Skip to main content
SpringerLink
Log in

An autoML network traffic analyzer for cyber threat detection

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Timely detection and effective treatment of cyber-attacks for protecting personal and sensitive data from unauthorized disclosure constitute a core demand of citizens and a legal obligation of organizations that collect and process personal data. SMEs and organizations understand their obligation to comply with GDPR and protect the personal data they have in their possession. They invest in advanced and intelligent solutions to increase their cybersecurity posture. This article introduces a ground-breaking Network Traffic Analyzer, a crucial component of the Cyber-pi project's cyber threat intelligent information sharing architecture (CTI2SA). The suggested system, built on the Lambda (λ) architecture, enhances active cybersecurity approaches for traffic analysis by combining batch and stream processing to handle massive amounts of data. The Network Traffic Analyzer's core module has an automatic model selection mechanism that selects the ML model with the highest performance among its rivals. The goal is to keep the architecture's overall threat identification capabilities functioning effectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

The data used in this study are available from the author upon request.

References

  1. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015). https://doi.org/10.1109/COMST.2015.2444095

    Article  Google Scholar 

  2. Harjula, E., Artemenko, A., Forsström, S.: Edge computing for industrial IoT: challenges and solutions. In: Mahmood, N.H., Marchenko, N., Gidlund, M., Popovski, P. (eds.) Wireless Networks and industrial IoT: applications, challenges and enablers, pp. 225–240. Springer International Publishing, Cham (2021)

    Chapter  Google Scholar 

  3. Al Enany, M.O., Harb, H.M., Attiya, G.: A comparative analysis of MQTT and IoT application protocols. In: 2021 International Conference on Electronic Engineering (ICEEM), pp. 1–6 (2021)

  4. Banafa, A.: 2 The Industrial Internet of Things (IIoT): challenges, requirements and benefits. In: Secure and Smart Internet of Things (IoT): Using Blockchain and AI, River Publishers, pp. 7–12. (2018). Accessed 19 Jan 2021. [Online]. Available: https://ieeexplore.ieee.org/document/9226906

  5. Boubekeur, M.: Industrial applications for cyber-physical systems. In: 2017 First International Conference on Embedded Distributed Systems (EDiS), pp. 59–59. (2017)

  6. Chen, H., Hu, M., Yan, H., Yu, P.: Research on industrial internet of things security architecture and protection strategy. In: 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRIS), pp. 365–368. (2019)

  7. Geng, H.: The industrial internet of things (IIoT). In: Internet of Things and Data Analytics Handbook, Wiley, pp. 41–81. (2017)

  8. Farooq, M.J., Zhu, Q.: IoT supply chain security: overview, challenges, and the road ahead. ArXiv190807828 Cs. (2019), Accessed 19 Jan 2021. [Online]. Available: http://arxiv.org/abs/1908.07828

  9. Dawood, K.: An overview of renewable energy and challenges of integrating renewable energy in a smart grid system in Turkey. In: 2020 International Conference on Electrical Engineering (ICEE), pp. 1–6. (2020)

  10. Khan, W.Z., Rehman, M.H., Zangoti, H.M., Afzal, M.K., Armi, N., Salah, K.: Industrial internet of things: recent advances, enabling technologies and open challenges. Comput. Electr. Eng. 81, 106522 (2020). https://doi.org/10.1016/j.compeleceng.2019.106522

    Article  Google Scholar 

  11. Rouhani, S., Deters, R.: Blockchain based access control systems: state of the art and challenges. IEEEWICACM Int. Conf. Web Intell. (2019). https://doi.org/10.1145/3350546.3352561

    Article  Google Scholar 

  12. Choo, K.R., Gritzalis, S., Park, J.H.: Cryptographic solutions for industrial internet-of-things: research challenges and opportunities. IEEE Trans. Ind. Inform. 14(8), 3567–3569 (2018). https://doi.org/10.1109/TII.2018.2841049

