Skip to main content
SpringerLink
Log in

A semi-self-taught network intrusion detection system

  • S.I. : Emerging applications of Deep Learning and Spiking ANN
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The ever increasing threat and complexity of modern cyber-attacks requires search for integrated and flexible intelligent defense mechanisms. Such approaches can provide optimal countermeasures, reliable credentials extraction and self-adjusting potential. Given the widespread scale of modern networks and the complexity of cyber-attacks, the problem of self-adaptation goes far beyond the capabilities of network Intrusion Detection Systems (IDS). The main weakness of IDS is the fact that they cannot adapt to new network conditions (“zero day” attacks). This research tries to overcome the above limitation, by introducing a Semi-supervised Discriminant Autoencoder (AUE) which combines Denoising AUEs with a heuristic method of class separation. In essence, the proposed algorithm learns to remodel the displaced specimens instead of the original ones in the super-sphere defined by their closest neighbors. The purpose is to understand the nature of an attack, based on generalized transformed features derived directly from unknown web environments and data.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Sample C, Schaffer K (2013) An overview of anomaly detection—IEEE Journals & Magazine. IT Prof 15(1):8–11

    Article  Google Scholar 

  2. Rudd E et al (2016) A survey of stealth malware: attacks, mitigation measures, and steps toward autonomous open world solutions. arXiv preprint arXiv:1603.06028

  3. Novikov D, Yampolskiy RV, Reznik L, (2006) Anomaly detection based intrusion detection. In: Proceedings of the third international conference on information technology: new generations, 10–12 April. IEEE Xplore Press, Las Vegas, pp 420–425

  4. Tartakovsky AG, Rozovskii BL, Blazek RB, Kim H (2006) A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans Signal Process 54(9):3372–3382

    Article  Google Scholar 

  5. Dahlia A, Zainaddin A, Hanapi ZM (2013) Hybrid of fuzzy clustering neural network over nsl dataset for intrusion detection system. J Comput Sci 9(3):391–403. https://doi.org/10.3844/jcssp.2013.391.403

    Article  Google Scholar 

  6. Bharti K, Jain S, Shukla S (2010) Fuzzy K-mean clustering via random forest for intrusiion detection system. Int J Comput Sci Eng 2(06):2197–2200

    Google Scholar 

  7. Almubayed A, Hadi A, Atoum J (2015) A model for detecting tor encrypted traffic using supervised machine learning, I. J Comput Netw Inf Secur 7:10–23

    Google Scholar 

  8. Sang-Jun H, Sung-Bae C (2005) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybern 36:559–570

    Article  Google Scholar 

  9. Kolter JZ, Maloof MA (2006) Learning to detect and classify malicious executables in the wild. J ML Res 7:2721–2744

    MathSciNet  MATH  Google Scholar 

  10. Hsu C-H, Huang C-Y, Chen K-T (2010) Fast-flux bot detection in real time. In: 13th International conference on recent advances in intrusion detection, ser. RAID’10

  11. Soltanaghaei E, Kharrazi M (2015) Detection of fast-flux botnets through DNS traffic analysis. Sci Iran 22(6):2389

    Google Scholar 

  12. Gardiner J, Nagaraja S (2014) On the reliability of network measurement techniques used for malware traffic analysis. In: Security protocols XXII, pp 321–333

  13. Cheon EH, Huang Z, Lee YS (2013) Preventing SQL injection attack based on machine learning. Int J Adv Comput Technol 5(9):967–974

    Google Scholar 

  14. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: 1st ACM workshop on SPSM. ACM, pp 15–26

  15. Yeo M et al (2018) Flow-based malware detection using convolutional neural network. In: 2018 International conference on information networking (ICOIN), Chiang Mai, pp 910–913

  16. Sethi K, Kumar R, Sethi L, Bera P, Patra PK (2019) A novel machine learning based malware detection and classification framework. In: 2019 International conference on cyber security and protection of digital services (cyber security), Oxford, pp 1–4

  17. Halimaa A, Sundarakantham K (2019) Machine learning based intrusion detection system. In: 2019 3rd international conference on trends in electronics and informatics (ICOEI), Tirunelveli, pp 916–920

  18. Dalvi N, Domingos P, Sanghai S, Verma D (2004) Adversarial classification. In Proceedings of the tenth ACM SIGKDD international conference on knowledge discovery and data mining (KDD), Seattle, 22–25 Aug 2004, pp 99–108

