Abstract
Increasing amount of attacks and intrusions against networked systems and data networks requires sensor capability. Data in modern networks, including the Internet, is often encrypted, making classical traffic analysis complicated. In this study, we detect anomalies from encrypted network traffic by developing an anomaly based network intrusion detection system applying neural networks based on the WaveNet architecture. Implementation was tested using dataset collected from a large annual national cyber security exercise. Dataset included both legitimate and malicious traffic containing modern, complex attacks and intrusions. The performance results indicated that our model is suitable for detecting encrypted malicious traffic from the datasets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bitton, R., Shabtai, A.: A machine learning-based intrusion detection system for securing remote desktop connections to electronic flight bag servers. IEEE Trans. Dependable Secure Comput. 1 (2019). https://doi.org/10.1109/TDSC.2019.2914035
Chen, Z., Yeo, C.K., Lee, B.S., Lau, C.T.: Autoencoder-based network anomaly detection. In: 2018 Wireless Telecommunications Symposium (WTS), pp. 1–5, April 2018. https://doi.org/10.1109/WTS.2018.8363930
Chiba, Z., Abghour, N., Moussaid, K., Omri, A.E., Rida, M.: A clever approach to develop an efficient deep neural network based IDS for cloud environments using a self-adaptive genetic algorithm. In: 2019 International Conference on Advanced Communication Technologies and Networking (CommNet), pp. 1–9, April 2019. https://doi.org/10.1109/COMMNET.2019.8742390
Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: IEEE Wireless Communications and Networking Conference, WCNC, pp. 4487–4492. IEEE, April 2013. https://doi.org/10.1109/WCNC.2013.6555301
JAMK University of Applied Sciences, Institute of Information Technology, JYVSECTEC: Rgce cyber range. http://www.jyvsectec.fi/en/rgce/. Accessed 26 Apr 2019
Li, Z., Rios, A.L.G., Xu, G., Trajković, L.: Machine learning techniques for classifying network anomalies and intrusions. In: 2019 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5, May 2019. https://doi.org/10.1109/ISCAS.2019.8702583
Lincoln Laboratory, Massachusetts Institute of Technology: 1998 DARPA Intrusion Detection Evaluation Dataset. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 29 Apr 2019
Lincoln Laboratory, Massachusetts Institute of Technology: 1999 DARPA Intrusion Detection Evaluation Dataset. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 29 Apr 2019
Lincoln Laboratory, Massachusetts Institute of Technology: 2000 DARPA Intrusion Detection Scenario Specific Datasets. https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 29 Apr 2019
Makhzani, A., Shlens, J., Jaitly, N., Goodfellow, I.: Adversarial autoencoders. In: International Conference on Learning Representations (2016). http://arxiv.org/abs/1511.05644
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000). https://doi.org/10.1145/382912.382923
Ministry of Defence Finland: The national cyber security exercises is organised in Jyväskylä - Kansallinen kyberturvallisuusharjoitus kyha18 järjestetään Jyväskylässä, official bulletin 11th of May 2018, May 2018. https://valtioneuvosto.fi/artikkeli/-/asset_publisher/kansallinen-kyberturvallisuusharjoitus-kyha18-jarjestetaan-jyvaskylassa. Accessed 26 Apr 2019
Narsingyani, D., Kale, O.: Optimizing false positive in anomaly based intrusion detection using genetic algorithm. In: 2015 IEEE 3rd International Conference on MOOCs, Innovation and Technology in Education (MITE), pp. 72–77, October 2015. https://doi.org/10.1109/MITE.2015.7375291
Nevavuori, P., Kokkonen, T.: Requirements for training and evaluation dataset of network and host intrusion detection system. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’19 2019. AISC, vol. 931, pp. 534–546. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16184-2_51
van den Oord, A., et al.: WaveNet: a generative model for raw audio (2016). https://arxiv.org/pdf/1609.03499.pdf
van den Oord, A., Kalchbrenner, N., Kavukcuoglu, K.: Pixel recurrent neural networks. In: Balcan, M.F., Weinberger, K.Q. (eds.) Proceedings of the 33rd International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 48, pp. 1747–1756. PMLR, New York, 20–22 June 2016. http://proceedings.mlr.press/v48/oord16.html
van den Oord, A., et al.: Parallel WaveNet: fast high-fidelity speech synthesis. CoRR abs/1711.10433 (2017). http://arxiv.org/abs/1711.10433
Open Information Security Foundation (OISF): Suricata Open Source IDS/IPS/NSM engine. https://suricata-ids.org/. Accessed 7 May 2019
Puuska, S., Kokkonen, T., Alatalo, J., Heilimo, E.: Anomaly-based network intrusion detection using wavelets and adversarial autoencoders. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 234–246. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_18
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019). https://doi.org/10.1016/j.cose.2019.06.005
Salimans, T., Karpathy, A., Chen, X., Kingma, D.P.: PixelCNN++: improving the PixelCNN with discretized logistic mixture likelihood and other modifications. In: 5th International Conference on Learning Representations, ICLR 2017, 24–26 April 2017, Toulon, France (2017). https://openreview.net/references/pdf?id=rJuJ1cP_l
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/j.cose.2011.12.012
Siddiqui, M.A., et al.: Detecting cyber attacks using anomaly detection with explanations and expert feedback. In: ICASSP 2019–2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2872–2876, May 2019. https://doi.org/10.1109/ICASSP.2019.8683212
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 53–58. IEEE Press, Piscataway (2009). http://dl.acm.org/citation.cfm?id=1736481.1736489
The University of California Irvine (UCI): KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 Apr 2019
Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017). https://doi.org/10.1016/j.cose.2017.05.009
University of New Brunswick, Canadian Institute for Cybersecurity: Intrusion Detection Evaluation Dataset (CICIDS 2017). https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 30 Apr 2019
Wiewel, F., Yang, B.: Continual learning for anomaly detection with variational autoencoder. In: 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), ICASSP 2019, pp. 3837–3841, May 2019. https://doi.org/10.1109/ICASSP.2019.8682702
Yu, F., Koltun, V.: Multi-scale context aggregation by dilated convolutions. CoRR abs/1511.07122 (2016). https://arxiv.org/pdf/1511.07122.pdf
Zagoruyko, S., Komodakis, N.: Wide residual networks. In: Richard C. Wilson, E.R.H., Smith, W.A.P. (eds.) Proceedings of the British Machine Vision Conference (BMVC), pp. 87.1–87.12. BMVA Press, September 2016. https://doi.org/10.5244/C.30.87
Acknowledgment
This research project is funded by MATINE - The Scientific Advisory Board for Defence.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kokkonen, T., Puuska, S., Alatalo, J., Heilimo, E., Mäkelä, A. (2019). Network Anomaly Detection Based on WaveNet. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN ruSMART 2019 2019. Lecture Notes in Computer Science(), vol 11660. Springer, Cham. https://doi.org/10.1007/978-3-030-30859-9_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-30859-9_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30858-2
Online ISBN: 978-3-030-30859-9
eBook Packages: Computer ScienceComputer Science (R0)