Skip to main content
SpringerLink
Log in

Network Anomaly Detection Based on WaveNet

  • Conference paper
  • First Online:
Internet of Things, Smart Spaces, and Next Generation Networks and Systems (NEW2AN 2019, ruSMART 2019)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 11660))

Abstract

Increasing amount of attacks and intrusions against networked systems and data networks requires sensor capability. Data in modern networks, including the Internet, is often encrypted, making classical traffic analysis complicated. In this study, we detect anomalies from encrypted network traffic by developing an anomaly based network intrusion detection system applying neural networks based on the WaveNet architecture. Implementation was tested using dataset collected from a large annual national cyber security exercise. Dataset included both legitimate and malicious traffic containing modern, complex attacks and intrusions. The performance results indicated that our model is suitable for detecting encrypted malicious traffic from the datasets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.powershellempire.com/.

  2. 2.

    https://www.cobaltstrike.com/.

References

  1. Bitton, R., Shabtai, A.: A machine learning-based intrusion detection system for securing remote desktop connections to electronic flight bag servers. IEEE Trans. Dependable Secure Comput. 1 (2019). https://doi.org/10.1109/TDSC.2019.2914035

  2. Chen, Z., Yeo, C.K., Lee, B.S., Lau, C.T.: Autoencoder-based network anomaly detection. In: 2018 Wireless Telecommunications Symposium (WTS), pp. 1–5, April 2018. https://doi.org/10.1109/WTS.2018.8363930

  3. Chiba, Z., Abghour, N., Moussaid, K., Omri, A.E., Rida, M.: A clever approach to develop an efficient deep neural network based IDS for cloud environments using a self-adaptive genetic algorithm. In: 2019 International Conference on Advanced Communication Technologies and Networking (CommNet), pp. 1–9, April 2019. https://doi.org/10.1109/COMMNET.2019.8742390

  4. Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: IEEE Wireless Communications and Networking Conference, WCNC, pp. 4487–4492. IEEE, April 2013. https://doi.org/10.1109/WCNC.2013.6555301

  5. JAMK University of Applied Sciences, Institute of Information Technology, JYVSECTEC: Rgce cyber range. http://www.jyvsectec.fi/en/rgce/. Accessed 26 Apr 2019

  6. Li, Z., Rios, A.L.G., Xu, G., Trajković, L.: Machine learning techniques for classifying network anomalies and intrusions. In: 2019 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5, May 2019. https://doi.org/10.1109/ISCAS.2019.8702583

  7. Lincoln Laboratory, Massachusetts Institute of Technology: 1998 DARPA Intrusion Detection Evaluation Dataset. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 29 Apr 2019

  8. Lincoln Laboratory, Massachusetts Institute of Technology: 1999 DARPA Intrusion Detection Evaluation Dataset. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 29 Apr 2019

  9. Lincoln Laboratory, Massachusetts Institute of Technology: 2000 DARPA Intrusion Detection Scenario Specific Datasets. https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 29 Apr 2019

  10. Makhzani, A., Shlens, J., Jaitly, N., Goodfellow, I.: Adversarial autoencoders. In: International Conference on Learning Representations (2016). http://arxiv.org/abs/1511.05644

  11. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000). https://doi.org/10.1145/382912.382923

    Article  Google Scholar 

  12. Ministry of Defence Finland: The national cyber security exercises is organised in Jyväskylä - Kansallinen kyberturvallisuusharjoitus kyha18 järjestetään Jyväskylässä, official bulletin 11th of May 2018, May 2018. https://valtioneuvosto.fi/artikkeli/-/asset_publisher/kansallinen-kyberturvallisuusharjoitus-kyha18-jarjestetaan-jyvaskylassa. Accessed 26 Apr 2019

  13. Narsingyani, D., Kale, O.: Optimizing false positive in anomaly based intrusion detection using genetic algorithm. In: 2015 IEEE 3rd International Conference on MOOCs, Innovation and Technology in Education (MITE), pp. 72–77, October 2015. https://doi.org/10.1109/MITE.2015.7375291

  14. Nevavuori, P., Kokkonen, T.: Requirements for training and evaluation dataset of network and host intrusion detection system. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’19 2019. AISC, vol. 931, pp. 534–546. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16184-2_51

