Skip to main content

Advertisement

SpringerLink
Log in

Multi-level Gaussian mixture modeling for detection of malicious network traffic

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Along with the growing network connectivity across the world, there is a substantial increase in malicious network traffic to exploit the vulnerabilities, thus hampering several organizations and end-users. Though signature-based and classification-based machine learning approaches can detect malicious network traffic, they cannot reliably detect unknown attacks. Several issues are yet unsolved using the existing approaches such as imbalanced training data, high false alarm rate, and lack of detection of unknown attacks. To address these issues, in this work, we propose a novel multi-level classification method that can accurately classify the network traffic into several classes and identify the novel attacks. The unsupervised Gaussian mixture modeling approach is used to learn the statistical characteristics of each traffic category, and an adaptive thresholding technique based on the interquartile range is used to identify any outlier. The proposed work is evaluated on the benchmark CICIDS2017 dataset that includes modern network traffic patterns. The results show a significant improvement relative to the state-of-the-art techniques for detecting unknown attacks and classifying multiple network traffic attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. McAfee Labs (2019) McAfee Labs threats report, pp. 1–60. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf. Accessed 14 May 2020

  2. Truong D, Tran D, Nguyen L, Mac H, Tran H, Bui T (2019) Detecting web attacks using stacked denoising autoencoder and ensemble learning methods. In: ACM Int. Conf. Proceeding Series pp 267–272. https://doi.org/10.1145/3368926.3369715

  3. Shah S, Issac B (2018) Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems 80:157–170. https://doi.org/10.1016/j.future.2017.10.016

    Article  Google Scholar 

  4. Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD CUP 99 dataset. In: Proc. of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA), Ottawa, Canada. https://doi.org/10.1109/CISDA.2009.5356528

  5. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems. In: Proc. of IEEE Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, pp 10–15. https://doi.org/10.1109/MilCIS.2015.7348942

  6. CVE Identifiers https://cve.mitre.org/cve/ Accessed 4 Jan 2020

  7. Sharafaldin I, Gharib A, Lashkari A, Ghorbani A (2017) Towards a reliable intrusion detection benchmark dataset. Softw Netw 1:177–200. https://doi.org/10.13052/jsn2445-9739.2017.009

    Article  Google Scholar 

  8. Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184. https://doi.org/10.1016/j.asoc.2014.01.028

    Article  Google Scholar 

  9. Li W, Yi P, Wu Y, Pan L, Li J (2014) A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J Electr Computer Eng 2014:240217. https://doi.org/10.1155/2014/240217

    Article  Google Scholar 

  10. Ingre B, Yadav A (2015) Performance analysis of NSL-KDD dataset using ANN. In: IEEE Intl. Conf. on Signal Processing and Communication Engineering Systems pp. 92–96. https://doi.org/10.1109/SPACES.2015.7058223

  11. Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system. Procedia Comput Sci 89:213–217

    Article  Google Scholar 

  12. Saied A, Overill R, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. https://doi.org/10.1016/j.neucom.2015.04.101

    Article  Google Scholar 

  13. Bhuyan M, Bhattacharyya D, Kalita J (2013) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutor 16:303–336. https://doi.org/10.1109/SURV.2013.052213.00046

    Article  Google Scholar 

  14. Chapaneri R, Shah S (2018) A comprehensive survey of machine learning-based network intrusion detection. Smart Intell Comput Appl 104:345–356. https://doi.org/10.1007/978-981-13-1921-1_35

    Article  Google Scholar 

  15. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41:1–58. https://doi.org/10.1145/1541880.1541882

    Article  Google Scholar 

  16. Haseeb K, Islam N, Almogren A, Ud Din I (2019) Intrusion prevention framework for secure routing in WSN-based mobile Internet of things. IEEE Access 7:185496–185505. https://doi.org/10.1109/ACCESS.2019.2960633

    Article  Google Scholar 

  17. Li L, Hansman R, Palacios R, Welsch R (2016) Anomaly detection via a Gaussian mixture model for flight operation and safety monitoring. Transp Res Part C Emerg Technol 64:45–57. https://doi.org/10.1016/j.trc.2016.01.007

    Article  Google Scholar 

  18. Chapaneri R, Shah S (2019) Detection of malicious network traffic using convolutional neural networks. In: IEEE 10th Intl. Conf. on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India. https://doi.org/10.1109/ICCCNT45670.2019.8944814

  19. Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

  20. Kim J, Thu H, Kim H (2017) Long short term memory recurrent neural network classifier for intrusion detection. In: IEEE Intl. Conf. Platform Technology and Service, South Korea. https://doi.org/10.1109/PlatCon.2016.7456805

  21. Wu P, Guo H, Moustafa N (2020) Pelican: a deep residual network for network intrusion detection. In: 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). https://doi.org/10.1109/DSN-W50199.2020.00018

  22. Dutta V, Choraś M, Kozik R, Pawlicki M (2020) Hybrid model for improving the classification effectiveness of network intrusion detection. In: Intl. Conference on Complex, Intelligent, and Software Intensive Systems, Springer, Berlin https://doi.org/10.1007/978-3-030-57805-3_38

  23. Almalawi A, Fahad A, Tari Z, Khan A, Alzahrani N, Bakhsh S, Alassafi M, Alshdadi A, Qaiyum S (2020) Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data. Electronics 9:1017. https://doi.org/10.3390/electronics9061017

    Article  Google Scholar 

  24. Merrill N, Eskandarian A (2020) Modified autoencoder training and scoring for robust unsupervised anomaly detection in deep learning. IEEE Access. https://doi.org/10.1109/ACCESS.2020.2997327

    Article  Google Scholar 

  25. Chen X, Cao C, Mai J (2020) Network anomaly detection based on deep support vector data description. In: 5th IEEE International Conference on Big Data Analytics (ICBDA). https://doi.org/10.1109/ICBDA49040.2020.9101325

  26. Maaten L, Hinton G (2008) Visualizing data using t-SNE. J Mach Learn Res 9:2579–2605

    MATH  Google Scholar 

  27. Pérez D, Alonso S, Morán A, Prada M, Fuertes J, Dománguez M (2019) Comparison of network intrusion detection performance using feature representation. In: Intl. Conf. on Engineering Applications of Neural Networks pp 463–475. https://doi.org/10.1007/978-3-030-20257-6_40

  28. Marir N, Wang H, Feng G, Li B, Jia M (2018) Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2875045

    Article  Google Scholar 

  29. Aksu D, Aydin M (2018) Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: IEEE Intl. Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) Turkey pp 77–80. https://doi.org/10.1109/IBIGDELFT.2018.8625370

  30. Sharafaldin I, Habibi L, Ghorbani A (2018) A detailed analysis of the CICIDS2017 data set. In: Intl. Conf. on Information Systems Security and Privacy, Springer Cham.https://doi.org/10.1007/978-3-030-25109-3_9

  31. Yulianto A, Sukarno P, Suwastika N (2019) Improving AdaBoost-based intrusion detection system performance on CICIDS 2017 dataset. In: Journal of Physics: Conference Series, vol 1192, no. 1. https://doi.org/10.1088/1742-6596/1192/1/012018

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, MPSTME, NMIMS University, Mumbai, India

    Radhika Chapaneri & Seema Shah

Authors
  1. Radhika Chapaneri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seema Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Radhika Chapaneri.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chapaneri, R., Shah, S. Multi-level Gaussian mixture modeling for detection of malicious network traffic. J Supercomput 77, 4618–4638 (2021). https://doi.org/10.1007/s11227-020-03447-z

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-020-03447-z

Keywords

Search

Navigation