    Article  Google Scholar 

  13. Mahalle, V.S., Shahade, A.K.: Enhancing the data security in Cloud by implementing hybrid (Rsa amp; Aes) encryption algorithm. In: 2014 International Conference on Power, Automation and Communication (INPAC), pp. 146–149. (2014)

  14. Demertzis, K., Rantos, K., Drosatos, G.: A dynamic intelligent policies analysis mechanism for personal data processing in the IoT ecosystem. Big Data Cogn. Comput. 4(2), 9 (2020). https://doi.org/10.3390/bdcc4020009

    Article  Google Scholar 

  15. de Souza, P.V.C., Guimarães, A.J., Rezende, T.S., Souza Araujo, V., do Nascimento, L.A.F., Oliveira Batista, L.: An intelligent hybrid model for the construction of expert systems in malware detection. In: 2020 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS), pp. 1–8. (2020) doi: https://doi.org/10.1109/EAIS48028.2020.9122770.

  16. Majed, H., Noura, H.N., Chehab, A.: Overview of digital forensics and anti-forensics techniques. In: 2020 8th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5. (2020). doi: https://doi.org/10.1109/ISDFS49300.2020.9116399.

  17. Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., Markakis, E.K.: A survey on the internet of things (IoT) forensics: challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. 22(2), 1191–1221 (2020). https://doi.org/10.1109/COMST.2019.2962586

    Article  Google Scholar 

  18. Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) Innovative Security Solutions for Information Technology and Communications Lecture Notes in Computer Science, pp. 300–313. Springer International Publishing, Cham (2019)

    Google Scholar 

  19. Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) Critical Information Infrastructures Security Lecture Notes in Computer Science, pp. 154–166. Springer International Publishing, Cham (2019)

    Chapter  Google Scholar 

  20. Rantos, K., Spyros, A., Papanikolaou, A., Kritsas, A., Ilioudis, C., Katos, V.: Interoperability challenges in the cybersecurity information sharing ecosystem. Computers 9(1), 18 (2020). https://doi.org/10.3390/computers9010018

    Article  Google Scholar 

  21. Rhoades, D.: Machine actionable indicators of compromise. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–5. (2014) https://doi.org/10.1109/CCST.2014.6987016.

  22. Akram, B., Ogi, D.: The making of indicator of compromise using malware reverse engineering techniques. In: 2020 International Conference on ICT for Smart Society (ICISS), pp. 1–6. (2020)

  23. Atluri, V., Horne, J.: A machine learning based threat intelligence framework for industrial control system network traffic indicators of compromise. In: SoutheastCon 2021, pp. 1–5. (2021)

  24. Verma, M., Kumarguru, P., Brata Deb, S., Gupta, A.: Analysing indicator of compromises for ransomware: leveraging IOCs with machine learning techniques. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 154–159. (2018)

  25. Garbis, J., Chapman, J.W.: Privileged access management. In: Garbis, J., Chapman, J.W. (eds.) Zero Trust Security: An Enterprise Guide, pp. 155–161. Apress, Berkeley (2021)

    Chapter  Google Scholar 

  26. MicrosoftGuyJFlo, “Developing a privileged access strategy.” https://learn.microsoft.com/en-us/security/compass/privileged-access-strategy (accessed 18 Sept 2022)

  27. Moorhead Patrick, M.K.: RESEARCH PAPER: modern privileged access management. In: Moor Insights & Strategy, 26 Jan 2022. https://moorinsightsstrategy.com/research-paper-modern-privileged-access-management/ (accessed 18 Sep 2022)

  28. Miller, D.J., Xiang, Z., Kesidis, G.: Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proc. IEEE 108(3), 402–433 (2020). https://doi.org/10.1109/JPROC.2020.2970615

    Article  Google Scholar 

  29. Zhou, Z., Kuang, X., Sun, L., Zhong, L., Xu, C.: Endogenous security defense against deductive attack: when artificial intelligence meets active defense for online service. IEEE Commun. Mag. 58(6), 58–64 (2020). https://doi.org/10.1109/MCOM.001.1900367

    Article  Google Scholar 

  30. Xing, K., Li, A., Jiang, R., Jia, Y.: A review of APT attack detection methods and defense strategies. In: 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC), pp. 67–70. (2020)

  31. Gupta, S.K., Tripathi, M., Grover, J.: Towards an effective intrusion detection system using machine learning techniques: comprehensive analysis and review. In: 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), pp. 1–6. (2021)

  32. Wang, M., Cui, Y., Wang, X., Xiao, S., Jiang, J.: Machine learning for networking: workflow, advances and opportunities. IEEE Netw. 32(2), 92–99 (2018). https://doi.org/10.1109/MNET.2017.1700200

    Article  Google Scholar 

  33. Llopis, S. et al.: A comparative analysis of visualisation techniques to achieve cyber situational awareness in the military. In: 2018 International Conference on Military Communications and Information Systems (ICMCIS), pp. 1–7. (2018)

  34. Yang, B., Liu, D.: Research on network traffic identification based on machine learning and deep packet inspection. In: 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 1887–1891. (2019)

  35. Trabelsi, Z., Zeidan, S., Masud, M.M.: Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pp. 808–815. (2016)

  36. Yang, Z., Sun, Q., Zhang, Y., Wang, W.: Identification of malicious injection attacks in dense rating and co-visitation behaviors. IEEE Trans. Inf. Forensics Secur. 16, 537–552 (2021). https://doi.org/10.1109/TIFS.2020.3016827

    Article  Google Scholar 

  37. Alhasan, S., Abdul-Salaam, G., Bayor, L., Oliver, K.: Intrusion detection system based on artificial immune system: a review. In: 2021 International Conference on Cyber Security and Internet of Things (ICSIoT), pp. 7–14. (2021)

  38. Dhingra, M., Jain, M., Jadon, R.S.: Role of artificial intelligence in enterprise information security: a review. In: 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC), pp. 188–191. (2016)

  39. Mohammed, A., George, G.: Vulnerabilities and strategies of cybersecurity in smart grid—evaluation and review. In: 2022 3rd International Conference on Smart Grid and Renewable Energy (SGRE), pp. 1–6. (2022)

  40. Hota, A.R., Sundaram, S.: Interdependent security games on networks under behavioral probability weighting. IEEE Trans. Control Netw. Syst. 5(1), 262–273 (2018). https://doi.org/10.1109/TCNS.2016.2600484

    Article  MathSciNet  MATH  Google Scholar 

  41. Goli, Y.D., Ambika, R.: Network traffic classification techniques-a review. In: 2018 International Conference on Computational Techniques, Electronics and Mechanical Systems (CTEMS), pp. 219–222. (2018)

  42. Yu, M.J., Jung, J.H., Lee, J.S.: Design and implementation of a packet analyzer for traffic monitoring in tactical communication network. In: 2016 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1239–1241. (2016)

  43. Addeen, H.H., Xiao, Y., Li, J., Guizani, M.: A survey of cyber-physical attacks and detection methods in smart water distribution systems. IEEE Access 9, 99905–99921 (2021). https://doi.org/10.1109/ACCESS.2021.3095713

    Article  Google Scholar 

  44. Kashinath, S.A., et al.: Review of data fusion methods for real-time and multi-sensor traffic flow analysis. IEEE Access 9, 51258–51276 (2021). https://doi.org/10.1109/ACCESS.2021.3069770

    Article  Google Scholar 

  45. Novakov, S., Lung, C.-H., Lambadaris, I., Seddigh, N.: Combining statistical and spectral analysis techniques in network traffic anomaly detection. In: 2012 Next Generation Networks and Services (NGNS), pp. 94–101. (2012)

  46. Sinadskiy, A., Domukhovsky, N.: Statistical-entropy method for zero knowledge network traffic analysis algorithm implementation. In: 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), pp. 611–614. (2020)

  47. Coulter, R., Han, Q.-L., Pan, L., Zhang, J., Xiang, Y.: Data-driven cyber security in perspective—intelligent traffic analysis. IEEE Trans. Cybern. 50(7), 3081–3093 (2020). https://doi.org/10.1109/TCYB.2019.2940940

