Abstract
Along with the growing network connectivity across the world, there is a substantial increase in malicious network traffic to exploit the vulnerabilities, thus hampering several organizations and end-users. Though signature-based and classification-based machine learning approaches can detect malicious network traffic, they cannot reliably detect unknown attacks. Several issues are yet unsolved using the existing approaches such as imbalanced training data, high false alarm rate, and lack of detection of unknown attacks. To address these issues, in this work, we propose a novel multi-level classification method that can accurately classify the network traffic into several classes and identify the novel attacks. The unsupervised Gaussian mixture modeling approach is used to learn the statistical characteristics of each traffic category, and an adaptive thresholding technique based on the interquartile range is used to identify any outlier. The proposed work is evaluated on the benchmark CICIDS2017 dataset that includes modern network traffic patterns. The results show a significant improvement relative to the state-of-the-art techniques for detecting unknown attacks and classifying multiple network traffic attacks.
Similar content being viewed by others
References
McAfee Labs (2019) McAfee Labs threats report, pp. 1–60. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf. Accessed 14 May 2020
Truong D, Tran D, Nguyen L, Mac H, Tran H, Bui T (2019) Detecting web attacks using stacked denoising autoencoder and ensemble learning methods. In: ACM Int. Conf. Proceeding Series pp 267–272. https://doi.org/10.1145/3368926.3369715
Shah S, Issac B (2018) Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems 80:157–170. https://doi.org/10.1016/j.future.2017.10.016
Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD CUP 99 dataset. In: Proc. of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA), Ottawa, Canada. https://doi.org/10.1109/CISDA.2009.5356528
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems. In: Proc. of IEEE Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, pp 10–15. https://doi.org/10.1109/MilCIS.2015.7348942
CVE Identifiers https://cve.mitre.org/cve/ Accessed 4 Jan 2020
Sharafaldin I, Gharib A, Lashkari A, Ghorbani A (2017) Towards a reliable intrusion detection benchmark dataset. Softw Netw 1:177–200. https://doi.org/10.13052/jsn2445-9739.2017.009
Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184. https://doi.org/10.1016/j.asoc.2014.01.028
Li W, Yi P, Wu Y, Pan L, Li J (2014) A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J Electr Computer Eng 2014:240217. https://doi.org/10.1155/2014/240217
Ingre B, Yadav A (2015) Performance analysis of NSL-KDD dataset using ANN. In: IEEE Intl. Conf. on Signal Processing and Communication Engineering Systems pp. 92–96. https://doi.org/10.1109/SPACES.2015.7058223
Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system. Procedia Comput Sci 89:213–217
Saied A, Overill R, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. https://doi.org/10.1016/j.neucom.2015.04.101
Bhuyan M, Bhattacharyya D, Kalita J (2013) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutor 16:303–336. https://doi.org/10.1109/SURV.2013.052213.00046
Chapaneri R, Shah S (2018) A comprehensive survey of machine learning-based network intrusion detection. Smart Intell Comput Appl 104:345–356. https://doi.org/10.1007/978-981-13-1921-1_35
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41:1–58. https://doi.org/10.1145/1541880.1541882
Haseeb K, Islam N, Almogren A, Ud Din I (2019) Intrusion prevention framework for secure routing in WSN-based mobile Internet of things. IEEE Access 7:185496–185505. https://doi.org/10.1109/ACCESS.2019.2960633
Li L, Hansman R, Palacios R, Welsch R (2016) Anomaly detection via a Gaussian mixture model for flight operation and safety monitoring. Transp Res Part C Emerg Technol 64:45–57. https://doi.org/10.1016/j.trc.2016.01.007
Chapaneri R, Shah S (2019) Detection of malicious network traffic using convolutional neural networks. In: IEEE 10th Intl. Conf. on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India. https://doi.org/10.1109/ICCCNT45670.2019.8944814
Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418
Kim J, Thu H, Kim H (2017) Long short term memory recurrent neural network classifier for intrusion detection. In: IEEE Intl. Conf. Platform Technology and Service, South Korea. https://doi.org/10.1109/PlatCon.2016.7456805
Wu P, Guo H, Moustafa N (2020) Pelican: a deep residual network for network intrusion detection. In: 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). https://doi.org/10.1109/DSN-W50199.2020.00018
Dutta V, Choraś M, Kozik R, Pawlicki M (2020) Hybrid model for improving the classification effectiveness of network intrusion detection. In: Intl. Conference on Complex, Intelligent, and Software Intensive Systems, Springer, Berlin https://doi.org/10.1007/978-3-030-57805-3_38
Almalawi A, Fahad A, Tari Z, Khan A, Alzahrani N, Bakhsh S, Alassafi M, Alshdadi A, Qaiyum S (2020) Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data. Electronics 9:1017. https://doi.org/10.3390/electronics9061017
Merrill N, Eskandarian A (2020) Modified autoencoder training and scoring for robust unsupervised anomaly detection in deep learning. IEEE Access. https://doi.org/10.1109/ACCESS.2020.2997327
Chen X, Cao C, Mai J (2020) Network anomaly detection based on deep support vector data description. In: 5th IEEE International Conference on Big Data Analytics (ICBDA). https://doi.org/10.1109/ICBDA49040.2020.9101325
Maaten L, Hinton G (2008) Visualizing data using t-SNE. J Mach Learn Res 9:2579–2605
Pérez D, Alonso S, Morán A, Prada M, Fuertes J, Dománguez M (2019) Comparison of network intrusion detection performance using feature representation. In: Intl. Conf. on Engineering Applications of Neural Networks pp 463–475. https://doi.org/10.1007/978-3-030-20257-6_40
Marir N, Wang H, Feng G, Li B, Jia M (2018) Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2875045
Aksu D, Aydin M (2018) Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: IEEE Intl. Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) Turkey pp 77–80. https://doi.org/10.1109/IBIGDELFT.2018.8625370
Sharafaldin I, Habibi L, Ghorbani A (2018) A detailed analysis of the CICIDS2017 data set. In: Intl. Conf. on Information Systems Security and Privacy, Springer Cham.https://doi.org/10.1007/978-3-030-25109-3_9
Yulianto A, Sukarno P, Suwastika N (2019) Improving AdaBoost-based intrusion detection system performance on CICIDS 2017 dataset. In: Journal of Physics: Conference Series, vol 1192, no. 1. https://doi.org/10.1088/1742-6596/1192/1/012018
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chapaneri, R., Shah, S. Multi-level Gaussian mixture modeling for detection of malicious network traffic. J Supercomput 77, 4618–4638 (2021). https://doi.org/10.1007/s11227-020-03447-z
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-020-03447-z