Abstract
The Internet has become a prime subject of security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption, theft, etc. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing network traffic. State-of-the-art IDSs are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we extend our early IDS proposed in our previous work. The tool can detect network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. In this work, we employ different deep neural network architectures for attack identification and compare their performances. The deep neural networks are trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we empirically evaluate our tool on two datasets from different domains: CICIDS2017 from the web application domain and MQTT-IDS-2020 dataset from the IoT domain. The results show that our approach performed well and attained a high overall balanced accuracy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
M. Abadi, A. Agarwal, P. Barham et al., TensorFlow: Large-Scale Machine Learning on Heterogeneous Systems (2015). https://www.tensorflow.org/, software available from tensorflow.org
T. Ahmad, D. Truscan, Early tool (2022). https://github.com/VeriDevOps/Earlytool
T. Ahmad, D. Truscan, J. Vain, I. Porres, Early detection of network attacks using deep learning, in 15th IEEE International Conference on Software Testing, Verification and Validation Workshops ICST Workshops 2022, Valencia, Spain, 4–13 Apr 2022. IEEE (2022), pp. 30–39. https://doi.org/10.1109/ICSTW55395.2022.00020
Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, F. Ahmad, Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), e4150 (2021). https://doi.org/10.1002/ett.4150
O.M.A. Alsyaibani, E. Utami, A.D. Hartanto, Intrusion detection system model based on gated recurrent unit to detect anomaly traffic (2021). https://doi.org/10.1109/ICOIACT53268.2021.9564003
G. Andresini, A. Appice, n.d. Mauro, C. Loglisci, D. Malerba, Multi-channel deep feature learning for intrusion detection. IEEE Access 8, 53346–53359 (2020). https://doi.org/10.1109/ACCESS.2020.2980937
Y. Bengio, Deep learning of representations for unsupervised and transfer learning, in Proceedings of ICML Workshop on Unsupervised and Transfer Learning. Proceedings of Machine Learning Research, PMLR, Bellevue, Washington, USA, 02 Jul 2012, ed. by I. Guyon, G. Dror, V. Lemaire, G. Taylor, D. Silver, vol. 27, pp. 17–36. http://proceedings.mlr.press/v27/bengio12a.html
J. Chung, Ç. Gülçehre, K. Cho, Y. Bengio, Empirical evaluation of gated recurrent neural networks on sequence modeling. CoRR abs/1412.3555 (2014). http://arxiv.org/abs/1412.3555
B. Claise, B. Trammell, P. Aitken, Specification of the IP Flow Information Export (IPFIX) protocol for the exchange of flow information. RFC 7011, 1–76 (2013)
W.G. Cochran, Sampling Techniques, 3rd edn. (John Wiley, 1977)
Z. Cui, W. Chen, Y. Chen, Multi-scale convolutional neural networks for time series classification. arXiv (2016)
P. Garcia-Teodoro, J.E.D. Verdejo, G. Maciá-Fernández, E. Vázquez, Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009). https://doi.org/10.1016/j.cose.2008.08.003
I. Goodfellow, Y. Bengio, A. Courville, Deep Learning (MIT Press, 2016). http://www.deeplearningbook.org
J. Gu, S. Lu, An effective intrusion detection approach using SVM with naïve bayes feature embedding. Comput. Secur. 103, 102–158 (2021). https://doi.org/10.1016/j.cose.2020.102158
H. He, E.A. Garcia, Learning from imbalanced data 21, 1263–1284 (2009). https://doi.org/10.1109/tkde.2008.239
H. Hindy, C. Tachtatzis, R. Atkinson, E. Bayne, X. Bellekens, MQTT-IOT-IDS2020: MQTT internet of things intrusion detection dataset (2020). https://doi.org/10.21227/bhxy-ep04
A.D. Khairkar, D.D. Kshirsagar, S. Kumar, Ontology for detection of web attacks, in 2013 International Conference on Communication Systems and Network Technologies, pp. 612–615 (2013). https://doi.org/10.1109/CSNT.2013.131
S.H. Khan, M. Hayat, M. Bennamoun, F.A. Sohel, R. Togneri, Cost-sensitive learning of deep feature representations from imbalanced data. IEEE Trans. Neural Networks Learn. Syst. 29(8), 3573–3587 (2018). https://doi.org/10.1109/TNNLS.2017.2732482
D.P. Kingma, J. Ba, Adam: A Method for Stochastic Optimization. arXiv e-prints arXiv:1412.6980 (2014)
Y. Lecun, L. Bottou, Y. Bengio, P. Haffner, Gradient-based learning applied to document recognition. Proc. IEEE 86, 2278–2324 (1998). https://doi.org/10.1109/5.726791
J. Li, Y. Qu, F. Chao, H.P.H. Shum, E.S.L. Ho, L. Yang, Machine Learning Algorithms for Network Intrusion Detection (Springer International Publishing, Cham, 2019), pp. 151–179. https://doi.org/10.1007/978-3-319-98842-9_6
H. Liao, C.R. Lin, Y. Lin, K. Tung, Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013). https://doi.org/10.1016/j.jnca.2012.09.004
M. Lin, Q. Chen, S. Yan, Network in network. arXiv (2014)
M.F. López-Vizcaíno, F.J. Nóvoa, D. Fernández, V. Carneiro, F. Cacheda, Early intrusion detection for OS scan attacks, in 18th IEEE International Symposium on Network Computing and Applications, NCA 2019, Cambridge, MA, USA, 26–28 Sept 2019, ed. by A. Gkoulalas-Divanis, M. Marchetti, D.R. Avresky (IEEE, 2019), pp. 1–5. https://doi.org/10.1109/NCA.2019.8935067
