A Hybrid Deep Generative Local Metric Learning Method for Intrusion Detection

  • Mahdis Saharkhizan
  • Amin AzmoodehEmail author
  • Hamed HaddadPajouh
  • Ali Dehghantanha
  • Reza M. Parizi
  • Gautam Srivastava


Advancement in information technology and widespread use of digital networks have led to an increasing number of malicious activities and intrusions targeting software and systems. There are various Machine Learning techniques have been utilized for Intrusion Detection Systems (IDS) to protect computers and networks from network based and host-based attacks. However, there are harmful categories of attacks where their information resembles other attacks to lead IDS detection astray. In this chapter, we propose a hybrid model designed to detect abnormal intrusions such as Remote to Local (R2L) and User to Root (U2R). The proposed model leverages an unsupervised learning algorithm that applies back-propagation to learn the identity function of attacks data and also reduce the dimension of dataset and cluster the data. Furthermore, we apply the Generative Local Metric Learning (GLML) on cluster to learn local metrics within each cluster to apply a robust nearest neighbor classifier. The empirical results on NSL-KDD dataset demonstrate that our model outperforms previous models designed to detect two major harmful attacks (U2R and R2L).


  1. 1.
    A. Azmoodeh, A. Dehghantanha, K.K.R. Choo, Big Data and Internet of Things Security and Forensics: Challenges and Opportunities (Springer International Publishing, Cham, 2019), pp. 1–4Google Scholar
  2. 2.
    A. Azmoodeh, A. Dehghantanha, M. Conti, K.-K.R. Choo, Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J. Ambient Intell. Humaniz. Comput. 9(4), 1141–1152 (2018)CrossRefGoogle Scholar
  3. 3.
    P.N. Bahrami, A. Dehghantanha, T. Dargahi, R.M. Parizi, K.R. Choo, H.H.S. Javadi, Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J. Inf. Process. Syst. 15, 865–889 (2019). Google Scholar
  4. 4.
    P. Baldi, Autoencoders, unsupervised learning, and deep architectures, in Proceedings of ICML Workshop on Unsupervised and Transfer Learning (2012), pp. 37–49Google Scholar
  5. 5.
    D.S. Berman, A.L. Buczak, J.S. Chavis, C.L. Corbett, A survey of deep learning methods for cyber security. Information 10(4), 122 (2019)Google Scholar
  6. 6.
    M.H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014). CrossRefGoogle Scholar
  7. 7.
    M. Conti, A. Dehghantanha, K. Franke, S. Watson, Internet of things security and forensics: challenges and opportunities. Futur. Gener. Comput. Syst. 78, 544–546 (2018).
  8. 8.
    M. Damshenas, A. Dehghantanha, R. Mahmoud, S. bin Shamsuddin, Forensics investigation challenges in cloud computing environments, in Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (2012), pp. 190–194.
  9. 9.
    M. Damshenas, A. Dehghantanha, R. Mahmoud, A survey on malware propagation, analysis, and detection. Int. J. Cyber-Secur. Digit. Forensics 2(4), 10–30 (2013)Google Scholar
  10. 10.
    H. Darabian, A. Dehghantanha, S. Hashemi, S. Homayoun, K.K.R. Choo, An opcode-based technique for polymorphic internet of things malware detection, in Concurrency and Computation: Practice and Experience (Wiley, Hoboken, 2019), p. e5173Google Scholar
  11. 11.
    F. Daryabar, A. Dehghantanha, N.I. Udzir, N.F.b.M. Sani, S. bin Shamsuddin, Towards secure model for SCADA systems, in 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (June 2012), pp. 60–64Google Scholar
  12. 12.
    E.M. Dovom, A. Azmoodeh, A. Dehghantanha, D.E. Newton, R.M. Parizi, H. Karimipour, Fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019)CrossRefGoogle Scholar
  13. 13.
