Advertisement

Application of Deep Learning Architectures for Cyber Security

  • R. VinayakumarEmail author
  • K. P. Soman
  • Prabaharan Poornachandran
  • S. Akarsh
Chapter
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

Machine learning has played an important role in the last decade mainly in natural language processing, image processing and speech recognition where it has performed well in comparison to the classical rule based approach. The machine learning approach has been used in cyber security use cases namely, intrusion detection, malware analysis, traffic analysis, spam and phishing detection etc. Recently, the advancement of machine learning typically called as ‘deep learning’ outperformed humans in several long standing artificial intelligence tasks. Deep learning has the capability to learn optimal feature representation by itself and more robust in an adversarial environment in compared to classical machine learning algorithms. This approach is in early stage in cyber security. In this work, to leverage the application of deep learning architectures towards cyber security, we consider intrusion detection, traffic analysis and Android malware detection. In all the experiments of intrusion detection, deep learning architectures performed well in compared to classical machine learning algorithms. Moreover, deep learning architectures have achieved good performance in traffic analysis and Android malware detection too.

Keywords

Machine learning Deep learning Intrusion detection Traffic analysis Android malware detection 

Notes

Acknowledgements

This research was supported in part by Paramount Computer Systems and Lakhshya Cyber Security Labs. We are grateful to NVIDIA India, for the GPU hardware support to research grant. We are also grateful to Computational Engineering and Networking (CEN) department for encouraging the research.