R.K. Malaiya, D. Kwon, S.C. Suh, H. Kim, I. Kim, J. Kim, An empirical evaluation of deep learning for network anomaly detection. IEEE Access 7, 140806–140817 (2019). https://doi.org/10.1109/ACCESS.2019.2943249
N. Marir, H. Wang, G. Feng, B. Li, M. Jia, Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access 6, 59657–59671 (2018). https://doi.org/10.1109/ACCESS.2018.2875045
K. McCarthy, B. Zabar, G. Weiss, Does cost-sensitive learning beat sampling for classifying rare classes? (2005). https://doi.org/10.1145/1089827.1089836
Y. Mirsky, T. Doitshman, Y. Elovici, A. Shabtai, Kitsune: an ensemble of autoencoders for online network intrusion detection. CoRR abs/1802.09089 (2018). http://arxiv.org/abs/1802.09089
B. Mukherjee, L. Heberlein, K. Levitt, Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994). https://doi.org/10.1109/65.283931
V. Nair, G.E. Hinton, Rectified linear units improve restricted Boltzmann machines, in Proceedings of the 27th International Conference on Machine Learning (ICML-10), 21–24 June 2010, Haifa, Israel, ed. by J. Fürnkranz, T. Joachims (Omnipress, 2010), pp. 807–814. https://icml.cc/Conferences/2010/papers/432.pdf
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, E. Duchesnay, Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
S. Rajagopal, P.P. Kundapur, K.S. Hareesha, Towards effective network intrusion detection: from concept to creation on azure cloud. IEEE Access 9, 19723–19742 (2021). https://doi.org/10.1109/ACCESS.2021.3054688
I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, in Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira – Portugal, 22–24 Jan 2018, ed. by P. Mori, S. Furnell, O. Camp (SciTePress, 2018), pp. 108–116. https://doi.org/10.5220/0006639801080116
C. Shorten, T.M. Khoshgoftaar, A survey on image data augmentation for deep learning. J. Big Data 6, 60 (2019). https://doi.org/10.1186/s40537-019-0197-0
J. Sola, J. Sevilla, Importance of input data normalization for the application of neural networks to complex industrial problems. 44, 1464–1468 (1997). https://doi.org/10.1109/23.589532
N. Thai-Nghe, Z. Gantner, L. Schmidt-Thieme, Cost-sensitive learning methods for imbalanced data (2010). https://doi.org/10.1109/ijcnn.2010.5596486
M.F. Umer, M. Sher, Y. Bi, Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017). https://doi.org/10.1016/j.cose.2017.05.009
G. Vigna, W.K. Robertson, D. Balzarotti, Testing network-based intrusion detection signatures using mutant exploits, in Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, 25–29 Oct 2004 (ACM, 2004), pp. 21–30. https://doi.org/10.1145/1030083.1030088
R. Vinayakumar, M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019). https://doi.org/10.1109/ACCESS.2019.2895334
C. Xu, J. Shen, X. Du, F. Zhang, An intrusion detection system using a deep neural network with gated recurrent units. IEEE Access 6, 48697–48707 (2018). https://doi.org/10.1109/ACCESS.2018.2867564
C. Yin, Y. Zhu, J. Fei, X. He, A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418
X. Zhang, J. Chen, Y. Zhou, L. Han, J. Lin, A multiple-layer representation learning model for network-based attack detection. IEEE Access 7, 91992–92008 (2019). https://doi.org/10.1109/ACCESS.2019.2927465
Y. Zhang, X. Chen, D. Guo, M. Song, Y. Teng, X. Wang, PCCN: parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904–119916 (2019). https://doi.org/10.1109/ACCESS.2019.2933165
Y. Zhang, X. Chen, L. Jin, X. Wang, D. Guo, Network intrusion detection: based on deep hierarchical network and original flow data. IEEE Access 7, 37004–37016 (2019). https://doi.org/10.1109/ACCESS.2019.2905041
Q. Zhu, On the performance of Matthews correlation coefficient (MCC) for imbalanced dataset. Pattern Recognit. Lett. 136, 71–80 (2020). https://doi.org/10.1016/j.patrec.2020.03.030
Y. Zhu, D. Han, X. Yin, A hierarchical network intrusion detection model based on unsupervised clustering, in MEDES ’21: Proceedings of the 13th International Conference on Management of Digital EcoSystems, Virtual Event, Tunisia, 1–3 Nov 2021, ed. by R. Chbeir, Y. Manolopoulos, L. Bellatreche, D. Benslimane, M. Ivanovic, Z. Maamar (ACM, 2021), pp. 22–29. https://doi.org/10.1145/3444757.3485098
Acknowledgements
This work was made possible with funding from the European Union’s Horizon 2020 research and innovation program, under Grant Agreement No. 957212 (VeriDevOps). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ahmad, T., Truscan, D., Vain, J. (2024). EARLY: A Tool for Real-Time Security Attack Detection. In: Sadovykh, A., Truscan, D., Mallouli, W., Cavalli, A.R., Seceleanu, C., Bagnato, A. (eds) CyberSecurity in a DevOps Environment . Springer, Cham. https://doi.org/10.1007/978-3-031-42212-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-42212-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42211-9
Online ISBN: 978-3-031-42212-6
eBook Packages: Computer ScienceComputer Science (R0)