    S. Dua, X. Du, Data Mining and Machine Learning in Cybersecurity (Auerbach Publications, Boca Raton, 2016)CrossRefGoogle Scholar
  14. 14.
    G. Epiphaniou, T. French, H. Al-Khateeb, A. Dehghantanha, H. Jahankhani, A novel anonymity quantification and preservation model for undernet relay networks, in ed. by H. Jahankhani, A. Carlile, D. Emm, A. Hosseinian-Far, G. Brown, G. Sexton, A. Jamal. Global Security, Safety and Sustainability - The Security Challenges of the Connected World (Springer International Publishing, Cham, 2016), pp. 371–384Google Scholar
  15. 15.
    I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, F.J. Aparicio-Navarro, Detection of advanced persistent threat using machine-learning correlation analysis. Futur. Gener. Comput. Syst. 89, 349–359 (2018)CrossRefGoogle Scholar
  16. 16.
    S. Gerris, H. Karimipour, A feature selection-based approach for joint cyber-attack detection and state estimation, in IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2019), pp. 1–5Google Scholar
  17. 17.
    T.R. Glass-Vanderlan, M.D. Iannacone, M.S. Vincent, Q. Chen, R.A. Bridges, A survey of intrusion detection systems leveraging host data, in CoRR (2018). Google Scholar
  18. 18.
    I. Goodfellow, Y. Bengio, A. Courville, Deep Learning (MIT press, Cambridge, 2016)zbMATHGoogle Scholar
  19. 19.
    S. Grooby, T. Dargahi, A. Dehghantanha, Protecting IoT and ICS Platforms Against Advanced Persistent Threat Actors: Analysis of APT1, Silent Chollima and Molerats (Springer International Publishing, Cham, 2019), pp. 225–255Google Scholar
  20. 20.
    S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Trans. Emerg. Top. Comput. 1–1 (2017).
  21. 21.
    S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, R. Khayami, BoTShark: A Deep Learning Approach for Botnet Traffic Detection (Springer International Publishing, Cham, 2018), pp. 137–153Google Scholar
  22. 22.
    S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, K.-K.R. Choo, D.E. Newton, DRTHIS: deep ransomware threat hunting and intelligence system at the fog layer. Futur. Gener. Comput. Syst. 90, 94–104 (2019)CrossRefGoogle Scholar
  23. 23.
    H. Karimipour, V. Dinavahi, Robust massively parallel dynamic state estimation of power systems against cyber-attack. IEEE Access 6, 2984–2995 (2018). CrossRefGoogle Scholar
  24. 24.
    H. Karimipour, A. Dehghantanha, R.M. Parizi, K.R. Choo, H. Leung, A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids. IEEE Access 7, 80778–80788 (2019)CrossRefGoogle Scholar
  25. 25.
    H. Karimipour, S. Geris, A. Dehghantanha, H. Leung, Intelligent Anomaly Detection for Large-Scale Smart Grids (IEEE, Piscataway, 2019), pp. 1–4Google Scholar
  26. 26.
    D. Kong, G. Yan:, Discriminant malware distance learning on structural information for automated malware classification, in Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’13 (ACM (2013), pp. 1357–1365.
  27. 27.
    Y. LeCun, Y. Bengio, G. Hinton, Deep learning. Nature 521(7553), 436 (2015)Google Scholar
  28. 28.
    N. Milosevic, A. Dehghantanha, K.K.R. Choo, Machine learning aided android malware classification. Comput. Electr. Eng. 61, 266–274 (2017)CrossRefGoogle Scholar
  29. 29.
    S. Mohammadi, V. Desai, H. Karimipour, Multivariate Mutual Information-Based Feature Selection for Cyber Intrusion Detection (2018), pp. 1–6.
  30. 30.
    S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, H. Karimipour, Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019).
  31. 31.
    Y. Noh, B. Zhang, D.D. Lee, Generative local metric learning for nearest neighbor classification. IEEE Trans. Pattern Anal. Mach. Intell. 40(1), 106–118 (2018). CrossRefGoogle Scholar
  32. 32.
