0.93 for Mancos and Marcellus, respectively. In general, considering more features provided promising and reliable segmentation results that are valuable for analyzing the composition of dense samples, such as shales, which are significant unconventional reservoirs in oil recovery.

Sign in / Sign up

Export Citation Format

Share Document