Machine learning based network intrusion detection

Lee, Chie-Hong; Su, Yann-Yean; Lin, Yu‐Chun; Lee, Shie-Jue

doi:10.1109/ciapp.2017.8167184

Cited by 28 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They can foil existing malware attacks such as backdoors, trojans, and rootkits [6,30] and detect social engineering attacks such as phishing and man-in-the-middle attacks [24,35]. Most frequently ML techniques play an important role in NIDS architectures because they provide lower false alarm rates, higher detection rates, and better capabilities of finding mutations of known and unknown attacks not detectable by conventional techniques [16,17,41,44].…”

Section: Introductionmentioning

confidence: 99%

Generating Practical Adversarial Network Traffic Flows Using NIDSGAN

Zolbayar¹,

Sheatsley²,

McDaniel³

et al. 2022

Preprint

View full text Add to dashboard Cite

Network intrusion detection systems (NIDS) are an essential defense for computer networks and the hosts within them. Machine learning (ML) nowadays predominantly serves as the basis for NIDS decision making, where models are tuned to reduce false alarms, increase detection rates, and detect known and unknown attacks. At the same time, ML models have been found to be vulnerable to adversarial examples that undermine the downstream task. In this work, we ask the practical question of whether real-world MLbased NIDS can be circumvented by crafted adversarial flows, and if so, how can they be created. We develop the generative adversarial network (GAN)-based attack algorithm NIDSGAN and evaluate its effectiveness against realistic ML-based NIDS. Two main challenges arise for generating adversarial network traffic flows: (1) the network features must obey the constraints of the domain (i.e., represent realistic network behavior), and (2) the adversary must learn the decision behavior of the target NIDS without knowing its model internals (e.g., architecture and meta-parameters) and training data. Despite these challenges, the NIDSGAN algorithm generates highly realistic adversarial traffic flows that evade ML-based NIDS. We evaluate our attack algorithm against two state-of-the-art DNNbased NIDS in whitebox, blackbox, and restricted-blackbox threat models and achieve success rates which are on average 99%, 85%, and 70%, respectively. We also show that our attack algorithm can evade NIDS based on classical ML models including logistic regression, SVM, decision trees and KNNs, with a success rate of 70% on average. Our results demonstrate that deploying ML-based NIDS

show abstract

Section: Introductionmentioning

confidence: 99%

Generating Practical Adversarial Network Traffic Flows Using NIDSGAN

Zolbayar¹,

Sheatsley²,

McDaniel³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…One of these techniques is based on machine learning. Machine learning (ML) techniques can predict and detect threats before they result in major security incidents [3]. Classifying instances into two classes is called binary classification.…”

Section: Introductionmentioning

confidence: 99%

Features Dimensionality Reduction Approaches for Machine Learning Based Network Intrusion Detection

et al. 2019

View full text Add to dashboard Cite

The security of networked systems has become a critical universal issue that influences individuals, enterprises and governments. The rate of attacks against networked systems has increased dramatically, and the tactics used by the attackers are continuing to evolve. Intrusion detection is one of the solutions against these attacks. A common and effective approach for designing Intrusion Detection Systems (IDS) is Machine Learning. The performance of an IDS is significantly improved when the features are more discriminative and representative. This study uses two feature dimensionality reduction approaches: (i) Auto-Encoder (AE): an instance of deep learning, for dimensionality reduction, and (ii) Principle Component Analysis (PCA). The resulting low-dimensional features from both techniques are then used to build various classifiers such as Random Forest (RF), Bayesian Network, Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) for designing an IDS. The experimental findings with low-dimensional features in binary and multi-class classification show better performance in terms of Detection Rate (DR), F-Measure, False Alarm Rate (FAR), and Accuracy. This research effort is able to reduce the CICIDS2017 dataset’s feature dimensions from 81 to 10, while maintaining a high accuracy of 99.6% in multi-class and binary classification. Furthermore, in this paper, we propose a Multi-Class Combined performance metric C o m b i n e d M c with respect to class distribution to compare various multi-class and binary classification systems through incorporating FAR, DR, Accuracy, and class distribution parameters. In addition, we developed a uniform distribution based balancing approach to handle the imbalanced distribution of the minority class instances in the CICIDS2017 network intrusion dataset.

show abstract

“…Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are fundamental in defending against the DoS and DDoS attacks. Research on the Machine-Learning (ML) Based Network Intrusion Detection Systems (NIDS) is of high interest in the scientific community and in industrial practice [30][47] [23]. One of the major obstacles to the wide deployment of ML-based NIDS is the necessity to collect labelled data on premises of the protected network [27], since the ML-components need to learn the specific data distributions.…”

Section: Introductionmentioning

confidence: 99%

Towards Deployment Shift Inhibition Through Transfer Learning in Network Intrusion Detection

Pawlicki

Kozik

Choraś

2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Currently, machine learning sees growing adoption in numerous domains, including critical applications, like cybersecurity. However, to fully enjoy the benefits of artificial intelligence the end-user has some high barriers to entry to circumnavigate. The deployment of machine-learning-based Network Intrusion Detection Systems requires the collection of labelled data to train the intelligent components. This is an expensive and laborious process, which necessitates expert knowledge in cyberattacks and computer networks. Even when using data collected and labelled on premises, phenomena like concept drift can cause the model to underperform -a concept known as deployment shift. This paper evaluates the use of transfer learning techniques to curb the effects of deployment shift in machine-learning-based network intrusion detection.

show abstract

Machine learning based network intrusion detection

Cited by 28 publications

References 11 publications

Generating Practical Adversarial Network Traffic Flows Using NIDSGAN

Generating Practical Adversarial Network Traffic Flows Using NIDSGAN

Features Dimensionality Reduction Approaches for Machine Learning Based Network Intrusion Detection

Towards Deployment Shift Inhibition Through Transfer Learning in Network Intrusion Detection

Contact Info

Product

Resources

About