Network Traffic Prediction using Quantile Regression with linear, Tree, and Deep Learning Models

2020 ◽  
Author(s):  
Ahmed Alutaibi ◽  
Sudhakar Ganti
Keyword(s):  
Deep Learning ◽  
Quantile Regression ◽  
Network Traffic ◽  
Traffic Prediction ◽  
Learning Models

APT attack detection based on flow network analysis techniques using deep learning

2020 ◽  
Vol 39 (3) ◽  
pp. 4785-4801
Author(s):  
Cho Do Xuan ◽  
Mai Hoang Dao ◽  
Hoa Dinh Nguyen
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Network Analysis ◽  
Network Traffic ◽  
Network Flow ◽  
Network Flows ◽  
Attack Detection ◽  
Research Network ◽  
Learning Models ◽  
Flow Network

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. This attack technique is growing in both the number of recorded attacks and the extent of its dangers to organizations, businesses and governments. Therefore, the task of detecting and warning APT attacks in the real system is very necessary today. One of the most effective approaches to APT attack detection is to apply machine learning or deep learning to analyze network traffic. There have been a number of studies and recommendations to analyze network traffic into network flows and then combine with some classification or clustering methods to look for signs of APT attacks. In particular, recent studies often apply machine learning algorithms to spot the present of APT attacks based on network flow. In this paper, a new method based on deep learning to detect APT attacks using network flow is proposed. Accordingly, in our research, network traffic is analyzed into IP-based network flows, then the IP information is reconstructed from flow, and finally deep learning models are used to extract features for detecting APT attack IPs from other IPs. Additionally, a combined deep learning model using Bidirectional Long Short-Term Memory (BiLSTM) and Graph Convolutional Networks (GCN) is introduced. The new detection model is evaluated and compared with some traditional machine learning models, i.e. Multi-layer perceptron (MLP) and single GCN models, in the experiments. Experimental results show that BiLSTM-GCN model has the best performance in all evaluation scores. This not only shows that deep learning application on flow network analysis to detect APT attacks is a good decision but also suggests a new direction for network intrusion detection techniques based on deep learning.

Ransomware Traffic Classification Using Deep Learning Models

2020 ◽  
Vol 12 (1) ◽  
pp. 1-11
Author(s):  
Arivudainambi D. ◽  
Varun Kumar K.A. ◽  
Vinoth Kumar R. ◽  
Visu P.
Keyword(s):  
Deep Learning ◽  
Real Time ◽  
Network Traffic ◽  
Classification Model ◽  
Traffic Classification ◽  
Learning Models ◽  
Learning Methods ◽  
Novel Method

Ransomware is a malware which affects the systems data with modern encryption techniques, and the data is recovered once a ransom amount is paid. In this research, the authors show how ransomware propagates and infects devices. Live traffic classifications of ransomware have been meticulously analyzed. Further, a novel method for the classification of ransomware traffic by using deep learning methods is presented. Based on classification, the detection of ransomware is approached with the characteristics of the network traffic and its communications. In more detail, the behavior of popular ransomware, Crypto Wall, is analyzed and based on this knowledge, a real-time ransomware live traffic classification model is proposed.

scholarly journals Analysis of deep learning models for network anomaly detection in Internet of Things

2021 ◽  
pp. 28-37
Author(s):  
Diana Gaifilina ◽  
Igor Kotenko
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Deep Learning ◽  
Internet Of Things ◽  
Anomaly Detection ◽  
Recurrent Neural Network ◽  
Network Traffic ◽  
Learning Models ◽  
Network Anomaly Detection ◽  
Machine Learning Models

Introduction: The article discusses the problem of choosing deep learning models for detecting anomalies in Internet of Things (IoT) network traffic. This problem is associated with the necessity to analyze a large number of security events in order to identify the abnormal behavior of smart devices. A powerful technology for analyzing such data is machine learning and, in particular, deep learning. Purpose: Development of recommendations for the selection of deep learning models for anomaly detection in IoT network traffic. Results: The main results of the research are comparative analysis of deep learning models, and recommendations on the use of deep learning models for anomaly detection in IoT network traffic. Multilayer perceptron, convolutional neural network, recurrent neural network, long short-term memory, gated recurrent units, and combined convolutional-recurrent neural network were considered the basic deep learning models. Additionally, the authors analyzed the following traditional machine learning models: naive Bayesian classifier, support vector machines, logistic regression, k-nearest neighbors, boosting, and random forest. The following metrics were used as indicators of anomaly detection efficiency: accuracy, precision, recall, and F-measure, as well as the time spent on training the model. The constructed models demonstrated a higher accuracy rate for anomaly detection in large heterogeneous traffic typical for IoT, as compared to conventional machine learning methods. The authors found that with an increase in the number of neural network layers, the completeness of detecting anomalous connections rises. This has a positive effect on the recognition of unknown anomalies, but increases the number of false positives. In some cases, preparing traditional machine learning models takes less time. This is due to the fact that the application of deep learning methods requires more resources and computing power. Practical relevance: The results obtained can be used to build systems for network anomaly detection in Internet of Things traffic.

Detecting internet attacks using a neural network

2021 ◽  
Author(s):  
E.Yu. Silantieva ◽  
V.A. Zabelina ◽  
G.A. Savchenko ◽  
I.M. Chernenky
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Open Source Software ◽  
Network Traffic ◽  
Network Models ◽  
Detection Accuracy ◽  
Learning Models ◽  
Neural Network Models ◽  
Robust Identification ◽  
Variational Autoencoder

This study presents an analysis of autoencoder models for the problems of detecting anomalies in network traffic. Results of the training were assessed using open source software on the UNB ICS IDS 2017 dataset. As deep learning models, we considered standard and variational autoencoder, Deep SSAD approaches for a normal autoencoder (AE-SAD) and a variational autoencoder (VAE-SAD). The constructed deep learning models demonstrated different indicators of anomaly detection accuracy; the best result in terms of the AUC metric of 98% was achieved with VAE-SAD model. In the future, it is planned to continue the analysis of the characteristics of neural network models in cybersecurity problems. One of directions is to study the influence of structure of network traffic on the performance indicators of using deep learning models. Based on the results, it is planned to develop an approach of robust identification of security events based on deep learning methods.

scholarly journals Payload-Based Traffic Classification Using Multi-Layer LSTM in Software Defined Networks

2019 ◽  
Vol 9 (12) ◽  
pp. 2550 ◽  
Author(s):  
Lim ◽  
Kim ◽  
Kim ◽  
Hong ◽  
Han
Keyword(s):  
Deep Learning ◽  
Network Traffic ◽  
Short Term Memory ◽  
Single Layer ◽  
Classification Performance ◽  
Traffic Classification ◽  
Software Defined Networks ◽  
Learning Models ◽  
Network Operator ◽  
Network Traffic Classification

Recently, with the advent of various Internet of Things (IoT) applications, a massive amount of network traffic is being generated. A network operator must provide different quality of service, according to the service provided by each application. Toward this end, many studies have investigated how to classify various types of application network traffic accurately. Especially, since many applications use temporary or dynamic IP or Port numbers in the IoT environment, only payload-based network traffic classification technology is more suitable than the classification using the packet header information as well as payload. Furthermore, to automatically respond to various applications, it is necessary to classify traffic using deep learning without the network operator intervention. In this study, we propose a traffic classification scheme using a deep learning model in software defined networks. We generate flow-based payload datasets through our own network traffic pre-processing, and train two deep learning models: 1) the multi-layer long short-term memory (LSTM) model and 2) the combination of convolutional neural network and single-layer LSTM models, to perform network traffic classification. We also execute a model tuning procedure to find the optimal hyper-parameters of the two deep learning models. Lastly, we analyze the network traffic classification performance on the basis of the F1-score for the two deep learning models, and show the superiority of the multi-layer LSTM model for network packet classification.

Sign in / Sign up

Export Citation Format

Share Document