    Chapter  Google Scholar 

  15. van den Oord, A., et al.: WaveNet: a generative model for raw audio (2016). https://arxiv.org/pdf/1609.03499.pdf

  16. van den Oord, A., Kalchbrenner, N., Kavukcuoglu, K.: Pixel recurrent neural networks. In: Balcan, M.F., Weinberger, K.Q. (eds.) Proceedings of the 33rd International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 48, pp. 1747–1756. PMLR, New York, 20–22 June 2016. http://proceedings.mlr.press/v48/oord16.html

  17. van den Oord, A., et al.: Parallel WaveNet: fast high-fidelity speech synthesis. CoRR abs/1711.10433 (2017). http://arxiv.org/abs/1711.10433

  18. Open Information Security Foundation (OISF): Suricata Open Source IDS/IPS/NSM engine. https://suricata-ids.org/. Accessed 7 May 2019

  19. Puuska, S., Kokkonen, T., Alatalo, J., Heilimo, E.: Anomaly-based network intrusion detection using wavelets and adversarial autoencoders. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 234–246. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_18

    Chapter  Google Scholar 

  20. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019). https://doi.org/10.1016/j.cose.2019.06.005

    Article  Google Scholar 

  21. Salimans, T., Karpathy, A., Chen, X., Kingma, D.P.: PixelCNN++: improving the PixelCNN with discretized logistic mixture likelihood and other modifications. In: 5th International Conference on Learning Representations, ICLR 2017, 24–26 April 2017, Toulon, France (2017). https://openreview.net/references/pdf?id=rJuJ1cP_l

  22. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/j.cose.2011.12.012

    Article  Google Scholar 

  23. Siddiqui, M.A., et al.: Detecting cyber attacks using anomaly detection with explanations and expert feedback. In: ICASSP 2019–2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2872–2876, May 2019. https://doi.org/10.1109/ICASSP.2019.8683212

  24. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 53–58. IEEE Press, Piscataway (2009). http://dl.acm.org/citation.cfm?id=1736481.1736489

  25. The University of California Irvine (UCI): KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 Apr 2019

  26. Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017). https://doi.org/10.1016/j.cose.2017.05.009

    Article  Google Scholar 

  27. University of New Brunswick, Canadian Institute for Cybersecurity: Intrusion Detection Evaluation Dataset (CICIDS 2017). https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 30 Apr 2019

  28. Wiewel, F., Yang, B.: Continual learning for anomaly detection with variational autoencoder. In: 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), ICASSP 2019, pp. 3837–3841, May 2019. https://doi.org/10.1109/ICASSP.2019.8682702

  29. Yu, F., Koltun, V.: Multi-scale context aggregation by dilated convolutions. CoRR abs/1511.07122 (2016). https://arxiv.org/pdf/1511.07122.pdf

  30. Zagoruyko, S., Komodakis, N.: Wide residual networks. In: Richard C. Wilson, E.R.H., Smith, W.A.P. (eds.) Proceedings of the British Machine Vision Conference (BMVC), pp. 87.1–87.12. BMVA Press, September 2016. https://doi.org/10.5244/C.30.87

Download references

Acknowledgment

This research project is funded by MATINE - The Scientific Advisory Board for Defence.

Author information

Authors and Affiliations

  1. Institute of Information Technology, JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen, Samir Puuska, Janne Alatalo, Eppu Heilimo & Antti Mäkelä

Authors
  1. Tero Kokkonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samir Puuska
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Janne Alatalo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eppu Heilimo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antti Mäkelä
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tero Kokkonen .

Editor information

Editors and Affiliations

  1. Tampere University, Tampere, Finland

    Olga Galinina

  2. Tampere University, Tampere, Finland

    Sergey Andreev

  3. FRUCT Oy, Helsinki, Finland

    Sergey Balandin

  4. Tampere University, Tampere, Finland

    Yevgeni Koucheryavy

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kokkonen, T., Puuska, S., Alatalo, J., Heilimo, E., Mäkelä, A. (2019). Network Anomaly Detection Based on WaveNet. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN ruSMART 2019 2019. Lecture Notes in Computer Science(), vol 11660. Springer, Cham. https://doi.org/10.1007/978-3-030-30859-9_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30859-9_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30858-2

  • Online ISBN: 978-3-030-30859-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation