Developing a Network Attack Detection System Using Deep Learning

Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.

Download Full-text

Network Attack Detection With SNMP-MIB Using Deep Neural Network

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch004 ◽

2020 ◽

pp. 66-76

Author(s):

Mouhammd Sharari Alkasassbeh ◽

Mohannad Zead Khairallah

Keyword(s):

Neural Network ◽

Machine Learning ◽

Information Technologies ◽

Deep Neural Network ◽

Detection System ◽

Attack Detection ◽

Machine Learning Techniques ◽

Network Attack ◽

Security Breaches ◽

Security Issues

Over the past decades, the Internet and information technologies have elevated security issues due to the huge use of networks. Because of this advance information and communication and sharing information, the threats of cybersecurity have been increasing daily. Intrusion Detection System (IDS) is considered one of the most critical security components which detects network security breaches in organizations. However, a lot of challenges raise while implementing dynamics and effective NIDS for unknown and unpredictable attacks. Consider the machine learning approach to developing an effective and flexible IDS. A deep neural network model is proposed to increase the effectiveness of intrusions detection system. This chapter presents an efficient mechanism for network attacks detection and attack classification using the Management Information Base (MIB) variables with machine learning techniques. During the evaluation test, the proposed model seems highly effective with deep neural network implementation with a precision of 99.6% accuracy rate.

Download Full-text

Understanding the Influence of Graph Kernels on Deep Learning Architecture: A Case Study of Flow-Based Network Attack Detection

2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) ◽

10.1109/trustcom/bigdatase.2019.00049 ◽

2019 ◽

Author(s):

Liya Su ◽

Yepeng Yao ◽

Zhigang Lu ◽

Baoxu Liu

Keyword(s):

Deep Learning ◽

Attack Detection ◽

Network Attack ◽

Graph Kernels

Download Full-text

Application of Deep Learning Technique in an Intrusion Detection System

International Journal of Computational Intelligence and Applications ◽

10.1142/s1469026820500169 ◽

2020 ◽

Vol 19 (02) ◽

pp. 2050016

Author(s):

Shideh Saraeian ◽

Mahya Mohammadi Golchi

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Visual Analysis ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Learning Technique

Comprehensive development of computer networks causes the increment of Distributed Denial of Service (DDoS) attacks. These types of attacks can easily restrict communication and computing. Among all the previous researches, the accuracy of the attack detection has not been properly addressed. In this study, deep learning technique is used in a hybrid network-based Intrusion Detection System (IDS) to detect intrusion on network. The performance of the proposed technique is evaluated on the NSL-KDD and ISCXIDS 2012 datasets. We performed traffic visual analysis using Wireshark tool and did some experimentations to prove the superiority of the proposed method. The results have shown that our proposed method achieved higher accuracy in comparison with other useful machine learning techniques.

Download Full-text

DoS and DDoS Attack Detection Using Deep Learning and IDS

The International Arab Journal of Information Technology ◽

10.34028/iajit/17/4a/10 ◽

2020 ◽

Vol 17 (4A) ◽

pp. 655-661

Author(s):

Mohammad Shurman ◽

Rami Khrais ◽

Abdulrahman Yateem

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Target System ◽

Online Systems ◽

Ddos Attack ◽

Long Short Term Memory ◽

Ddos Attack Detection

In the recent years, Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack has spread greatly and attackers make online systems unavailable to legitimate users by sending huge number of packets to the target system. In this paper, we proposed two methodologies to detect Distributed Reflection Denial of Service (DrDoS) attacks in IoT. The first methodology uses hybrid Intrusion Detection System (IDS) to detect IoT-DoS attack. The second methodology uses deep learning models, based on Long Short-Term Memory (LSTM) trained with latest dataset for such kinds of DrDoS. Our experimental results demonstrate that using the proposed methodologies can detect bad behaviour making the IoT network safe of Dos and DDoS attacks

Download Full-text

CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.10.169183 ◽

2020 ◽

Vol 2 (10) ◽

pp. 169-183

Author(s):

Serhii Tolіupa ◽

Oleksandr Pliushch ◽

Ivan Parkhomenko

Keyword(s):

Neural Network ◽

Information Systems ◽

Detection System ◽

Attack Detection ◽

Cyber Attacks ◽

Network Structures ◽

Network Attack ◽

Detection Systems ◽

Protection Mechanisms ◽

Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

Download Full-text

Deep Learning Based Attack Detection in IIoT using Two-Level Intrusion Detection System

10.21203/rs.3.rs-997888/v1 ◽

2021 ◽

Author(s):

Kathiroli Raja ◽

Krithika Karthikeyan ◽

Abilash B ◽

Kapal Dev ◽

Gunasekaran Raja

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Production Management ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Sensitive Information ◽

