scholarly journals Methods for Host-Based Intrusion Detection with Deep Learning

2021 ◽  
Author(s):  
John Ring ◽  
Colin Van Oort ◽  
Samson Durst ◽  
Vanessa White ◽  
Joseph Near ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Black Box ◽  
Intrusion Detection Systems ◽  
System Behavior ◽  
Detection Systems ◽  
System Calls ◽  
Baseline System ◽  
Sequence Behavior ◽  
Learning Architectures

Host-based Intrusion Detection Systems (HIDS) automatically detect events that indicate compromise by adversarial applications. HIDS are generally formulated as analyses of sequences of system events such as bash commands or system calls. Anomaly-based approaches to HIDS leverage models of normal (aka baseline) system behavior to detect and report abnormal events, and have the advantage of being able to detect novel attacks. In this paper we develop a new method for anomaly-based HIDS using deep learning predictions of sequence-to-sequence behavior in system calls. Our proposed method, called the ALAD algorithm, aggregates predictions at the application level to detect anomalies. We investigate the use of several deep learning architectures, including WaveNet and several recurrent networks. We show that ALAD empowered with deep learning significantly outperforms previous approaches. We train and evaluate our models using an existing dataset, ADFA-LD, and a new dataset of our own construction, PLAID. As deep learning models are black box in nature we use an alternate approach, allotaxonographs, to characterize and understand differences in baseline vs.~attack sequences in HIDS datasets such as PLAID.

scholarly journals CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 916 ◽  
Author(s):  
Jiyeon Kim ◽  
Jiwon Kim ◽  
Hyunjung Kim ◽  
Minsun Shim ◽  
Eunjung Choi
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
National Defense ◽  
Dos Attacks ◽  
Detection Systems ◽  
Network Intrusion

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Towards secure intrusion detection systems using deep learning techniques: Comprehensive analysis and review

2021 ◽  
pp. 103111
Author(s):  
Sang-Woong Lee ◽  
Haval Mohammed sidqi ◽  
Mokhtar Mohammadi ◽  
Shima Rashidi ◽  
Amir Masoud Rahmani ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Comprehensive Analysis ◽  
Intrusion Detection Systems ◽  
Detection Systems ◽  
Learning Techniques
Sign in / Sign up

Export Citation Format

Share Document