  19. Blount JJ, Tauritz DR, Mulder DR (2011) Adaptive rule-based malware detection employing learning classifier systems: a proof of concept. In: 2011 IEEE 35th annual computer software and applications conference workshops, Munich, pp 110–115

  20. Lee P, Clark A, Alomair B, Bushnell L, Poovendran R (2016) Distributed adaptive patching strategies against malware propagation: a passivity approach. In: 2016 IEEE 55th conference on decision and control (CDC), Las Vegas, pp 2587–2594

  21. Ali MH, Fadlizolkipi M, Firdaus A, Khidzir NZ (2018) A hybrid particle swarm optimization—extreme learning machine approach for intrusion detection system. In: 2018 IEEE student conference on research and development (SCOReD), Selangor, pp 1–4

  22. Usama M, Asim M, Latif S, Qadir J, Ala-Al-Fuqaha (2019) Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: 2019 15th international wireless communications & mobile computing conference (IWCMC), Tangier, pp 78–83

  23. Al-Dujaili A, Huang A, Hemberg E, O’Reilly U (2018) Adversarial deep learning for robust detection of binary encoded malware. In: 2018 IEEE security and privacy workshops (SPW), San Francisco, pp 76–82

  24. Haffner P, Sen S, Spatscheck O, Wang D (2005) ACAS: automated construction of application signatures. In: Proceedings of the ACM SIGCOMM, pp 197–202

  25. Guntuku SC, Narang P, Hota C (2013) Real-time peer-to-peer botnet detection framework based on Bayesian regularized neural network. arXiv:1307.7464 [cs.NI]

  26. Gou J, Yi Z, Du L, Xiong T (2012) A local mean-based k-nearest centroid neighbor classifier. Comput J 55(9):1058–1071

    Article  Google Scholar 

  27. Shah S, Singh M (2012) Comparison of a time efficient modified K-mean algorithm with K-mean and K-medoid algorithm. In: 2012 International conference on communication systems and network technologies, Rajkot, pp 435–437

  28. Chen Z, Yeo CK, Lee BS, Lau CT (2018) Autoencoder-based network anomaly detection. In: 2018 Wireless telecommunications symposium (WTS), Phoenix, pp 1–5

  29. Chapelle O, Schölkopf B, Zien A (2006) Semi-supervised learning in practice. In Semi-supervised learning, MITP, pp 331–331

  30. Goodfellow I, Bengio Y, Courville A (2016) Deep learning. MIT Press, Cambridge

    MATH  Google Scholar 

  31. Wackerly D, Mendenhall W, Scheaffer RL (2008) Mathematical statistics with applications, 7th edn. Thomson Higher Education, Belmont

    MATH  Google Scholar 

  32. El-Khamy SE, Sadek RA, El-Khoreby MA (2015) An efficient brain mass detection with adaptive clustered based fuzzy C-mean and thresholding. In: 2015 IEEE international conference on signal and image processing applications (ICSIPA), pp 429–433

  33. https://www.unb.ca/cic/datasets/ids-2018.html

Download references

Acknowledgements

This paper performance was supported by Wonkwang University in 2020.

Author information

Authors and Affiliations

  1. School of Business Administration, Wonkwang University, 460 Iksandae-ro, Iksan, Jeonbuk, 54538, Korea

    Feng Zhao, Hao Zhang, Jia Peng, Xiaohong Zhuang & Sang-Gyun Na

  2. Law and Politics Institute, Hebei GEO University, Shijiazhuang, 050031, Hebei, China

    Hao Zhang

  3. School of Economics and Management, Xinyu University, Xinyu, 338004, China

    Jia Peng

  4. School of Economics and Management, Shangrao Normal University, Shangrao, 334001, China

    Xiaohong Zhuang

Authors
  1. Feng Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jia Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaohong Zhuang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sang-Gyun Na
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sang-Gyun Na.

Ethics declarations

Conflict of interest

The author declares that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhao, F., Zhang, H., Peng, J. et al. A semi-self-taught network intrusion detection system. Neural Comput & Applic 32, 17169–17179 (2020). https://doi.org/10.1007/s00521-020-04914-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-020-04914-7

Keywords

Search

Navigation