Smart Meters ◽

Network Intrusion

Abstract The Industrial Internet of Things (IIoT), also known as Industry 4.0, has brought a revolution in the production and manufacturing sectors as it assists in the automation of production management and reduces the manual effort needed in auditing and managing the pieces of machinery. IoT-enabled industries, in general, use sensors, smart meters, and actuators. Most of the time, the data held by these devices is surpassingly sensitive and private. This information might be modified, 1 stolen, or even the devices may be subjected to a Denial of Service (DoS) attack. As a consequence, the product quality may deteriorate or sensitive information may be leaked. An Intrusion Detection System (IDS), implemented in the network layer of IIoT, can detect attacks, thereby protecting the data and devices. Despite substantial advancements in attack detection in IIoT, existing works fail to detect certain attacks obfuscated from detectors resulting in a low detection performance. To address the aforementioned issue, we propose a Deep Learning-based Two Level Network Intrusion Detection System (DLTL-NIDS) for IIoT environment, emphasizing challenging attacks. The attacks that attain low accuracy or low precision in level-1 detection are marked as challenging attacks. Experimental results show that the proposed model, when tested against TON IoT, figures out the challenging attacks well and achieves an accuracy of 99.97%, precision of 95.62%, recall of 99.5%, and F1-score of 99.65%. The proposed DL-TLNIDS, when compared with state-of-art models, achieves a decrease in false alarm rate to 2.34% (flagging normal traffic as an attack) in IIoT.

Download Full-text

CONSTRUCTION OF SYSTEMS OF DETECTION OF INVASIONS INTO THE INFORMATI TON AND TELECOMMUNICATIONS NETWORK ON THE BASIS OF METHODS OF INTELLECTUAL DISTRIBUTION OF DATA

Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University ◽

10.17721/2519-481x/2020/68-09 ◽

2020 ◽

pp. 80-89

Author(s):

S. Toliupa ◽

O. Pliushch ◽

I. Parhomenko

Keyword(s):

Data Mining ◽

Experimental Research ◽

Intelligent Systems ◽

Detection System ◽

Attack Detection ◽

Information Network ◽

Distributed Information ◽

Network Attack ◽

Detection Model ◽

Detection Systems

The article proposes a combinatorial construction of a network attack detection system based on selected methods of data mining and conducts experimental research that confirms the effectiveness of the created detection model to protect the distributed information network. Experiments with a software prototype showed the high quality of detection of network attacks and proved the correctness of the choice of methods of data mining and the applicability of the developed techniques. The state of security of information and telecommunication systems against cyberattacks is analyzed, which allowed to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management. An analysis of publications of domestic and foreign experts, which summarizes: experience in building attack detection systems, their disadvantages and advantages; of attack and intrusion detection systems based on the use of intelligent systems. Based on the results of the review, proposals were formed on: construction of network attack detection systems on the basis of selected methods of data mining and experimental research, which confirms the effectiveness of the created detection model for the protection of the distributed information network.

Download Full-text

Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection

The Scientific World JOURNAL ◽

10.1155/2015/314601 ◽

2015 ◽

Vol 2015 ◽

pp. 1-8 ◽

Cited By ~ 4

Author(s):

Jayakumar Kaliappan ◽

Revathi Thiagarajan ◽

Karpagam Sundararajan

Keyword(s):

Intrusion Detection ◽

Detection Rate ◽

Detection System ◽

Attack Detection ◽

Majority Voting ◽

Final Decision ◽

Network Attack ◽

Voting Rule ◽

Specific Category ◽

Local Decision

An intrusion detection system (IDS) helps to identify different types of attacks in general, and the detection rate will be higher for some specific category of attacks. This paper is designed on the idea that each IDS is efficient in detecting a specific type of attack. In proposed Multiple IDS Unit (MIU), there are five IDS units, and each IDS follows a unique algorithm to detect attacks. The feature selection is done with the help of genetic algorithm. The selected features of the input traffic are passed on to the MIU for processing. The decision from each IDS is termed as local decision. The fusion unit inside the MIU processes all the local decisions with the help of majority voting rule and makes the final decision. The proposed system shows a very good improvement in detection rate and reduces the false alarm rate.

Download Full-text

Face Spoofing Detection using Mixed Feature with Deep Convolutional Neural Networks

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d8876.018520 ◽

2020 ◽

Vol 8 (5) ◽

pp. 3309-3314

Keyword(s):

Deep Learning ◽

Detection System ◽

Attack Detection ◽

Detection Methods ◽

Deep Convolutional Neural Networks ◽

Replay Attack ◽

Multiple Features ◽

Spoofing Detection ◽

Occurrence Matrix ◽

Face Spoofing

Nowadays, face biometric-based access control systems are becoming ubiquitous in daily life while they are still vulnerable to spoofing attacks. Developing robust and reliable methods to prevent such frauds is unavoidable. As deep learning techniques have achieved satisfactory performances in computer vision, they have also been applied to face spoofing detection. However, the numerous parameters in these deep learning-based detection methods cannot be updated to optimum due to limited data. In this paper,a highly accurate face spoof detection system using multiple features and deep learning is proposed. The input video is broken into frames using content-based frame extraction. From each frame, the face of the person is cropped.From the cropped images multiple features like Histogram of Gradients (HoG), Local Binary Pattern (LBP), Center Symmetric LBP (CSLBP), and Gray level co-occurrence Matrix (GLCM) are extracted to train the Convolutional Neural Network(CNN). Training and testing are performed separately by using collected sample data.Experiments on the standard spoof database called Replay-Attack database the proposed system outperform other state-of-the-art techniques, presenting great results in terms of attack detection.

Download Full-text