Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

Mirsky, Yisroel; Doitshman, Tomer; Elovici, Yuval; Shabtai, Asaf

doi:10.14722/ndss.2018.23204

Cited by 774 publications

(426 citation statements)

References 32 publications

Supporting

Mentioning

415

Contrasting

Unclassified

Order By: Relevance

Section: Related Workmentioning

confidence: 99%

“…Autoencoders have been used for anomaly and intrusion detection before [41], [42]. The differences between this work and [41] are that in our research (1) AEs are applied to raw physical signals without statistical feature extraction, and (2) AEs are applied to the frequency domain. We extend the research in [42] by applying AEs to cyber attack detection in time series, combining control, status and raw physical data, as well as applying AEs to the frequency domain.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Kravchik

Shabtai

2018

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

Self Cite

251

167

View full text Add to dashboard Cite

Industrial control systems (ICSs) are widely used and vital to industry and society. Their failure can have severe impact on both economics and human life. Hence, these systems have become an attractive target for attacks, both physical and cyber. A number of attack detection methods have been proposed, however they are characterized by a low detection rate, a substantial false positive rate, or are system specific. In this paper, we study an attack detection method based on simple and lightweight neural networks, namely, 1D convolutions and autoencoders. We apply these networks to both the time and frequency domains of the collected data and discuss pros and cons of each approach. We evaluate the suggested method on three popular public datasets and achieve detection rates matching or exceeding previously published detection results, while featuring small footprint, short training and detection times, and generality. We also demonstrate the effectiveness of PCA, which, given proper data preprocessing and feature selection, can provide high attack detection scores in many settings. Finally, we study the proposed method's robustness against adversarial attacks, that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect. Our results show that the proposed method is robust to such evasion attacks: in order to evade detection, the attacker is forced to sacrifice the desired physical impact on the system. This finding suggests that neural networks trained under the constraints of the laws of physics can be trusted more than networks trained under more flexible conditions.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Kravchik

Shabtai

2018

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

Self Cite

251

167

View full text Add to dashboard Cite

show abstract

“…These models do not require labeled information and instead exploit the fact that anomalous behaviors tend to differ greatly from the standard or normal behavior of the network. Fiore et al [24] made use of discriminative restricted Boltzmann machine (RBM) for anomaly detection on network data; while Mirsky et al [25] proposed an ensembles of light-weight autoencoders for real time network intrusion detection, although their focus is on scalability of the system. Further, An and Cho [26] demonstrated that the VAE performs much better than AE and PCA on handwritten digit recognition and network intrusion detection.…”

Section: Related Workmentioning

confidence: 99%

“…However, the VAE model was trained using data labeled as normal, i.e., the anomalies are removed from training, which is difficult to do in practice. The above [24], [25], [26] are also known as semi-supervised learning.…”

Section: Related Workmentioning

confidence: 99%

GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection

Nguyen

Lim

Divakaran³

et al. 2019

2019 IEEE Conference on Communications and Network Security (CNS)

120

View full text Add to dashboard Cite

This paper looks into the problem of detecting network anomalies by analyzing NetFlow records. While many previous works have used statistical models and machine learning techniques in a supervised way, such solutions have the limitations that they require large amount of labeled data for training and are unlikely to detect zero-day attacks. Existing anomaly detection solutions also do not provide an easy way to explain or identify attacks in the anomalous traffic. To address these limitations, we develop and present GEE, a framework for detecting and explaining anomalies in network traffic. GEE comprises of two components: (i) Variational Autoencoder (VAE) -an unsupervised deep-learning technique for detecting anomalies, and (ii) a gradient-based fingerprinting technique for explaining anomalies. Evaluation of GEE on the recent UGR dataset demonstrates that our approach is effective in detecting different anomalies as well as identifying fingerprints that are good representations of these various attacks.

show abstract

“…The domain of using machine learning has been extensively researched in the past [6], and several scholarly papers on intrusion detection by data-mining techniques and machine intelligence have been published [10]. However, most of these prior studies have only used machine learning techniques for intrusion detection in traditional networks.…”

Section: Related Workmentioning

confidence: 99%

Internet of Things Cyber Attacks Detection using Machine Learning

Alsamiri¹,

Alsubhi²

2019

IJACSA

View full text Add to dashboard Cite

The Internet of Things (IoT) combines hundreds of millions of devices which are capable of interaction with each other with minimum user interaction. IoT is one of the fastest-growing areas in of computing; however, the reality is that in the extremely hostile environment of the internet, IoT is vulnerable to numerous types of cyberattacks. To resolve this, practical countermeasures need to be established to secure IoT networks, such as network anomaly detection. Regardless that attacks cannot be wholly avoided forever, early detection of an attack is crucial for practical defense. Since IoT devices have low storage capacity and low processing power, traditional high-end security solutions to protect an IoT system are not appropriate. Also, IoT devices are now connected without human intervention for longer periods. This implies that intelligent network-based security solutions like machine learning solutions must be developed. Although many studies in recent years have discussed the use of Machine Learning (ML) solutions in attack detection problems, little attention has been given to the detection of attacks specifically in IoT networks. In this study, we aim to contribute to the literature by evaluating various machine learning algorithms that can be used to quickly and effectively detect IoT network attacks. A new dataset, Bot-IoT, is used to evaluate various detection algorithms. In the implementation phase, seven different machine learning algorithms were used, and most of them achieved high performance. New features were extracted from the Bot-IoT dataset during the implementation and compared with studies from the literature, and the new features gave better results.

show abstract

Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

Cited by 774 publications

References 32 publications

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection

Internet of Things Cyber Attacks Detection using Machine Learning

Contact Info

Product

Resources

About