AutoEncoder Based Feature Extraction for Multi-Malicious Traffic Classification

Yeom, Sungwoong; Choi, Chul Yung; Kim, Kyungbaek

doi:10.1145/3426020.3426093

Cited by 5 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, ANN-based IDS may recognise novel attacks that share properties with previous assaults, as its decision-making processes are generalised from the characteristics of all known attacks. Nevertheless, signature-based IDS will not pick up on novel threats since it cannot learn to recognise them [8,9].…”

Section: Organizationmentioning

confidence: 99%

A Novel Eccentric Intrusion Detection Model Based on Recurrent Neural Networks with Leveraging LSTM

Muthunambu,

Prabakaran,

Kavin

et al. 2024

CMC

View full text Add to dashboard Cite

The extensive utilization of the Internet in everyday life can be attributed to the substantial accessibility of online services and the growing significance of the data transmitted via the Internet. Regrettably, this development has expanded the potential targets that hackers might exploit. Without adequate safeguards, data transmitted on the internet is significantly more susceptible to unauthorized access, theft, or alteration. The identification of unauthorised access attempts is a critical component of cybersecurity as it aids in the detection and prevention of malicious attacks. This research paper introduces a novel intrusion detection framework that utilizes Recurrent Neural Networks (RNN) integrated with Long Short-Term Memory (LSTM) units. The proposed model can identify various types of cyberattacks, including conventional and distinctive forms. Recurrent networks, a specific kind of feedforward neural networks, possess an intrinsic memory component. Recurrent Neural Networks (RNNs) incorporating Long Short-Term Memory (LSTM) mechanisms have demonstrated greater capabilities in retaining and utilizing data dependencies over extended periods. Metrics such as data types, training duration, accuracy, number of false positives, and number of false negatives are among the parameters employed to assess the effectiveness of these models in identifying both common and unusual cyberattacks. RNNs are utilised in conjunction with LSTM to support human analysts in identifying possible intrusion events, hence enhancing their decision-making capabilities. A potential solution to address the limitations of Shallow learning is the introduction of the Eccentric Intrusion Detection Model. This model utilises Recurrent Neural Networks, specifically exploiting LSTM techniques. The proposed model achieves detection accuracy (99.5%), generalisation (99%), and falsepositive rate (0.72%), the parameters findings reveal that it is superior to state-of-the-art techniques.

show abstract

Section: Organizationmentioning

confidence: 99%

A Novel Eccentric Intrusion Detection Model Based on Recurrent Neural Networks with Leveraging LSTM

Muthunambu,

Prabakaran,

Kavin

et al. 2024

CMC

View full text Add to dashboard Cite

show abstract

“…(1) all of the available features, (2) a manually selected feature subset which is comprised of the 'immediate suspects,' namely octet delta count, avg packet size, flow duration milliseconds, same dest ip count pool, and same dest port count pool (see Appendix A for feature descriptions), (3) a PCA transformation of the original features, and (4) the hidden layer of the AE underlying F ilter m 1 , as in [82] and [83]. 5) In F ilter m 2 , the distance of a flow f from the cluster to which it is assigned is used as a measure of abnormality.…”

Section: E Hyperparameter Tuningmentioning

confidence: 99%

CADeSH: Collaborative Anomaly Detection for Smart Homes

Avraham

Libhaber

Shabtai

2023

IEEE Internet Things J.

View full text Add to dashboard Cite

Although home IoT (Internet of Things) devices are typically plain and task oriented, the context of their daily use may affect their traffic patterns. That is, a given IoT device will probably not generate the exact same traffic data when operated by different people in different environments and when connected to different networks with different topologies and communication components. For this reason, anomaly-based intrusion detection systems tend to suffer from a high false positive rate (FPR). To overcome this, we propose a two-step collaborative anomaly detection method which first uses an autoencoder to differentiate frequent ('benign') and infrequent (possibly 'malicious') traffic flows. Clustering is then used to analyze only the infrequent flows and classify them as either known ('rare yet benign') or unknown ('malicious'). Our method is collaborative, in that (1) normal behaviors are characterized more robustly, as they take into account a variety of user interactions and network topologies, and (2) several features are computed based on a pool of identical devices rather than just the inspected device.We evaluated our method empirically, using 21 days of real-world traffic data that emanated from eight identical IoT devices deployed on various networks, one of which was located in our controlled lab where we implemented two popular IoT-related cyber-attacks. Our collaborative anomaly detection method achieved a macro-average area under the precision-recall curve of 0.841, an F1 score of 0.929, and an FPR of only 0.014. These promising results were obtained by using labeled traffic data from our lab as the test set, while training the models on the traffic of devices deployed outside the lab, and thus demonstrate a high level of generalizability. In addition to its high generalizability and promising performance, our proposed method also offers benefits such as privacy preservation, resource savings, and model poisoning mitigation. On top of that, as a contribution to the scientific community, our novel dataset is available online.

show abstract

“…After a simulation, all the deep learning models assessed, except for MLP, have outperformed machine learning models like SVM, Bavaria, and Random Forest. To evaluate the performance of Naive Bayes, SVM, and C NN-based classifier have used the CICIDS2017 dataset" [10]. The study focused on the binary classification performance of the model in the dataset for each attack class.…”

Section: Review Workmentioning

confidence: 99%

“…"This article presents an IDS based on the Convolutional Neural Network architecture. Unlike other previously recommended CNN IDS which focus on a class or a subset of classes" [9][10][11], it is good to identify unique and well-known methods of attack on the dataset in multiclass classification. Moreover, compared with the advanced, multiclass-based CNN IDS like that of Potluri for classifying the dataset of UNSW-NB15 [12].…”

Section: Introductionmentioning

confidence: 99%

Cyber Security Intruder Detection Using Deep Learning Approach

Islam

Rahman

Jabiullah

et al. 2022

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Intrusion detection systems (IDS) are among the most promising approaches for securing data and networks; through the years, numerous categorization algorithms have been utilized in IDS. In recent years, as the alarming increase in computer connectivity and the substantial number of applications associated with computer technology have increased, the challenge of cyber security is constantly rising. A proper system of protection for numerous cyber-attacks is also required. This is how incoherence and attacks in a computer network are detected and IDS developed, which could play a possible role in cyber security. The authors used the CICIDS2017 dataset to meet this objective. It is the 2017 set of the Canadian Cyber Security Institute. The authors propose an IDS based on the deep learning technique to increase safety. The purpose was to use a neural network classifier to predict the network and web attacks.

show abstract

AutoEncoder Based Feature Extraction for Multi-Malicious Traffic Classification

Cited by 5 publications

References 6 publications

A Novel Eccentric Intrusion Detection Model Based on Recurrent Neural Networks with Leveraging LSTM

A Novel Eccentric Intrusion Detection Model Based on Recurrent Neural Networks with Leveraging LSTM

CADeSH: Collaborative Anomaly Detection for Smart Homes

Cyber Security Intruder Detection Using Deep Learning Approach

Contact Info

Product

Resources

About