    Article  Google Scholar 

  48. Thakare, S., Pund. A., Pund, M.A.: Network traffic analysis, importance, techniques: a review. In: 2018 3rd International Conference on Communication and Electronics Systems (ICCES), pp. 376–381. (2018)

  49. Lazar, A., Wu, K., Sim, A.: Predicting network traffic using TCP anomalies. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 5369–5371. (2018)

  50. Naing, M.T., Khaing, T.T., Maw, A.H.: Evaluation of TCP and UDP traffic over software-defined networking. In: 2019 International Conference on Advanced Information Technologies (ICAIT), pp. 7–12. (2019)

  51. Hsu, C.-H., Huang, C.-Y., Chen, K.-T.: Fast-flux bot detection in real time. In: Jha, S., Sommer, R., Kreibich, C. (eds.) Recent Advances in Intrusion Detection Lecture Notes in Computer Science, pp. 464–483. Springer, Berlin (2010)

    Chapter  Google Scholar 

  52. Rana, S., Aksoy, A.: Automated fast-flux detection using machine learning and genetic algorithms. In: IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1–6. (2021)

  53. Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, in MineNet ’05. New York, NY, USA: Association for Computing Machinery, pp. 197–202. (2005)

  54. Caglayan, A., Toothaker, M., Drapeau, D., Burke, D., Eaton, G.: Real-time detection of fast flux service networks. In: 2009 Cybersecurity Applications & Technology Conference for Homeland Security, pp. 285–292. (2009)

  55. Ding, W., Ren, W., Xia, Z., Wang, L.: Botnet tracing based on distributed denial of service activity analysis. In: 2015 8th International Conference on Biomedical Engineering and Informatics (BMEI), pp. 685–689. (2015)

  56. Tsai, M.-H., Chang, K.-C., Lin, C.-C., Mao, C.-H., Lee, H.-M.: C&C tracer: Botnet command and control behavior tracing. In: 2011 IEEE International Conference on Systems, Man, and Cybernetics, pp. 1859–1864. (2011)

  57. Wang, Z., Fok, K.-W., Thing, V.L.L.: Machine learning for encrypted malicious traffic detection: approaches, datasets and comparative study. Comput. Secur. 113, 102542 (2022). https://doi.org/10.1016/j.cose.2021.102542

    Article  Google Scholar 

  58. Jorgensen, S. et al.: Extensible machine learning for encrypted network traffic application labeling via uncertainty quantification. arXiv, May 11, (2022) doi: https://doi.org/10.48550/arXiv.2205.05628

  59. Chaabane, A., Manils, P., Kaafar, M.A.: Digging into anonymous traffic: a deep analysis of the tor anonymizing network. In: 2010 Fourth International Conference on Network and System Security, pp. 167–174. (2010)

  60. Ishitaki, T., Obukata, R., Oda, T., Barolli, L.: Application of deep recurrent neural networks for prediction of user behavior in tor networks. In: 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 238–243. (2017)

  61. Juan, W., Shimin, C., Jun, Z., Bin, H., Lei, S.: Identification of tor anonymous network traffic based on machine learning. In: 2021 18th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), pp. 150–153. (2021)

  62. Gao, Y., Li, X., Peng, H., Fang, B., Yu, P.: HinCTI: a cyber threat intelligence modeling and identification system based on heterogeneous information network. IEEE Trans. Knowl. Data Eng. (2020). https://doi.org/10.1109/TKDE.2020.2987019

    Article  Google Scholar 

  63. Zhao, H., Yao, Q., Li, J., Song, Y., Lee, D.L.: Meta-graph based recommendation fusion over heterogeneous information networks. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, in KDD ’17. Association for Computing Machinery, pp. 635–644. (2017)

  64. Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, in CCS ’16. Association for Computing Machinery, pp. 755–766. (2016)

  65. Modi, A. et al.: Towards automated threat intelligence fusion. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp. 408–416. (2016)

