A Content-Based Deep Intrusion Detection System
- URL: http://arxiv.org/abs/2001.05009v2
- Date: Mon, 16 Aug 2021 18:49:06 GMT
- Title: A Content-Based Deep Intrusion Detection System
- Authors: Mahdi Soltani, Mahdi Jafari Siavoshani, Amir Hossein Jahangir
- Abstract summary: We propose a framework, called deep intrusion detection (DID) system, that uses the pure content of traffic flows in addition to traffic metadata.
To this end, we deploy and evaluate an offline IDS following the framework using LSTM as a deep learning technique.
- Score: 12.590415345079995
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The growing number of Internet users and the prevalence of web applications
make it necessary to deal with very complex software and applications in the
network. This results in an increasing number of new vulnerabilities in the
systems, and leading to an increase in cyber threats and, in particular,
zero-day attacks. The cost of generating appropriate signatures for these
attacks is a potential motive for using machine learning-based methodologies.
Although there are many studies on using learning-based methods for attack
detection, they generally use extracted features and overlook raw contents.
This approach can lessen the performance of detection systems against
content-based attacks like SQL injection, Cross-site Scripting (XSS), and
various viruses.
In this work, we propose a framework, called deep intrusion detection (DID)
system, that uses the pure content of traffic flows in addition to traffic
metadata in the learning and detection phases of a passive DNN IDS. To this
end, we deploy and evaluate an offline IDS following the framework using LSTM
as a deep learning technique. Due to the inherent nature of deep learning, it
can process high dimensional data content and, accordingly, discover the
sophisticated relations between the auto extracted features of the traffic. To
evaluate the proposed DID system, we use the CIC-IDS2017 and CSE-CIC-IDS2018
datasets. The evaluation metrics, such as precision and recall, reach $0.992$
and $0.998$ on CIC-IDS2017, and $0.933$ and $0.923$ on CSE-CIC-IDS2018
respectively, which show the high performance of the proposed DID method.
Related papers
- Preliminary study on artificial intelligence methods for cybersecurity threat detection in computer networks based on raw data packets [34.82692226532414]
In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic.
We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models.
arXiv Detail & Related papers (2024-07-24T15:04:00Z) - A Transformer-Based Framework for Payload Malware Detection and Classification [0.0]
Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets.
In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic.
arXiv Detail & Related papers (2024-03-27T03:25:45Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - A near-autonomous and incremental intrusion detection system through active learning of known and unknown attacks [2.686686221415684]
Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled.
We present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks.
arXiv Detail & Related papers (2023-10-26T14:37:54Z) - Performance evaluation of Machine learning algorithms for Intrusion Detection System [0.40964539027092917]
This paper focuses on intrusion detection systems (IDSs) analysis using Machine Learning (ML) techniques.
We analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models.
arXiv Detail & Related papers (2023-10-01T06:35:37Z) - Online Self-Supervised Deep Learning for Intrusion Detection Systems [1.2952596966415793]
This paper proposes a novel Self-Supervised Intrusion Detection (SSID) framework, which enables a fully online Deep Learning (DL) based Intrusion Detection System (IDS)
The proposed framework analyzes and labels incoming traffic packets based only on the decisions of the IDS itself.
This approach avoids human errors in data labeling, and human labor and computational costs of model training and data collection.
arXiv Detail & Related papers (2023-06-22T16:46:35Z) - Learned Systems Security [30.39158287782567]
A learned system uses machine learning (ML) internally to improve performance.
We can expect such systems to be vulnerable to some adversarial-ML attacks.
We develop a framework for identifying vulnerabilities that stem from the use of ML.
arXiv Detail & Related papers (2022-12-20T15:09:30Z) - Few-Shot Specific Emitter Identification via Deep Metric Ensemble
Learning [26.581059299453663]
We propose a novel FS-SEI for aircraft identification via automatic dependent surveillance-broadcast (ADS-B) signals.
Specifically, the proposed method consists of feature embedding and classification.
Simulation results show that if the number of samples per category is more than 5, the average accuracy of our proposed method is higher than 98%.
arXiv Detail & Related papers (2022-07-14T01:09:22Z) - An Adaptable Deep Learning-Based Intrusion Detection System to Zero-Day
Attacks [4.607145155913717]
Intrusion detection system (IDS) is essential element of security monitoring in computer networks.
Main challenge of an IDS is facing new (i.e., zero-day) attacks and separating them from benign traffic and existing types of attacks.
In this paper, we propose a framework for deep learning-based IDSes addressing new attacks.
arXiv Detail & Related papers (2021-08-20T14:41:28Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - Automated Identification of Vulnerable Devices in Networks using Traffic
Data and Deep Learning [30.536369182792516]
Device-type identification combined with data from vulnerability databases can pinpoint vulnerable IoT devices in a network.
We present and evaluate two deep learning approaches to the reliable IoT device-type identification.
arXiv Detail & Related papers (2021-02-16T14:49:34Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.