Related papers: Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques

Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques

URL: http://arxiv.org/abs/2309.12720v1
Date: Fri, 22 Sep 2023 09:08:43 GMT
Title: Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques
Authors: Filippo Sobrero, Beatrice Clavarezza, Daniele Ucci, Federica Bisio,
Abstract summary: We present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies. Results show 97.1% overall accuracy and an F1-score equals to 95.6%.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In the very last years, cybersecurity attacks have increased at an unprecedented pace, becoming ever more sophisticated and costly. Their impact has involved both private/public companies and critical infrastructures. At the same time, due to the COVID-19 pandemic, the security perimeters of many organizations expanded, causing an increase of the attack surface exploitable by threat actors through malware and phishing attacks. Given these factors, it is of primary importance to monitor the security perimeter and the events occurring in the monitored network, according to a tested security strategy of detection and response. In this paper, we present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques. Indeed, tunneling attacks allow malicious actors to maximize the time in which their activity remains undetected. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies, by combining machine learning and deep learning. The proposed module can be embedded in any network security monitoring platform able to provide network flow information along with its metadata. The detection capabilities of the implemented prototype have been tested both on benign and malicious datasets. Results show 97.1% overall accuracy and an F1-score equals to 95.6%.

Related papers

Federated Learning for Zero-Day Attack Detection in 5G and Beyond V2X Networks [9.86830550255822]
Connected and Automated Vehicles (CAVs) on top of 5G and Beyond networks (5GB) make them vulnerable to increasing vectors of security and privacy attacks. We propose in this paper a novel detection mechanism that leverages the ability of the deep auto-encoder method to detect attacks relying only on the benign network traffic pattern. Using federated learning, the proposed intrusion detection system can be trained with large and diverse benign network traffic, while preserving the CAVs privacy, and minimizing the communication overhead.
arXiv Detail & Related papers (2024-07-03T12:42:31Z)
A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks [0.4077787659104315]
We present an assessment framework that allows for reproducible, comparable, and rapid evaluation of anomaly detection algorithms. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types.
arXiv Detail & Related papers (2024-05-02T14:29:42Z)
An anomaly detection approach for backdoored neural networks: face recognition as a case study [77.92020418343022]
We propose a novel backdoored network detection method based on the principle of anomaly detection. We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
arXiv Detail & Related papers (2022-08-22T12:14:13Z)
Early Detection of Network Attacks Using Deep Learning [0.0]
A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. We propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack.
arXiv Detail & Related papers (2022-01-27T16:35:37Z)
Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT [2.309914459672557]
A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks.
arXiv Detail & Related papers (2021-09-06T15:30:10Z)
CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
We propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
arXiv Detail & Related papers (2021-06-15T06:12:33Z)
TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z)
No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
arXiv Detail & Related papers (2020-12-07T11:02:44Z)
Defending Water Treatment Networks: Exploiting Spatio-temporal Effects for Cyber Attack Detection [46.67179436529369]
Water Treatment Networks (WTNs) are critical infrastructures for local communities and public health, WTNs are vulnerable to cyber attacks. We propose a structured anomaly detection framework to defend WTNs by modeling thetemporal characteristics of cyber attacks in WTNs.
arXiv Detail & Related papers (2020-08-26T15:56:55Z)
Firearm Detection and Segmentation Using an Ensemble of Semantic Neural Networks [62.997667081978825]
We present a weapon detection system based on an ensemble of semantic Convolutional Neural Networks. A set of simpler neural networks dedicated to specific tasks requires less computational resources and can be trained in parallel. The overall output of the system given by the aggregation of the outputs of individual networks can be tuned by a user to trade-off false positives and false negatives.
arXiv Detail & Related papers (2020-02-11T13:58:16Z)
Pelican: A Deep Residual Network for Network Intrusion Detection [7.562843347215287]
We propose a deep neural network, Pelican, that is built upon specially-designed residual blocks. Pelican can achieve a high attack detection performance while keeping a much low false alarm rate.
arXiv Detail & Related papers (2020-01-19T05:07:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.