Skip to main content
SpringerLink
Log in

EARLY: A Tool for Real-Time Security Attack Detection

  • Chapter
  • First Online:
CyberSecurity in a DevOps Environment

  • 254 Accesses

Abstract

The Internet has become a prime subject of security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption, theft, etc. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing network traffic. State-of-the-art IDSs are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we extend our early IDS proposed in our previous work. The tool can detect network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. In this work, we employ different deep neural network architectures for attack identification and compare their performances. The deep neural networks are trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we empirically evaluate our tool on two datasets from different domains: CICIDS2017 from the web application domain and MQTT-IDS-2020 dataset from the IoT domain. The results show that our approach performed well and attained a high overall balanced accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/the-tcpdump-group/libpcap

References

  1. M. Abadi, A. Agarwal, P. Barham et al., TensorFlow: Large-Scale Machine Learning on Heterogeneous Systems (2015). https://www.tensorflow.org/, software available from tensorflow.org

  2. T. Ahmad, D. Truscan, Early tool (2022). https://github.com/VeriDevOps/Earlytool

  3. T. Ahmad, D. Truscan, J. Vain, I. Porres, Early detection of network attacks using deep learning, in 15th IEEE International Conference on Software Testing, Verification and Validation Workshops ICST Workshops 2022, Valencia, Spain, 4–13 Apr 2022. IEEE (2022), pp. 30–39. https://doi.org/10.1109/ICSTW55395.2022.00020

  4. Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, F. Ahmad, Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), e4150 (2021). https://doi.org/10.1002/ett.4150

  5. O.M.A. Alsyaibani, E. Utami, A.D. Hartanto, Intrusion detection system model based on gated recurrent unit to detect anomaly traffic (2021). https://doi.org/10.1109/ICOIACT53268.2021.9564003

  6. G. Andresini, A. Appice, n.d. Mauro, C. Loglisci, D. Malerba, Multi-channel deep feature learning for intrusion detection. IEEE Access 8, 53346–53359 (2020). https://doi.org/10.1109/ACCESS.2020.2980937

  7. Y. Bengio, Deep learning of representations for unsupervised and transfer learning, in Proceedings of ICML Workshop on Unsupervised and Transfer Learning. Proceedings of Machine Learning Research, PMLR, Bellevue, Washington, USA, 02 Jul 2012, ed. by I. Guyon, G. Dror, V. Lemaire, G. Taylor, D. Silver, vol. 27, pp. 17–36. http://proceedings.mlr.press/v27/bengio12a.html

  8. J. Chung, Ç. Gülçehre, K. Cho, Y. Bengio, Empirical evaluation of gated recurrent neural networks on sequence modeling. CoRR abs/1412.3555 (2014). http://arxiv.org/abs/1412.3555

  9. B. Claise, B. Trammell, P. Aitken, Specification of the IP Flow Information Export (IPFIX) protocol for the exchange of flow information. RFC 7011, 1–76 (2013)

    Google Scholar 

  10. W.G. Cochran, Sampling Techniques, 3rd edn. (John Wiley, 1977)

    Google Scholar 

  11. Z. Cui, W. Chen, Y. Chen, Multi-scale convolutional neural networks for time series classification. arXiv (2016)

    Google Scholar 

  12. P. Garcia-Teodoro, J.E.D. Verdejo, G. Maciá-Fernández, E. Vázquez, Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009). https://doi.org/10.1016/j.cose.2008.08.003

    Article  Google Scholar 

  13. I. Goodfellow, Y. Bengio, A. Courville, Deep Learning (MIT Press, 2016). http://www.deeplearningbook.org

  14. J. Gu, S. Lu, An effective intrusion detection approach using SVM with naïve bayes feature embedding. Comput. Secur. 103, 102–158 (2021). https://doi.org/10.1016/j.cose.2020.102158

    Article  Google Scholar 

  15. H. He, E.A. Garcia, Learning from imbalanced data 21, 1263–1284 (2009). https://doi.org/10.1109/tkde.2008.239

  16. H. Hindy, C. Tachtatzis, R. Atkinson, E. Bayne, X. Bellekens, MQTT-IOT-IDS2020: MQTT internet of things intrusion detection dataset (2020). https://doi.org/10.21227/bhxy-ep04