References

  1. 1.
    Jordan MI, Mitchell TM (2015) Machine learning: trends, perspectives, and prospects. Science 349(6245):255–260MathSciNetCrossRefGoogle Scholar
  2. 2.
    Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18(2):1153–1176CrossRefGoogle Scholar
  3. 3.
    LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436CrossRefGoogle Scholar
  4. 4.
    Vinayakumar R, Soman KP, Poornachandran P (2018) Evaluating deep learning approaches to characterize and classify malicious URLs. J Intell Fuzzy Syst 34(3):1333–1343CrossRefGoogle Scholar
  5. 5.
    Vinayakumar R, Soman KP, Poornachandran P (2018) Detecting malicious domain names using deep learning approaches at scale. J Intell Fuzzy Syst 34(3):1355–1367CrossRefGoogle Scholar
  6. 6.
    Vinayakumar R, Soman KP (2018) DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT Express 4(4):255–258CrossRefGoogle Scholar
  7. 7.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1222–1228Google Scholar
  8. 8.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Applying deep learning approaches for network traffic prediction. In 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2353–2358Google Scholar
  9. 9.
    Vinayakumar R, Poornachandran P, Soman KP (2018) Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Big data in engineering applications. Springer, Singapore, pp 113–142Google Scholar
  10. 10.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Deep encrypted text categorization. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 364–370Google Scholar
  11. 11.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1282–1289Google Scholar
  12. 12.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2026–2032Google Scholar
  13. 13.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluating shallow and deep networks for secure shell (ssh) traffic analysis. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 266–274Google Scholar
  14. 14.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Long short-term memory based operation log anomaly detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 236–242Google Scholar
  15. 15.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Deep android malware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1677–1683Google Scholar
  16. 16.
    Mohan VS, Vinayakumar R, Soman KP, Poornachandran P (2018) Spoof net: syntactic patterns for identification of ominous online factors. In: 2018 IEEE security and privacy workshops (SPW). IEEE, pp 258–263Google Scholar
  17. 17.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int J Inf Syst Model Des (IJISMD) 8(3):43–63CrossRefGoogle Scholar
  18. 18.
    Vinayakumar R, Barathi Ganesh HB, Anand Kumar M, Soman KP (2018) Deepanti-phishnet: applying deep neural networks for phishing email detection. Cenaisecurity@iwspa-2018, pp 40–50. http://ceur-ws.org/Vol-2124/paper9
  19. 19.
    Vinayakumar R, Soman KP, Poornachandran P, Mohan VS, Kumar AD (2019) ScaleNet: scalable and hybrid framework for cyber threat situational awareness based on DNS, URL, and email data analysis. J Cyber Secur Mobility 8(2):189–240CrossRefGoogle Scholar
  20. 20.
    Anderson JP (1980) Computer security threat monitoring and surveillance. In: Technical report. James P Anderson co., Fort Washington, PennsylvaniaGoogle Scholar
  21. 21.
    Staudemeyer RC (2015) Applying long short-term memory recurrent neural networks to intrusion detection. S Afr Comput J 56(1):136–154Google Scholar
  22. 22.
    Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur (TiSSEC) 3(4):227–261CrossRefGoogle Scholar
  23. 23.
    Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Zissman MA (2000) Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings DARPA information survivability conference and exposition, DISCEX’00, vol 2. IEEE, pp 12–26Google Scholar
  24. 24.
    \(\ddot{\text{O}}\)zg\(\ddot{\text{u}}\)r A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ PrePrints 4:e1954v1Google Scholar
  25. 25.
    Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutorials 16(1):303–336CrossRefGoogle Scholar
  26. 26.
    Agarwal R, Joshi MV (2000) PNrule: a new framework for learning classifier models in data mining. Technical Report TR 00–015. University of Minnesota, Department of Computer ScienceGoogle Scholar
  27. 27.
    Kayacik H, Zincir-Heywood AN, Heywood MI (2005) Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the third annual conference on privacy, security and trust 2005, PST 2005, DBLPGoogle Scholar
  28. 28.
    Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C Appl Rev 38(5):649–659CrossRefGoogle Scholar
  29. 29.
    Li W (2004) Using genetic algorithm for network intrusion detection. In: Proceedings of the United States department of energy cyber security group, vol 1, pp 1–8Google Scholar
  30. 30.
    Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642.  https://doi.org/10.1016/j.cose.2011.08.009CrossRefGoogle Scholar
  31. 31.
    Al-Subaie M, Zulkernine M (2006) Efficacy of hidden Markov models over neural networks in anomaly intrusion detection. In: 30th Annual international computer software and applications conference. COMPSAC 06., vol 1, pp 325–332. ISSN 0730-3157Google Scholar
  32. 32.
    Upadhyay R, Pantiukhin D Application of convolutional neural network to intrusion type recognition. https://www.researchgate.net
  33. 33.
    Gao Ni et al (2014) An intrusion detection model based on deep belief networks. In: 2014 Second international conference on advanced cloud and big data (CBD). IEEEGoogle Scholar
  34. 34.
    Moradi M, Zulkernine M (2004) A neural network based system for intrusion detection and classification of attacks. In: Paper presented at the proceeding of the 2004 IEEE international conference on advances in intelligent systems Theory and applications. LuxembourgGoogle Scholar