  66. Gascon, H., Grobauer, B., Schreck, T., Rist, L., Arp, D., Rieck, K.: Mining attributed graphs for threat intelligence. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, in CODASPY ’17. Association for Computing Machinery, pp. 15–22. (2017)

  67. Sengupta, S., Chowdhary, A., Huang, D., Kambhampati, S.: General sum markov games for strategic detection of advanced persistent threats using moving target defense in cloud networks. In: Alpcan, T., Vorobeychik, Y., Baras, J.S., Dán, G. (eds.) Decision and Game Theory for Security Lecture Notes in Computer Science, pp. 492–512. Springer International Publishing (2019)

    Google Scholar 

  68. Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35–41 (2014). https://doi.org/10.1109/MSP.2014.103

    Article  Google Scholar 

  69. Introduction to STIX. https://oasis-open.github.io/cti-documentation/stix/intro.html (accessed 14 Oct 2021)

  70. Spyros, A., Rantos, K., Papanikolaou, A., Ilioudis, C.: An innovative self-healing approach with STIX data utilization. In: Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, pp. 645–651. SCITEPRESS - Science and Technology Publications, Lieusaint - Paris, France, (2020)

  71. Guillen, E., Padilla, D., Colorado, Y.: Weaknesses and strengths analysis over network-based intrusion detection and prevention systems. In: 2009 IEEE Latin-American Conference on Communications, pp. 1–5. (2009)

  72. Özer, E., İskefiyeli, M.: Detection of DDoS attack via deep packet analysis in real time systems. In: 2017 International Conference on Computer Science and Engineering (UBMK), pp. 1137–1140. (2017)

  73. OSSEC - World’s Most Widely Used Host Intrusion Detection System—HIDS. OSSEC. https://www.ossec.net/ (accessed 14 Oct 2021)

  74. MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing (formely known as Malware Information Sharing Platform).” https://www.misp-project.org/ (accessed 14 Oct 2021)

  75. Yang, Y. et al.: Dark web forum correlation analysis research. In 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), pp. 1216–1220. (2019)

  76. Spagnolo, G.S., Santis, M.D.: Computer generated hologram for SemiFragile watermarking with encrypted images. Int. J. Comput. Inf. Eng. 2(11), 3829–3837 (2008)

    Google Scholar 

  77. Ye, G., Jiao, K., Wu, H., Pan, C., Huang, X.: An asymmetric image encryption algorithm based on a fractional-order chaotic system and the RSA public-key cryptosystem. Int. J. Bifurc. Chaos (2020). https://doi.org/10.1142/S0218127420502338

    Article  MATH  Google Scholar 

  78. Habibi Lashkari, A., Kaur, G., Rahali, A.: DIDarknet: a contemporary approach to detect and characterize the darknet traffic using deep image learning. In: 2020 the 10th International Conference on Communication and Network Security, in ICCNS 2020. pp. 1–13. Association for Computing Machinery, New York, NY, USA (2020)

  79. Fan, J., Mu, D., Liu, Y.: Research on network traffic prediction model based on neural network. In: 2019 2nd International Conference on Information Systems and Computer Aided Education (ICISCAE), pp. 554–557. (2019)

  80. Alghamdi, R., Bellaiche, M.: A deep intrusion detection system in lambda architecture based on edge cloud computing for IoT. In: 2021 4th International Conference on Artificial Intelligence and Big Data (ICAIBD), pp. 561–566. (2021)

  81. Sanla, A., Numnonda, T.: A comparative performance of real-time big data analytic architectures. In: 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC), pp. 1–5. (2019)

  82. Zahid, H., Mahmood, T., Morshed, A., Sellis, T.: Big data analytics in telecommunications: literature review and architecture recommendations. IEEECAA J. Autom. Sin. 7(1), 18–38 (2020). https://doi.org/10.1109/JAS.2019.1911795