  17. A.D. Khairkar, D.D. Kshirsagar, S. Kumar, Ontology for detection of web attacks, in 2013 International Conference on Communication Systems and Network Technologies, pp. 612–615 (2013). https://doi.org/10.1109/CSNT.2013.131

  18. S.H. Khan, M. Hayat, M. Bennamoun, F.A. Sohel, R. Togneri, Cost-sensitive learning of deep feature representations from imbalanced data. IEEE Trans. Neural Networks Learn. Syst. 29(8), 3573–3587 (2018). https://doi.org/10.1109/TNNLS.2017.2732482

    Article  Google Scholar 

  19. D.P. Kingma, J. Ba, Adam: A Method for Stochastic Optimization. arXiv e-prints arXiv:1412.6980 (2014)

    Google Scholar 

  20. Y. Lecun, L. Bottou, Y. Bengio, P. Haffner, Gradient-based learning applied to document recognition. Proc. IEEE 86, 2278–2324 (1998). https://doi.org/10.1109/5.726791

    Article  Google Scholar 

  21. J. Li, Y. Qu, F. Chao, H.P.H. Shum, E.S.L. Ho, L. Yang, Machine Learning Algorithms for Network Intrusion Detection (Springer International Publishing, Cham, 2019), pp. 151–179. https://doi.org/10.1007/978-3-319-98842-9_6

    Google Scholar 

  22. H. Liao, C.R. Lin, Y. Lin, K. Tung, Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013). https://doi.org/10.1016/j.jnca.2012.09.004

    Article  Google Scholar 

  23. M. Lin, Q. Chen, S. Yan, Network in network. arXiv (2014)

    Google Scholar 

  24. M.F. López-Vizcaíno, F.J. Nóvoa, D. Fernández, V. Carneiro, F. Cacheda, Early intrusion detection for OS scan attacks, in 18th IEEE International Symposium on Network Computing and Applications, NCA 2019, Cambridge, MA, USA, 26–28 Sept 2019, ed. by A. Gkoulalas-Divanis, M. Marchetti, D.R. Avresky (IEEE, 2019), pp. 1–5. https://doi.org/10.1109/NCA.2019.8935067

  25. R.K. Malaiya, D. Kwon, S.C. Suh, H. Kim, I. Kim, J. Kim, An empirical evaluation of deep learning for network anomaly detection. IEEE Access 7, 140806–140817 (2019). https://doi.org/10.1109/ACCESS.2019.2943249

    Article  Google Scholar 

  26. N. Marir, H. Wang, G. Feng, B. Li, M. Jia, Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access 6, 59657–59671 (2018). https://doi.org/10.1109/ACCESS.2018.2875045

    Article  Google Scholar 

  27. K. McCarthy, B. Zabar, G. Weiss, Does cost-sensitive learning beat sampling for classifying rare classes? (2005). https://doi.org/10.1145/1089827.1089836

  28. Y. Mirsky, T. Doitshman, Y. Elovici, A. Shabtai, Kitsune: an ensemble of autoencoders for online network intrusion detection. CoRR abs/1802.09089 (2018). http://arxiv.org/abs/1802.09089

  29. B. Mukherjee, L. Heberlein, K. Levitt, Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994). https://doi.org/10.1109/65.283931

    Article  Google Scholar 

  30. V. Nair, G.E. Hinton, Rectified linear units improve restricted Boltzmann machines, in Proceedings of the 27th International Conference on Machine Learning (ICML-10), 21–24 June 2010, Haifa, Israel, ed. by J. Fürnkranz, T. Joachims (Omnipress, 2010), pp. 807–814. https://icml.cc/Conferences/2010/papers/432.pdf

  31. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, E. Duchesnay, Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  Google Scholar 

  32. S. Rajagopal, P.P. Kundapur, K.S. Hareesha, Towards effective network intrusion detection: from concept to creation on azure cloud. IEEE Access 9, 19723–19742 (2021). https://doi.org/10.1109/ACCESS.2021.3054688

    Article  Google Scholar 

  33. I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, in Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira – Portugal, 22–24 Jan 2018, ed. by P. Mori, S. Furnell, O. Camp (SciTePress, 2018), pp. 108–116. https://doi.org/10.5220/0006639801080116

  34. C. Shorten, T.M. Khoshgoftaar, A survey on image data augmentation for deep learning. J. Big Data 6, 60 (2019). https://doi.org/10.1186/s40537-019-0197-0