  35. 35.
    Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Third international conference on intelligent systems design and applications, intelligent systems design and applications, advances in soft computing. Springer, Germany, pp 239–48CrossRefGoogle Scholar
  36. 36.
    Xue J-S, Sun J-Z, Zhang X (2004) Recurrent network in network intrusion detection system. In: Proceedings of 2004 international conference on machine learning and cybernetics, vol 5, pp 2676–2679Google Scholar
  37. 37.
    Yang J, Deng J, Li S, Hao Y (2015) Improved traffic detection with support vector machine based on restricted Boltzmann machine. Soft Comput 21(11):3101–31112.  https://doi.org/10.1007/s00500-015-1994-9CrossRefGoogle Scholar
  38. 38.
    Javaid A, Niyaz Q, Sun W, Alam M (2015) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS), New York, NY, USA, 3–5 Dec 2015, pp 21–26. They also used recurrent network to preserve the state full information of malware sequencesGoogle Scholar
  39. 39.
    Jihyun K, Howon K (2015) Applying recurrent neural network to intrusion detection with hessian free optimization. In: Proc, WISAGoogle Scholar
  40. 40.
    Kim J, Kim J, Thu,HLT, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International conference on platform technology and service (PlatCon), Jeju, pp 1-5.  https://doi.org/10.1109/PlatCon.2016.7456805
  41. 41.
    Brugger S, Chow J (2005) An assessment of the DARPA IDS evaluation dataset using snort. Tech. Rep. CSE-2007-1, Department of Computer Science, University of California, Davis (UCDAVIS)Google Scholar
  42. 42.
    Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the second IEEE symposium on computational intelligence for security and defence applicationsGoogle Scholar
  43. 43.
    Wang Z (2015) The applications of deep learning on traffic identification. BlackHat USAGoogle Scholar
  44. 44.
    Touch J, Kojo M, Lear E, Mankin A, Ono K, Stiemerling M, Eggert L (2013) Service name and transport protocol port number registry. The Internet Assigned Numbers Authority (IANA)Google Scholar
  45. 45.
    Park BC, Won YJ, Kim MS, Hong JW (2008) Towards automated application signature generation for traffic identification. In: NOMS 2008-2008 IEEE network operations and management symposium. IEEE, pp 160–167Google Scholar
  46. 46.
    Zuev D, Moore AW (2005) Traffic classification using a statistical approach. In: International workshop on passive and active network measurement. Springer, Berlin, Heidelberg, pp 321–324Google Scholar
  47. 47.
    Tan KM, Collie BS (1997) Detection and classification of TCP/IP network services. In: Proceedings 13th annual computer security applications conference. IEEE, pp 99–107Google Scholar
  48. 48.
    Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military communications and information systems conference (MilCIS). IEEE, pp 1–6Google Scholar
  49. 49.
    McLaughlin N, Martinez del Rincon J, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupê A, Joon Ahn G (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy. ACM, pp 301–308Google Scholar
  50. 50.
    Elhoseny M, Hassanien AE (2019) Mobile object tracking in wide environments using WSNs. In: Dynamic wireless sensor networks. Springer, Cham, pp 3–28Google Scholar
  51. 51.
    Elhoseny M, Hassanien AE (2019) Expand mobile WSN coverage in harsh environments. In: Dynamic wireless sensor networks. Springer, Cham, pp 29–52Google Scholar
  52. 52.
    Elhoseny M, Hassanien AE (2019) Hierarchical and clustering WSN models: their requirements for complex applications. In: Dynamic wireless sensor networks. Springer, Cham, pp 53–71Google Scholar
  53. 53.
    Elhoseny M, Hassanien AE (2019) Extending homogeneous WSN lifetime in dynamic environments using the clustering model. In: Dynamic wireless sensor networks. Springer, Cham, pp 73–92Google Scholar
  54. 54.
    Elhoseny M, Hassanien AE (2019) Optimizing cluster head selection in WSN to prolong its existence. In: Dynamic wireless sensor networks. Springer, Cham, pp 93–111Google Scholar
  55. 55.
    Elhoseny M, Hassanien AE (2019) Secure data transmission in WSN: an overview. In: Dynamic wireless sensor networks. Springer, Cham, pp 115–143Google Scholar
  56. 56.
    Elhoseny M, Hassanien AE (2019) An encryption model for data processing in WSN. In: Dynamic wireless sensor networks. Springer, Cham, pp 145–169Google Scholar
  57. 57.
    Elhoseny M, Hassanien AE (2019) Using wireless sensor to acquire live data on a SCADA system, towards monitoring file integrity. In: Dynamic wireless sensor networks. Springer, Cham, pp 171–191Google Scholar
  58. 58.
    Elhoseny M, Elleithy K, Elminir H, Yuan X, Riad A (2015) Dynamic clustering of heterogeneous wireless sensor networks using a genetic algorithm towards balancing energy exhaustion. Int J Sci Eng Res 6(8):1243–1252Google Scholar
  59. 59.
    Elhoseny M, Elminir H, Riad AM, Yuan XIAOHUI (2014) Recent advances of secure clustering protocols in wireless sensor networks. Int J Comput Netw Commun Secur 2(11):400–413Google Scholar
  60. 60.
    Riad AM, El-Minir HK, El-hoseny M (2013) Secure routing in wireless sensor networks: a state of the art. Int J Comput Appl 67(7)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • R. Vinayakumar
    • 1
    Email author
  • K. P. Soman
    • 1
  • Prabaharan Poornachandran
    • 2
  • S. Akarsh
    • 1
  1. 1.Center for Computational Engineering and Networking (CEN), Amrita School of EngineeringAmrita Vishwa VidyapeethamCoimbatoreIndia
  2. 2.Centre for Cyber Security Systems and Networks, Amrita School of EngineeringAmrita Vishwa VidyapeethamAmritapuriIndia

Personalised recommendations