Advertisement

Trends in Application of Machine Learning to Network-Based Intrusion Detection Systems

  • Jakub HrabovskyEmail author
  • Pavel Segec
  • Marek Moravcik
  • Jozef Papan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 863)

Abstract

Computer networks play an important role in modern industrial environments, as many of their areas heavily depend on continued operation and availability of provided network services. However, the network itself faces many security challenges in the form of various massive attacks that prevent its usage and yearly cause huge financial losses. The most widespread examples of such devastating attacks are the Denial of Service (DoS) and Distributed DoS attacks (DDoS). This paper is focusing on the analysis of detection methods that eliminate attacks impact. The paper introduces challenges of the current network based intrusion detection systems (NIDS) from distinct perspectives. Its primary focus is on the general functionality of selected detection methods, their categorization and following proposal of some potential improvements. Considering the requirements on present and future NIDS, we emphasize the application of machine learning (ML). The paper analyzes the state of research of four particular ML techniques regarding their success in implementation as NIDS – Bayesian Networks (BN), Support Vector Machines (SVM), Artificial Neural Networks (ANN) and Self-organizing Maps (SOM). The analysis reveals various drawbacks and benefits of the individual methods. Its purpose lies in the discovery of current trends showing a direction of the future research, which may possibly lead to the overall design improvement of new methods. The output of our research summarizes trends in the form of trends list and their influence on our future research.

Keywords

DoS DDoS Intrusion detection NIDS Anomaly-based Machine learning 

References

  1. 1.
    Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004).  https://doi.org/10.1016/j.comnet.2003.10.003CrossRefGoogle Scholar
  2. 2.
    Handley, M.J., Rescorla, E.: RFC 4732 - Internet Denial-of-Service Considerations, pp. 1–38 (2006)Google Scholar
  3. 3.
    Zlomisli, V., Fertalj, K., Vlado, S.: Denial of service attacks : an overview. In: 2014 9th Iberian Conference on Information Systems and Technologies (CISTI) (2014).  https://doi.org/10.1109/cisti.2014.6876979
  4. 4.
    Neustar: Worldwide DDoS Attacks & Protection Report (2016)Google Scholar
  5. 5.
    Neustar: The threatscape widens: DDoS aggression and the evolution of IoT risks (2016)Google Scholar
  6. 6.
    Holmes, D.: 2016 DDoS Attack Trends (2016)Google Scholar
  7. 7.
    Geva, M., Herzberg, A., Gev, Y.: Bandwidth distributed denial of service: attacks and defenses. IEEE Secur. Priv. 12(1), 54–61 (2014).  https://doi.org/10.1109/MSP.2013.55CrossRefGoogle Scholar
  8. 8.
    Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity, 1st edn, p. 256. Auerbach Publications, Boca Raton (2011). ISBN: 9781439839423CrossRefGoogle Scholar
  9. 9.
    Bhattacharyya, D.K., Kalita, J.K.: Network Anomaly Detection: A Machine Learning Perspective, p. 366. Chapman and Hall/CRC, ‎Boca Raton (2013). ISBN: 9781466582088Google Scholar
  10. 10.
    Singh, M.D.: Analysis of host-based and network-based intrusion detection system. Int. J. Comput. Netw. Inf. Secur. 8(8), 41–47 (2014).  https://doi.org/10.5815/ijcnis.2014.08.06CrossRefGoogle Scholar
  11. 11.
    Letou, K., Devi, D., Singh, Y.J.: Host-based intrusion detection and prevention system (HIDPS). Int. J. Comput. Appl. 69(26), 28–33 (2013).  https://doi.org/10.5120/12136-8419CrossRefGoogle Scholar
  12. 12.
    Gerhards, R.: RFC 5424 - The Syslog Protocol (2009)Google Scholar
  13. 13.
    Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans. Comput. (2014).  https://doi.org/10.1109/tc.2013.13
  14. 14.
    Pearl, J.: Fusion, propagation, and structuring in belief networks. Artif. Intell. 29(3), 241–288 (1986).  https://doi.org/10.1016/0004-3702(86)90072-XMathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Vijaykumar, B., Vikramkumar, Trilochan: Bayes and Naive Bayes Classifier. arXiv (2014)Google Scholar
  16. 16.
    Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995).  https://doi.org/10.1023/a:1022627411411. ISSN: 1573-0565CrossRefzbMATHGoogle Scholar
  17. 17.
    Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990).  https://doi.org/10.1109/5.58325CrossRefGoogle Scholar
  18. 18.
    Patel, K.K., Buddhadev, B.V.: Machine learning based research for network intrusion detection: a state-of-the-art. Int. J. Inf. Netw. Secur. 3(3), 31–50 (2014).  https://doi.org/10.11591/ijins.v3i3.6222CrossRefGoogle Scholar
  19. 19.
    Vijayasarathy, R.: A systems approach to network modelling for DDoS detection using Naive Bayes classifier. In: Communication Systems and Networks (COMSNETS). IEEE, January 2011Google Scholar
  20. 20.
    Kumar, G., Kumar, K.: Design of an evolutionary approach for intrusion detection. Sci. World J. 2013, 14 (2013).  https://doi.org/10.1155/2013/962185CrossRefGoogle Scholar
  21. 21.
    Thottan, M.: Anomaly detection in IP networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003).  https://doi.org/10.1109/TSP.2003.814797CrossRefGoogle Scholar
  22. 22.
    Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B.A., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016).  https://doi.org/10.14569/ijacsa.2016.070159CrossRefGoogle Scholar
  23. 23.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection. ACM Comput. Surv. 41(3), 1–58 (2009).  https://doi.org/10.1145/1541880.1541882CrossRefGoogle Scholar
  24. 24.
    Osareh, A., Shadgar, B.: Intrusion detection in computer networks based on machine learning algorithms. Ijcsns 8(11), 15 (2008)Google Scholar
  25. 25.
    Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014).  https://doi.org/10.1016/j.eswa.2013.08.066. PART 2CrossRefGoogle Scholar
  26. 26.
    Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognit. 58, 121–134 (2016).  https://doi.org/10.1016/j.patcog.2016.03.028CrossRefGoogle Scholar
  27. 27.
    She, C., Wen, W., Lin, Z., Zheng, K.: Application-Layer DDOS Detection Based on a One-Class Support Vector Machine. Int. J. Netw. Secur. Appl. 9(1), 13–24 (2017).  https://doi.org/10.5121/ijnsa.2017.9102CrossRefGoogle Scholar
  28. 28.
    Alfantookh, A.A.: DoS attacks intelligent detection using neural networks. J. King Saud Univ. Comput. Inf. Sci. 18, 31–51 (2006).  https://doi.org/10.1016/S1319-1578(06)80002-9CrossRefGoogle Scholar
  29. 29.
    Javidi, M.M., Nattaj, M.H.: A new and quick method to detect DoS attacks by neural networks. J. Math. Comput. Sci. 6, 85–96 (2013)Google Scholar
  30. 30.
    Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263 (2016).  https://doi.org/10.1109/wincom.2016.7777224
  31. 31.
    Garcia, M.A., Trinh, T.: Detecting simulated attacks in computer networks using resilient propagation artificial neural networks. Polibits 51, 5–10 (2015).  https://doi.org/10.17562/PB-51-1CrossRefGoogle Scholar
  32. 32.
    Wei, M., Su, J., Jin, J., Wang, L.: Research on intrusion detection system based on BP neural network, vol. 270. LNEE, vol. 1, pp. 657–663 (2014).  https://doi.org/10.1007/978-3-642-40618-8_85Google Scholar
  33. 33.
    Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2010 2nd International Symposium on Aware Computing (ISAC), pp. 196–199 (2010).  https://doi.org/10.1109/isac.2010.5670479
  34. 34.
    Mitrokotsa, A., Douligeris, C.: Detecting denial of service attacks using emergent self-organizing maps. In: Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, vol. 2005, pp. 375–380 (2005).  https://doi.org/10.1109/isspit.2005.1577126
  35. 35.
    Pan, W., Li, W.: A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: Pan, Y., Chen, D., Guo, M., Cao, J., Dongarra, J. (eds.) ISPA 2005. LNCS, vol. 3758, pp. 564–575. Springer, Heidelberg (2005).  https://doi.org/10.1007/11576235_58. ISBN: 978-3-540-32100-2CrossRefGoogle Scholar
  36. 36.
    Wang, C., Yu, H., Wang, H., Liu, K.: SOM-based anomaly intrusion detection system. In: Kuo, T.-W., Sha, E., Guo, M., Yang, Laurence T., Shao, Z. (eds.) EUC 2007. LNCS, vol. 4808, pp. 356–366. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77092-3_31. ISBN: 978-3-540-77092-3CrossRefGoogle Scholar
  37. 37.
    Jiang, D., Yang, Y., Xia, M.: Research on intrusion detection based on an improved SOM neural network. In: 2009 Fifth International Conference on Information Assurance and Security, pp. 400–403 (2009).  https://doi.org/10.1109/ias.2009.247
  38. 38.
    Choksi, K., Shah, B., Ompriya Kale, A.: Intrusion detection system using self organizing map: a survey. J. Eng. Res. Appl. 4(4), 11 (2014). www.ijera.com. ISSN: 2248-9622Google Scholar
  39. 39.
    Kim, M., Jung, S., Park, M.: A distributed self-organizing map for DoS attack detection. In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp. 19–22. IEEE (2015).  https://doi.org/10.1109/icufn.2015.7182487
  40. 40.
    Behal, S., Kumar, K.: Trends in validation of DDoS research. Procedia Comput. Sci. 85, 7–15 (2016).  https://doi.org/10.1016/j.procs.2016.05.170CrossRefGoogle Scholar
  41. 41.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, no. Cisda, pp. 1–6 (2009).  https://doi.org/10.1109/cisda.2009.5356528
  42. 42.
    The CAIDA UCSD ‘DDoS Attack 2007’ Dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml
  43. 43.
    DARPA Scalable Network Monitoring (SNM) Program Traffic. https://impactcybertrust.org/dataset_view?idDataset=303
  44. 44.
    Gogoi, P. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Packet and flow based network intrusion dataset. Contemp. Comput., 322–334 (2012).  https://doi.org/10.1007/978-3-642-32129-0_34. ISBN 978-3-642-32129-0

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.University of ZilinaZilinaSlovakia

Personalised recommendations