    Article  Google Scholar 

  35. J. Sola, J. Sevilla, Importance of input data normalization for the application of neural networks to complex industrial problems. 44, 1464–1468 (1997). https://doi.org/10.1109/23.589532

  36. N. Thai-Nghe, Z. Gantner, L. Schmidt-Thieme, Cost-sensitive learning methods for imbalanced data (2010). https://doi.org/10.1109/ijcnn.2010.5596486

  37. M.F. Umer, M. Sher, Y. Bi, Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017). https://doi.org/10.1016/j.cose.2017.05.009

    Article  Google Scholar 

  38. G. Vigna, W.K. Robertson, D. Balzarotti, Testing network-based intrusion detection signatures using mutant exploits, in Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, 25–29 Oct 2004 (ACM, 2004), pp. 21–30. https://doi.org/10.1145/1030083.1030088

  39. R. Vinayakumar, M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019). https://doi.org/10.1109/ACCESS.2019.2895334

    Article  Google Scholar 

  40. C. Xu, J. Shen, X. Du, F. Zhang, An intrusion detection system using a deep neural network with gated recurrent units. IEEE Access 6, 48697–48707 (2018). https://doi.org/10.1109/ACCESS.2018.2867564

    Article  Google Scholar 

  41. C. Yin, Y. Zhu, J. Fei, X. He, A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

  42. X. Zhang, J. Chen, Y. Zhou, L. Han, J. Lin, A multiple-layer representation learning model for network-based attack detection. IEEE Access 7, 91992–92008 (2019). https://doi.org/10.1109/ACCESS.2019.2927465

    Article  Google Scholar 

  43. Y. Zhang, X. Chen, D. Guo, M. Song, Y. Teng, X. Wang, PCCN: parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904–119916 (2019). https://doi.org/10.1109/ACCESS.2019.2933165

    Article  Google Scholar 

  44. Y. Zhang, X. Chen, L. Jin, X. Wang, D. Guo, Network intrusion detection: based on deep hierarchical network and original flow data. IEEE Access 7, 37004–37016 (2019). https://doi.org/10.1109/ACCESS.2019.2905041

    Article  Google Scholar 

  45. Q. Zhu, On the performance of Matthews correlation coefficient (MCC) for imbalanced dataset. Pattern Recognit. Lett. 136, 71–80 (2020). https://doi.org/10.1016/j.patrec.2020.03.030

    Article  Google Scholar 

  46. Y. Zhu, D. Han, X. Yin, A hierarchical network intrusion detection model based on unsupervised clustering, in MEDES ’21: Proceedings of the 13th International Conference on Management of Digital EcoSystems, Virtual Event, Tunisia, 1–3 Nov 2021, ed. by R. Chbeir, Y. Manolopoulos, L. Bellatreche, D. Benslimane, M. Ivanovic, Z. Maamar (ACM, 2021), pp. 22–29. https://doi.org/10.1145/3444757.3485098

Download references

Acknowledgements

This work was made possible with funding from the European Union’s Horizon 2020 research and innovation program, under Grant Agreement No. 957212 (VeriDevOps). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.

Author information

Authors and Affiliations

  1. Department of Information Technology, Åbo Akademi University, Turku, Finland

    Tanwir Ahmad & Dragos Truscan

  2. High-Assurance Software Laboratory, Tallinn University of Technology, Tallinn, Estonia

    Jüri Vain

Authors
  1. Tanwir Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dragos Truscan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jüri Vain
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dragos Truscan .

Editor information

Editors and Affiliations

  1. SOFTEAM, Ivry-sur-Seine, France

    Andrey Sadovykh

  2. Information Technologies, Åbo Akademi University, Turku, Finland

    Dragos Truscan

  3. Montimage, Paris, France

    Wissam Mallouli

  4. Montimage, Paris, France

    Ana Rosa Cavalli

  5. Mälardalen University, Västerås, Sweden

    Cristina Seceleanu

  6. SOFTEAM, Ivry-sur-Seine, France

    Alessandra Bagnato

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ahmad, T., Truscan, D., Vain, J. (2024). EARLY: A Tool for Real-Time Security Attack Detection. In: Sadovykh, A., Truscan, D., Mallouli, W., Cavalli, A.R., Seceleanu, C., Bagnato, A. (eds) CyberSecurity in a DevOps Environment . Springer, Cham. https://doi.org/10.1007/978-3-031-42212-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42212-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42211-9

  • Online ISBN: 978-3-031-42212-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation