Deep packet inspection for intelligent intrusion detection in software-defined industrial networks: A proof of concept

Sainz, Markel; Garitano, Iñaki; Iturbe, Mikel; Zurutuza, Urko

doi:10.1093/jigpal/jzz060

Cited by 10 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DPI techniques are widely used in IDS applications created to ensure network security in SDN. In addition to the studies that present the systems created by applying DPI engines that perform signature detection on SDN controllers [181][182][183], there are also some studies supported by an anomaly-based IDS to determine unknown or zero-day attacks such as the studies numbered [13] and [184]. In the study numbered [13], which points to the use of the DPI technique as a security solution for smart grids, a SDN-based security monitoring framework by using a hybrid model of the DL approach and DPI technique is presented.…”

Section: Sdn Security With Dpimentioning

confidence: 99%

Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar

Çelebi

ÖZBİLEN

Yavanoğlu

2022

NÖHÜ Müh. Bilim. Derg.

View full text Add to dashboard Cite

Deep Packet Inspection (DPI) provides full visibility into network traffic by performing detailed analysis on both packet header and packet payload. Accordingly, DPI has critical importance as it can be used in applications i.e network security or government surveillance. In this paper, we provide an extensive survey on DPI. Different from the previous studies, we try to efficiently integrate DPI techniques into network analysis mechanisms by identifying performance-limiting parameters in the analysis of modern network traffic. Analysis of the network traffic model with complex behaviors is carried out with powerful hybrid systems by combining more than one technique. Therefore, DPI methods are studied together with other techniques used in the analysis of network traffic. Security applications of DPI on Internet of Things (IoT) and Software-Defined Networking (SDN) architectures are discussed and Intrusion Detection Systems (IDS) mechanisms, in which the DPI is applied as a component of the hybrid system, are examined. In addition, methods that perform inspection of encrypted network traffic are emphasized and these methods are evaluated from the point of security, performance and functionality. Future research issues are also discussed taking into account the implementation challenges for all DPI processes.

show abstract

Section: Sdn Security With Dpimentioning

confidence: 99%

Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar

Çelebi

ÖZBİLEN

Yavanoğlu

2022

NÖHÜ Müh. Bilim. Derg.

View full text Add to dashboard Cite

show abstract

“…Te traditional port-based approaches are no longer reliable in increasingly complex network environments. Te approaches based on deep packet inspection technology [2,3] are not suitable for encrypted trafc. Te approaches based on traditional machine learning learn specifed features from a large amount of training data, which can achieve highprecision classifcation.…”

Section: Introductionmentioning

confidence: 99%

A Few-Shot Malicious Encrypted Traffic Detection Approach Based on Model-Agnostic Meta-Learning

Wang

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

Existing malicious encrypted traffic detection approaches need to be trained with many samples to achieve effective detection of a specified class of encrypted traffic data. With the rapid development of encryption technology, various new types of encrypted traffic are emerging and difficult to label. Therefore, it is an urgent problem to train a deep learning model using only a small number of samples to detect new classes of malicious encrypted traffic. This paper proposes a few-shot malicious encrypted traffic detection (FMETD) approach based on model-agnostic meta-learning (MAML), integrating feature selection and classification into an end-to-end framework. The FMETD approach first converts the raw traffic data into two-dimensional grayscale images. Then, FMETD trains a deep learning model (2D-CNN) using the MAML, which is to learn an optimal set of model initialization parameters for the model from a set of classification tasks consisting of grayscale images. The model with this set of parameters can detect new classes of maliciously encrypted traffic data efficiently with a few samples by a few iterations steps. The experimental results show that the FMETD approach has 99.8% accuracy for two-class classification encrypted traffic and 98.5% average accuracy for multi-classification. When the number of grayscale images of each class in the support set and validation set is reduced to 20, the accuracy of our approach to multi-class classification is 97.9% for new classes of traffic.

show abstract

Towards Forecasting Time-Series of Cyber-Security Data Aggregates

Carriegos

Díaz

2020

13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020)

View full text Add to dashboard Cite

Deep packet inspection for intelligent intrusion detection in software-defined industrial networks: A proof of concept

Cited by 10 publications

References 18 publications

Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar

Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar

A Few-Shot Malicious Encrypted Traffic Detection Approach Based on Model-Agnostic Meta-Learning

Towards Forecasting Time-Series of Cyber-Security Data Aggregates

Contact Info

Product

Resources

About