Novel Approach Using Deep Learning for Intrusion Detection and Classification of the Network Traffic

AbstractSeveral approaches were proposed to describe the geomorphology of drainage networks and the abiotic/biotic factors determining their morphology. There is an intrinsic complexity of the explicit qualification of the morphological variations in response to various types of control factors and the difficulty of expressing the cause-effect links. Traditional methods of drainage network classification are based on the manual extraction of key characteristics, then applied as pattern recognition schemes. These approaches, however, have low predictive and uniform ability. We present a different approach, based on the data-driven supervised learning by images, extended also to extraterrestrial cases. With deep learning models, the extraction and classification phase is integrated within a more objective, analytical, and automatic framework. Despite the initial difficulties, due to the small number of training images available, and the similarity between the different shapes of the drainage samples, we obtained successful results, concluding that deep learning is a valid way for data exploration in geomorphology and related fields.

Download Full-text

A Comparative Study on the Classification of the Imbalanced Intrusion Detection Dataset Based on Deep Learning

Journal of Korean institute of intelligent systems ◽

10.5391/jkiis.2018.28.2.152 ◽

2018 ◽

Vol 28 (2) ◽

pp. 152-159

Author(s):

Jae-Hyun Seo

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Comparative Study

Download Full-text

MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

10.21203/rs.3.rs-877144/v1 ◽

2021 ◽

Author(s):

Ming Li ◽

Dezhi Han ◽

Dun Li ◽

Han Liu ◽

Chin- Chen Chang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Feature Fusion ◽

Imbalanced Data ◽

Network Intrusion Detection ◽

Detection Accuracy ◽

Data Sets ◽

Imbalanced Data Sets ◽

Network Intrusion

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

Download Full-text

A Novel Approach for Network Intrusion Detection Using Multistage Deep Learning Image Recognition

Electronics ◽

10.3390/electronics10151854 ◽

2021 ◽

Vol 10 (15) ◽

pp. 1854

Author(s):

Jevgenijus Toldinas ◽

Algimantas Venčkauskas ◽

Robertas Damaševičius ◽

Šarūnas Grigaliūnas ◽

Nerijus Morkevičius ◽

...

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Image Recognition ◽

Computer Network ◽

Detection System ◽

Network Intrusion Detection ◽

Suggested Approach ◽

Network Intrusion ◽

Novel Approach ◽

Benchmark Datasets

The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size and pervasiveness. The paper proposes a novel approach for network intrusion detection using multistage deep learning image recognition. The network features are transformed into four-channel (Red, Green, Blue, and Alpha) images. The images then are used for classification to train and test the pre-trained deep learning model ResNet50. The proposed approach is evaluated using two publicly available benchmark datasets, UNSW-NB15 and BOUN Ddos. On the UNSW-NB15 dataset, the proposed approach achieves 99.8% accuracy in the detection of the generic attack. On the BOUN DDos dataset, the suggested approach achieves 99.7% accuracy in the detection of the DDos attack and 99.7% accuracy in the detection of the normal traffic.

Download Full-text

Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽

10.3390/sym13081453 ◽

2021 ◽

Vol 13 (8) ◽

pp. 1453

Author(s):

Renjian Lyu ◽

Mingshu He ◽

Yu Zhang ◽

Lei Jin ◽

Xinlei Wang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Traffic Monitoring ◽

Classification Model ◽

Network Intrusion Detection ◽

Traffic Classification ◽

Neural Architecture ◽

Network Intrusion ◽

Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

Download Full-text

Ransomware Traffic Classification Using Deep Learning Models

International Journal of Web Portals ◽

10.4018/ijwp.2020010101 ◽

2020 ◽

Vol 12 (1) ◽

pp. 1-11

Author(s):

Arivudainambi D. ◽

Varun Kumar K.A. ◽

Vinoth Kumar R. ◽

Visu P.

Keyword(s):

Deep Learning ◽

Real Time ◽

Network Traffic ◽

Classification Model ◽

Traffic Classification ◽

Learning Models ◽

Learning Methods ◽

Novel Method

Ransomware is a malware which affects the systems data with modern encryption techniques, and the data is recovered once a ransom amount is paid. In this research, the authors show how ransomware propagates and infects devices. Live traffic classifications of ransomware have been meticulously analyzed. Further, a novel method for the classification of ransomware traffic by using deep learning methods is presented. Based on classification, the detection of ransomware is approached with the characteristics of the network traffic and its communications. In more detail, the behavior of popular ransomware, Crypto Wall, is analyzed and based on this knowledge, a real-time ransomware live traffic classification model is proposed.

Download Full-text

An experimental study of different machine and deep learning techniques for classification of encrypted network traffic

2020 IEEE International Conference on Big Data (Big Data) ◽

10.1109/bigdata50022.2020.9378257 ◽

2020 ◽

Author(s):

ThankGod Obasi ◽

M. Omair Shafiq

Keyword(s):

Experimental Study ◽

Deep Learning ◽

Network Traffic ◽

Learning Techniques

Download Full-text

Intrusion Detection of Imbalanced Network Traffic Based on Machine Learning and Deep Learning

IEEE Access ◽

10.1109/access.2020.3048198 ◽

2020 ◽

pp. 1-1

Author(s):

Lan Liu ◽

Pengcheng Wang ◽

Jun Lin ◽

Langzhou Liu

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Intrusion Detection ◽

Network Traffic

Download Full-text

Using Deep Learning Methods for Intrusion Detection

Vestnik NSU Series Information Technologies ◽

10.25205/1818-7900-2019-17-2-114-121 ◽

2019 ◽

Vol 17 (2) ◽

pp. 114-121

Author(s):

V. A. Nechakhin ◽

B. N. Pishchik

Keyword(s):

Neural Network ◽

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Network Flows ◽

Main Idea ◽

Representation Learning ◽

High Loss ◽

The Neural Network ◽

Anomaly Score

One of the ways of ensuring information security are intrusion detection systems (IDS). IDS are used to detect malicious activity on the network. The standard approach to the detection of attacks it is looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This approach is highly efficient, but it does not able to detect the attacks without patterns. Modern approaches to detection of attacks use deep learning. The purpose of this work was to explore the possibility of building a universal classifier of network traffic based on a deep neural network. For this, a recurrent autoencoder was trained on TCP packets from the CICIDS2017 dataset. During training the neural network was a model in which the expected vector was set the same as the original one. And learning was on normal traffic. The main idea was that a recurrent autoencoder trained in this way should recover anomalous traffic with a high loss. The TCP package is considered malicious if the recovery loss is above the threshold. However, the accuracy of recovering normal TCP packets was low due to the insufficient model capacity and the lack of the suitable representation learning method. After the results analyzing, we proposed an approach that can improve accuracy of detection for some attacks. Based on this approach, the VAEGAN network was trained on normal network flows from CICIDS2017. The VAEGAN was used to detect malicious network flows: to calculate the anomaly score for flow; if score is above the threshold – the flow is malicious. The VAEGAN network showed a high percentage of attacks detection and the F-score value – 0.933.

Download Full-text