A Hybrid Deep Learning Anomaly Detection Framework for Intrusion Detection

Kale, Rahul; Lü, Zhi; Fok, Kar Wai; Thing, Vrizlynn L. L.

doi:10.1109/bigdatasecurityhpscids54978.2022.00034

Cited by 15 publications

(9 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Detection techniques (the data needed for analysis) are classified as knowledge-based or behaviour-based, depending on the source of the data (the audit source). To assess the performance of an IDS, the receiver operating characteristics (ROC) curve is used, which shows the probability of detection versus the likelihood of a false alarm [49]. Because of limited testbed availability and a lack of data from actual incidents, IDS research for smart manufacturing and IoT systems is in its infancy and faces many challenges.…”

Section: Dt and The Iotmentioning

confidence: 99%

A Review of Digital Twins and Their Application in Cybersecurity Based on Artificial Intelligence

Homaei,

Mogollón Gutiérrez,

Sancho Núñez

et al. 2023

Preprint

View full text Add to dashboard Cite

The potential of digital twin technology is yet to be fully realised due to its diversity and untapped potential. Digital twins enable systems’ analysis, design, optimisation, and evolution to be performed digitally or in conjunction with a cyber-physical approach to improve speed, accuracy, and efficiency over traditional engineering methods. Industry 4.0, factories of the future, and digital twins continue to benefit from the technology and provide enhanced efficiency within existing systems. Due to the lack of information and security standards associated with the transition to cyber digitisation, cybercriminals have been able to take advantage of the situation. Access to a digital twin of a product or service is equivalent to threatening the entire collection. There is a robust interaction between digital twins and artificial intelligence tools, which leads to strong interaction between these technologies, so it can be used to improve the cybersecurity of these digital platforms based on their integration with these technologies. This study aims to investigate the role of artificial intelligence in providing cybersecurity for digital twin versions of various industries, as well as the risks associated with these versions. In addition, this research serves as a road map for researchers and others interested in cybersecurity and digital security.

show abstract

Section: Dt and The Iotmentioning

confidence: 99%

A Review of Digital Twins and Their Application in Cybersecurity Based on Artificial Intelligence

Homaei,

Mogollón Gutiérrez,

Sancho Núñez

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Different algorithms were used: XGBoost [45], Decision Tree [43], random forest (RF) [46], and support vector machine (SVM) [47]. [48] used three benchmark datasets, NSL-KDD, CIC-IDS2018, and TON IoT, to offer a three-tiered DL-based technique for identifying abnormal network intrusion behaviors. The proposed framework combines K-means clustering, GANomaly, and CNN techniques.…”

Section: Related Workmentioning

confidence: 99%

An Explainable Ensemble Deep Learning Approach for Intrusion Detection in Industrial Internet of Things

Shtayat,

Hasan,

Sulaiman

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Ensuring the security of critical Industrial Internet of Things (IIoT) systems is of utmost importance, with a primary focus on identifying cyber-attacks using Intrusion Detection Systems (IDS). Deep learning (DL) techniques are frequently utilized in the anomaly detection components of IDSs. However, these models often generate high false-positive rates, and their decision-making rationale remains opaque, even to experts. Gaining insights into the reasons behind an IDS's decision to block a specific packet can aid cybersecurity professionals in assessing the system's effectiveness and creating more cyber-resilient solutions. In this paper, we offer an explainable ensemble DL-based IDS to improve the transparency and robustness of DL-based IDSs in IIoT networks. The framework incorporates Shapley additive explanations (SHAP) and Local comprehensible-independent Clarifications (LIME) methods to elucidate the decisions made by DL-based IDSs, providing valuable insights to experts responsible for maintaining IIoT network security and developing more cyber-resilient systems. The ToN_IoT dataset was used to evaluate the efficacy of the suggested framework. As a baseline intrusion detection system, the extreme learning machines (ELM) model was implemented and compared with other models. Experiments show the effectiveness of ensemble learning to improve the results. INDEX TERMS explanation AI (XAI); intrusion detection systems (IDS); SHapley Additive explanations (SHAP), Local Comprehensible Model-independent Clarifications (LIME), Ensemble Learning, CNN.

show abstract

“…Researchers in [12] presented a DL framework to build an AIDS. Specifically, this solution consists of three different stages, which are a combination of unsupervised K-means clustering, semisupervised GANomaly, and supervised learning CNN architecture.…”

Section: Existing Workmentioning

confidence: 99%

Deep Nested Clustering Auto-Encoder for Anomaly-Based Network Intrusion Detection

Nguyen,

Ngo,

Nguyen

et al. 2023

2023 RIVF International Conference on Computing and Communication Technologies (RIVF)

View full text Add to dashboard Cite

Anomaly-based intrusion detection system (AIDS) plays an increasingly important role in detecting complex, multi-stage network attacks, especially zero-day attacks. Although there have been improvements both in practical applications and the research environment, there are still many unresolved accuracy-related concerns. The two fundamental limitations that contribute to these concerns are: i) the succinct, concise, latent representation learning of the normal network data, and ii) the optimization volume of normal regions in latent space. Recent studies have suggested many ways to learn the latent representation of normal network data in a semi-supervised manner to construct AIDS. However, these approaches are still affected by the above limitations, mainly due to the inability to process high data dimensionality or ineffectively explore the underlying architecture of the data. In this paper, we propose a novel Deep Nested Clustering Auto-Encoder (DNCAE) model to thoroughly overcome the aforementioned difficulties and improve the performance of network attack detection. The proposed model consists of two nested Deep Auto-Encoders (DAE) to learn the informative and tighter data representation space. In addition, the DNCAE model integrates the clustering technique into the latent layer of the outer DAE to learn the optimal arrangement of data points in the latent space. This harmonious combination allows us to effectively deal with the limitations outlined. The performance of the proposed model is evaluated using standard datasets including NSL-KDD, UNSW-NB15, and six scenarios of CIC-IDS2017 (Tuesday, Wednesday, Thursday-Morning, Friday-Morning, Friday-Afternoon-PortScan, Friday-Afternoon DDoS). The experimental results strongly confirm that the proposed model clearly outperforms the baselines and the existing methods for network anomaly detection.

show abstract

A Hybrid Deep Learning Anomaly Detection Framework for Intrusion Detection

Cited by 15 publications

References 20 publications

A Review of Digital Twins and Their Application in Cybersecurity Based on Artificial Intelligence

A Review of Digital Twins and Their Application in Cybersecurity Based on Artificial Intelligence

An Explainable Ensemble Deep Learning Approach for Intrusion Detection in Industrial Internet of Things

Deep Nested Clustering Auto-Encoder for Anomaly-Based Network Intrusion Detection

Contact Info

Product

Resources

About