    Article  Google Scholar 

  83. Suthakar, U., Magnoni, L., Smith, D.R., Khan, A.: Optimised lambda architecture for monitoring scientific infrastructure. IEEE Trans. Parallel Distrib. Syst. 32(6), 1395–1408 (2021). https://doi.org/10.1109/TPDS.2017.2772241

    Article  Google Scholar 

  84. Hoseiny Farahabady, M., Taheri, J., Tari, Z., Zomaya, A.Y.: A dynamic resource controller for a lambda architecture. In: 2017 46th International Conference on Parallel Processing (ICPP), pp. 332–341. (2017)

  85. Batyuk, A., Voityshyn, V., Verhun, V.: Software architecture design of the real- time processes monitoring platform. In: 2018 IEEE Second International Conference on Data Stream Mining & Processing (DSMP), pp. 98–101. (2018)

  86. Parres-Peredo, A., Piza-Davila, I., Cervantes, F.: Building and evaluating user network profiles for cybersecurity using serverless architecture. In: 2019 42nd International Conference on Telecommunications and Signal Processing (TSP), pp. 164–167. (2019)

  87. Ge, P.: Analysis on approaches and structures of automated machine learning frameworks. In: 2020 International Conference on Communications, Information System and Computer Engineering (CISCE), pp. 474–477. (2020)

  88. Nagarajah, T., Poravi, G.: A review on automated machine learning (AutoML) systems. In: 2019 IEEE 5th International Conference for Convergence in Technology (I2CT), pp. 1–6. (2019)

  89. Nguyen, D.A., Kononova, A.V., Menzel, S., Sendhoff, B., Bäck, T.: An efficient contesting procedure for AutoML optimization. IEEE Access 10, 75754–75771 (2022). https://doi.org/10.1109/ACCESS.2022.3192036

    Article  Google Scholar 

  90. Nguyen, D.A., Kononova, A.V., Menzel, S., Sendhoff, B., Back, T.: Efficient AutoML via combinational sampling. In: 2021 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 01–10. (2021)

  91. Kotthoff, L., Thornton, C., Hoos, H.H., Hutter, F., Leyton-Brown, K.: Auto-WEKA: automatic model selection and hyperparameter optimization in WEKA. In: Hutter, F., Kotthoff, L., Vanschoren, J. (eds.) Automated Machine Learning: Methods, Systems, Challenges The Springer Series on Challenges in Machine Learning, pp. 81–95. Springer International Publishing, Cham (2019)

    Chapter  Google Scholar 

  92. Feurer, M., Hutter, F.: Hyperparameter optimization. In: Hutter, F., Kotthoff, L., Vanschoren, J. (eds.) Automated Machine Learning: Methods, Systems, Challenges The Springer Series on Challenges in Machine Learning, pp. 3–33. Springer International Publishing, Cham (2019)

    Chapter  Google Scholar 

  93. Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., Aguilar, J.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutor. 21(2), 1988–2014 (2019). https://doi.org/10.1109/COMST.2018.2883147

    Article  Google Scholar 

  94. Dong, H., Munir, A., Tout, H., Ganjali, Y.: Next-generation data center network enabled by machine learning: review, challenges, and opportunities. IEEE Access 9, 136459–136475 (2021). https://doi.org/10.1109/ACCESS.2021.3117763

    Article  Google Scholar 

  95. Jirsik, T.: Stream4Flow: Real-time IP flow host monitoring using Apache Spark. In: NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–2. (2018)

  96. Jirsik, T., Celeda, P.: Toward real-time network-wide cyber situational awareness. In: NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–7. (2018)

  97. Shi, J., Leau, Y.-B., Li, K., Park, Y.-J., Yan, Z.: Optimization and decomposition methods in network traffic prediction model: a review and discussion. IEEE Access 8, 202858–202871 (2020). https://doi.org/10.1109/ACCESS.2020.3036421

    Article  Google Scholar 

  98. Saxena, A., Pant, B., Alanya-Beltran, J., Akram, S.V., Bhaskar, B., Bansal, R.: A detailed review of implementation of deep learning approaches for industrial internet of things with the different opportunities and challenges. In: 2022 5th International Conference on Contemporary Computing and Informatics (IC3I), pp. 1370–1375. (2022)

