A Deep Hierarchical Network for Packet-Level Malicious Traffic Detection

Bo, Wang; Yang, Su; Zhang, Mingshu; Nie, Jingxin

doi:10.1109/access.2020.3035967

Cited by 32 publications

(9 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their model provided better outcomes for the normal class, but the anomaly class outcome was not satisfactory. Wang et al [21] build a deep hierarchical network for packet-level analysis of malicious traffic capable of understanding traffic characteristics from raw packet data. They extracted spatial features from the raw packet using a CNN and temporal features using GRU (Gated Recurrent Units).…”

Section: Related Workmentioning

confidence: 99%

Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks

2021

View full text Add to dashboard Cite

The growing development of IoT (Internet of Things) devices creates a large attack surface for cybercriminals to conduct potentially more destructive cyberattacks; as a result, the security industry has seen an exponential increase in cyber-attacks. Many of these attacks have effectively accomplished their malicious goals because intruders conduct cyber-attacks using novel and innovative techniques. An anomalybased IDS (Intrusion Detection System) uses machine learning techniques to detect and classify attacks in IoT networks. In the presence of unpredictable network technologies and various intrusion methods, traditional machine learning techniques appear inefficient. In many research areas, deep learning methods have shown their ability to identify anomalies accurately. Convolutional neural networks are an excellent alternative for anomaly detection and classification due to their ability to automatically categorize main characteristics in input data and their effectiveness in performing faster computations. In this paper, we design and develop a novel anomaly-based intrusion detection model for IoT networks. First, a convolutional neural network model is used to create a multiclass classification model. The proposed model is then implemented using convolutional neural networks in 1D, 2D, and 3D. The proposed convolutional neural network model is validated using the BoT-IoT, IoT Network Intrusion, MQTT-IoT-IDS2020, and IoT-23 intrusion detection datasets. Transfer learning is used to implement binary and multiclass classification using a convolutional neural network multiclass pre-trained model. Our proposed binary and multiclass classification models have achieved high accuracy, precision, recall, and F1 score compared to existing deep learning implementations.

show abstract

Section: Related Workmentioning

confidence: 99%

Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks

2021

View full text Add to dashboard Cite

show abstract

“…However, these experiments are only performed on self-generated data that contains limited network attack types. Similarly, the authors in [26] developed a deep hierarchical model to detect abnormal network traffic at the packet level. The model is based on a mix of CNN and Gated Recurrent Units (GRU); it is evaluated on three data sets: ISCX2012, USTC-TFC2016, and CICIDS2017, and achieves 99% accuracy.…”

Section: Related Workmentioning

confidence: 99%

Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways

Nguyen

2022

Sensors

View full text Add to dashboard Cite

Cyber security has become increasingly challenging due to the proliferation of the Internet of things (IoT), where a massive number of tiny, smart devices push trillion bytes of data to the Internet. However, these devices possess various security flaws resulting from the lack of defense mechanisms and hardware security support, therefore making them vulnerable to cyber attacks. In addition, IoT gateways provide very limited security features to detect such threats, especially the absence of intrusion detection methods powered by deep learning. Indeed, deep learning models require high computational power that exceeds the capacity of these gateways. In this paper, we introduce Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network. The superiority of our proposal is that it can accurately detect multiple cyber attacks in real time with a small computational footprint. This is achieved by a lightweight feature extraction mechanism and an efficient attack detection model powered by deep neural networks. Our evaluations on practical datasets indicate that Realguard could detect ten types of attacks (e.g., port scan, Botnet, and FTP-Patator) in real time with an average accuracy of 99.57%, whereas the best of our competitors is 98.85%. Furthermore, our proposal effectively operates on resource-constraint gateways (Raspberry PI) at a high packet processing rate reported about 10.600 packets per second.

show abstract

“…Most IDS need packets to be gathered into certain flows and then analyzed, incurring processing delays, even the most sophisticated ones. In order to identify malicious traffic at the packet level, Wang et al [15] offer a deep learning strategy, employing hierarchical networks, which can learn the properties of communication using basic data packets. They also explored how data balance affects classification performance and time efficiency between the LSTM and GRU models.…”

Section: Related Workmentioning

confidence: 99%

Design and Development of RNN Anomaly Detection Model for IoT Networks

Ullah

Mahmoud

2022

IEEE Access

View full text Add to dashboard Cite

Cybersecurity is important today because of the increasing growth of the Internet of Things (IoT), which has resulted in a variety of attacks on computer systems and networks. As the number of various IoT devices and services grows, cyber security will become an increasingly difficult issue to manage. Malicious traffic identification using deep learning techniques has emerged as a key component of networkbased intrusion detection systems (IDS). Deep learning methods have been a research focus in network intrusion detection. A recurrent neural network is useful in a wide range of applications. This paper proposes a novel deep learning model for detecting anomalies in IoT networks using recurrent neural networks. The proposed model is implemented in IoT networks utilizing LSTM, BiLSTM, and GRU-based approaches for anomaly detection. A convolutional neural network can analyze input features without losing important information, making them particularly well suited for feature learning. In addition, we propose a hybrid deep learning model based on convolutional and recurrent neural networks. Finally, employing LSTM, BiLSTM, and GRU-based techniques, we propose a lightweight deep learning model for binary classification. The proposed deep learning models are validated using NSLKDD, BoT-IoT, IoT-NI, MQTT, MQTTset, IoT-23, and IoT-DS2 datasets. Our proposed binary and multiclass classification model achieved high accuracy, precision, recall, and F1 score compared to current deep learning implementations.

show abstract

A Deep Hierarchical Network for Packet-Level Malicious Traffic Detection

Cited by 32 publications

References 33 publications

Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks

Design and Development of a Deep Learning-Based Model for Anomaly Detection in IoT Networks

Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways

Design and Development of RNN Anomaly Detection Model for IoT Networks

Contact Info

Product

Resources

About