NetSentry: A Deep Learning Approach to Detecting Incipient Large-scale Network Attacks

• URL: http://arxiv.org/abs/2202.09873v1
• Date: Sun, 20 Feb 2022 17:41:02 GMT
• Title: NetSentry: A Deep Learning Approach to Detecting Incipient Large-scale Network Attacks
• Authors: Haoyu Liu and Paul Patras
• Abstract summary: We show how to use Machine Learning for Network Intrusion Detection (NID) in a principled way. We propose NetSentry, perhaps the first of its kind NIDS that builds on Bi-ALSTM, an original ensemble of sequential neural models. We demonstrate F1 score gains above 33% over the state-of-the-art, as well as up to 3 times higher rates of detecting attacks such as XSS and web bruteforce.
• Score: 9.194664029847019
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Machine Learning (ML) techniques are increasingly adopted to tackle ever-evolving high-profile network attacks, including DDoS, botnet, and ransomware, due to their unique ability to extract complex patterns hidden in data streams. These approaches are however routinely validated with data collected in the same environment, and their performance degrades when deployed in different network topologies and/or applied on previously unseen traffic, as we uncover. This suggests malicious/benign behaviors are largely learned superficially and ML-based Network Intrusion Detection System (NIDS) need revisiting, to be effective in practice. In this paper we dive into the mechanics of large-scale network attacks, with a view to understanding how to use ML for Network Intrusion Detection (NID) in a principled way. We reveal that, although cyberattacks vary significantly in terms of payloads, vectors and targets, their early stages, which are critical to successful attack outcomes, share many similarities and exhibit important temporal correlations. Therefore, we treat NID as a time-sensitive task and propose NetSentry, perhaps the first of its kind NIDS that builds on Bidirectional Asymmetric LSTM (Bi-ALSTM), an original ensemble of sequential neural models, to detect network threats before they spread. We cross-evaluate NetSentry using two practical datasets, training on one and testing on the other, and demonstrate F1 score gains above 33% over the state-of-the-art, as well as up to 3 times higher rates of detecting attacks such as XSS and web bruteforce. Further, we put forward a novel data augmentation technique that boosts the generalization abilities of a broad range of supervised deep learning algorithms, leading to average F1 score gains above 35%.

Related papers

• Few Edges Are Enough: Few-Shot Network Attack Detection with Graph Neural Networks [0.0]
  This paper introduces Few Edges Are Enough (FEAE) to better distinguish between false positive anomalies and actual attacks. FEAE achieves competitive performance on two well-known network datasets.
  arXiv  Detail & Related papers  (2025-01-28T14:07:52Z)
• Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks [47.18575262588692]
  We propose a novel Multi-Space Prototypical Learning framework tailored for few-shot attack detection. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types.
  arXiv  Detail & Related papers  (2024-12-28T00:09:46Z)
• SCGNet-Stacked Convolution with Gated Recurrent Unit Network for Cyber Network Intrusion Detection and Intrusion Type Classification [0.0]
  Intrusion detection systems (IDSs) are far from being able to quickly and efficiently identify complex and varied network attacks. The SCGNet is a novel deep learning architecture that we propose in this study. It exhibits promising results on the NSL-KDD dataset in both task, network attack detection, and attack type classification with 99.76% and 98.92% accuracy, respectively.
  arXiv  Detail & Related papers  (2024-10-29T09:09:08Z)
• Redefining DDoS Attack Detection Using A Dual-Space Prototypical Network-Based Approach [38.38311259444761]
  We introduce a new deep learning-based technique for detecting DDoS attacks. We propose a new dual-space prototypical network that leverages a unique dual-space loss function. This approach capitalizes on the strengths of representation learning within the latent space.
  arXiv  Detail & Related papers  (2024-06-04T03:22:52Z)
• OMINACS: Online ML-Based IoT Network Attack Detection and Classification System [0.0]
  This paper proposes an online attack detection and network traffic classification system. It combines stream Machine Learning, Deep Learning, and Ensemble Learning technique. It can detect the presence of malicious traffic flows and classify them according to the type of attack they represent.
  arXiv  Detail & Related papers  (2023-02-18T04:06:24Z)
• DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection [2.7122540465034106]
  Intrusion detection systems (IDS) are an essential security technology for detecting these attacks. We implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our findings demonstrate that training the DRL on specific synthetic datasets can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.
  arXiv  Detail & Related papers  (2023-01-05T19:51:24Z)
• Fast and Scalable Adversarial Training of Kernel SVM via Doubly Stochastic Gradients [34.98827928892501]
  Adversarial attacks by generating examples which are almost indistinguishable from natural examples, pose a serious threat to learning models. Support vector machine (SVM) is a classical yet still important learning algorithm even in the current deep learning era. We propose adv-SVM to improve its adversarial robustness via adversarial training, which has been demonstrated to be the most promising defense techniques.
  arXiv  Detail & Related papers  (2021-07-21T08:15:32Z)
• Robust Self-Ensembling Network for Hyperspectral Image Classification [38.84831094095329]
  We propose a robust self-ensembling network (RSEN) to address this problem. The proposed RSEN consists of twoworks including a base network and an ensemble network. We show that the proposed algorithm can yield competitive performance compared with the state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-04-08T13:33:14Z)
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
  We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
  arXiv  Detail & Related papers  (2021-03-10T19:03:38Z)
• Understanding Self-supervised Learning with Dual Deep Networks [74.92916579635336]
  We propose a novel framework to understand contrastive self-supervised learning (SSL) methods that employ dual pairs of deep ReLU networks. We prove that in each SGD update of SimCLR with various loss functions, the weights at each layer are updated by a emphcovariance operator. To further study what role the covariance operator plays and which features are learned in such a process, we model data generation and augmentation processes through a emphhierarchical latent tree model (HLTM)
  arXiv  Detail & Related papers  (2020-10-01T17:51:49Z)
• Experimental Review of Neural-based approaches for Network Intrusion Management [8.727349339883094]
  We provide an experimental-based review of neural-based methods applied to intrusion detection issues. We offer a complete view of the most prominent neural-based techniques relevant to intrusion detection, including deep-based approaches or weightless neural networks. Our evaluation quantifies the value of neural networks, particularly when state-of-the-art datasets are used to train the models.
  arXiv  Detail & Related papers  (2020-09-18T18:32:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.