  99. Macas, M., Wu, C.: Review: deep learning methods for cybersecurity and intrusion detection systems. In: 2020 IEEE Latin-American Conference on Communications (LATINCOM), pp. 1–6. (2020)

  100. Halbouni, A., Gunawan, T.S., Habaebi, M.H., Halbouni, M., Kartiwi, M., Ahmad, R.: Machine learning and deep learning approaches for cybersecurity: a review. IEEE Access 10, 19572–19585 (2022). https://doi.org/10.1109/ACCESS.2022.3151248

    Article  Google Scholar 

  101. Das, A., Balakrishnan, S.G.: A comparative analysis of deep learning approaches in intrusion detection system. In: 2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), pp. 555–562. (2021)

  102. Hamouda, D., Ferrag, M.A., Benhamida, N., Seridi, H.: Intrusion detection systems for industrial internet of things: a survey. In: 2021 International Conference on Theoretical and Applicative Aspects of Computer Science (ICTAACS), pp. 1–8. (2021)

  103. Dicholkar, S.V., Sekhar, D.: Review-IoT security research opportunities. In: 2020 International Conference on Convergence to Digital World - Quo Vadis (ICCDW), pp. 1–4. (2020)

  104. Dmitrievich, A.G., Nikolaevich, S.A.: Automated process control anomaly detection using machine learning methods. In: 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), pp. 0536–0538. (2020)

  105. Ali, R.F., Muneer, A., Dominic, P.D.D., Ghaleb, E.A.A., Al-Ashmori, A.: Survey on cyber security for industrial control systems. In: 2021 International Conference on Data Analytics for Business and Industry (ICDABI), pp. 630–634. (2021)

  106. Tsiknas, K., Taketzis, D., Demertzis, K., Skianis, C.: Cyber threats to industrial IoT: a survey on attacks and countermeasures. IoT 2, 1 (2021). https://doi.org/10.3390/iot2010009

    Article  Google Scholar 

Download references

Acknowledgements

Co-financed by the European Regional Development Fund of the European Union and Greek national funds through the Operational Program Competitiveness, Entrepreneurship and Innovation, under the call RESEARCH–CREATE–INNOVATE (project code: Τ2EDK-01469).

Author information

Authors and Affiliations

  1. Innovative Secure Technologies P.C., Thermi, Greece

    Alexandros Papanikolaou & Aggelos Alevizopoulos

  2. Department of Information and Electronic Engineering, International Hellenic University, Thermi, Greece

    Christos Ilioudis

  3. Department of Computer Science, International Hellenic University, Kavala, Greece

    Konstantinos Demertzis & Konstantinos Rantos

Authors
  1. Alexandros Papanikolaou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aggelos Alevizopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christos Ilioudis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Konstantinos Rantos
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Conceptualization was contributed by AP, AA, CI; methodology was contributed by AP, CI; software was contributed by AP, CI, KD, KR; validation was contributed by AP, AA, CI, KD, KR; formal analysis was contributed by AP, AA, CI, KR; investigation was contributed by AP, AA, CI; resources were contributed by AP, CI; data curation was contributed by AP, AA, CI, KD, KR; writing—original draft preparation, was contributed by AP, KD, KR; writing—review and editing, was contributed by AP, AA, CI, KD, KR; visualization was contributed by AP, AA, CI; supervision was contributed by CI, KR; project administration was contributed by AP; funding acquisition was contributed by AP, AA, CI. All authors have read, reviewed and agreed to the published version of the manuscript.

Corresponding author

Correspondence to Konstantinos Demertzis.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Papanikolaou, A., Alevizopoulos, A., Ilioudis, C. et al. An autoML network traffic analyzer for cyber threat detection. Int. J. Inf. Secur. 22, 1511–1530 (2023). https://doi.org/10.1007/s10207-023-00703-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00703-0

Keywords

Search

Navigation