    O. Osanaiye, K.K.R. Choo, M. Dlodlo, Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud ddos mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)CrossRefGoogle Scholar
  33. 33.
    H.H. Pajouh, R. Javidan, R. Khayami, D. Ali, K.K.R. Choo, A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks. IEEE Trans. Emerg. Top. Comput. 7, 314–323 (2016)CrossRefGoogle Scholar
  34. 34.
    H.H. Pajouh, G. Dastghaibyfard, S. Hashemi, Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)CrossRefGoogle Scholar
  35. 35.
    M. Panda, A. Abraham, M.R. Patra, A hybrid intelligent approach for network intrusion detection. Proc. Eng. 30, 1–9 (2012)CrossRefGoogle Scholar
  36. 36.
    J. Sakhnini, H. Karimipour, A. Dehghantanha, Smart grid cyber attacks detection using supervised learning and heuristic feature selection, in IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2019), pp. 1–5Google Scholar
  37. 37.
    J. Sakhnini, H. Karimipour, A. Dehghantanha, R. Parizi, G. Srivastava, Security aspects of internet of things aided smart grids: a bibliometric survey. Elsevier J. Internet Things 1–13 (2019).
  38. 38.
    F. Salo, A.B. Nassif, A. Essex, Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019).
  39. 39.
    K. Selvakumar, M. Karuppiah, L. SaiRamesh, S.H. Islam, M.M. Hassan, G. Fortino, K.K.R. Choo, Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs. Inf. Sci. 497, 77–90 (2019).
  40. 40.
    A. Shalaginov, S. Banin, A. Dehghantanha, K. Franke, Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (Springer International Publishing, Cham, 2018), pp. 7–45Google Scholar
  41. 41.
    D. Tao, L. Jin, Y. Wang, Y. Yuan, X. Li, Person re-identification by regularized smoothing kiss metric learning. IEEE Trans. Circuits Syst. Video Tech. 23(10), 1675–1685 (2013)CrossRefGoogle Scholar
  42. 42.
    M. Tavallaee, E. Bagheri, W. Lu, A.A. Ghorbani, A detailed analysis of the kdd cup 99 data set, in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (IEEE, Piscataway, 2009), pp. 1–6Google Scholar
  43. 43.
    T.Wen, Z. Zhang, Deep convolution neural network and autoencoders-based unsupervised feature learning of eeg signals. IEEE Access 6, 25399–25410 (2018)CrossRefGoogle Scholar
  44. 44.
    Y. Xin, L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, C. Wang, Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)CrossRefGoogle Scholar
  45. 45.
    W. Xuren, H. Famei, X. Rongsheng, Modeling intrusion detection system by discovering association rule in rough set theory framework, in 2006 International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA’06) (2006), pp. 24–24Google Scholar
  46. 46.
    L. Yang, R. Jin, Distance metric learning: a comprehensive survey. Mich. State Univ. 2(2), (2006)Google Scholar
  47. 47.
    M. Yousefi-Azar, V. Varadharajan, L. Hamey, U. Tupakula, Autoencoder-based feature learning for cyber security applications, 2017 International Joint Conference on Neural Networks (IJCNN) (2017), pp. 3854–3861.
  48. 48.
    J. Zhang, M. Zulkernine, A. Haque, Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man, Cybern., Part C (Applications and Reviews) 38, 649–659 (2008)Google Scholar
  49. 49.
    F. Zhang, H.A.D.E. Kodituwakku, W. Hines, J.B. Coble, Multi-layer data-driven cyber-attack detection system for industrial control systems based on network, system and process data. IEEE Trans. Indust. Inf., 1–1 (2019).

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Electrical and Computer EngineeringShiraz UniversityShirazIran
  2. 2.Cyber Science LabUniversity of GuelphGuelphCanada
  3. 3.College of Computer and Software EngineeringKennesaw State UniversityMariettaUSA
  4. 4.Department of Mathematics and Computer ScienceBrandon UniversityBrandonCanada

Personalised recommendations