An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection

Hwang, Ren-Junn; Peng, Min-Chun; Huang, Chien‐Wei; Lin, Po-Ching; Nguyen, Van-Linh

doi:10.1109/access.2020.2973023

Cited by 166 publications

(69 citation statements)

References 27 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Distributed service attack can be launched from different computers controlled by one command center [11]. A group of computers called zombies can be used to launch a DDoS attack on the SDN network [11]. No doubt SDN is a great networking architecture, however, DDoS attacks can bring the whole network down if the network is not secured.…”

Section: Distributed Denial Of Service Attack (Ddos)mentioning

confidence: 99%

Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs)

Makuvaza

Jat

Gamundani³

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

Software-Defined Network (SDN) has emerged as the new big thing in networking. The separation of the control plane from the data plane and application plane gives SDN an edge over traditional networking. With SDN, the devices are configured at the control plane which makes it easier to manage network devices from one central point. However, decoupled architecture creates a single point of failure. A single point of failure attracts cyber-attacks, such as Distributed Denial of Service (DDoS) attacks. Attackers have recently been using multi-vector attacks from single-vector attacks. The need for real-time detection as a countermeasure is of paramount importance. The attackers using sophisticated techniques to launch DDoS attacks dictates the need for a sophisticated intrusion detection system. This paper proposes a Deep Neural Network (DNN) solution for real-time detection of DDoS attacks in SDN. The proposed IDS produced a detection accuracy of 97.59% using fewer resources and less time.

show abstract

Section: Distributed Denial Of Service Attack (Ddos)mentioning

confidence: 99%

Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs)

Makuvaza

Jat

Gamundani³

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

show abstract

“…The exploitation of ML algorithms in the field of cybersecurity is drawing many researchers in this direction, as it is taking security countermeasures to a new level. Concepts such as anomalybased detection, recognition strategies, and network traffic pattern analysis have been intensively discussed in many studies [24]- [28] . Therefore, adopting artificial intelligence (AI) concepts, and ML algorithms in particular, contribute to the development of innovative and effective security solutions that differ from known traditional solutions such as anti-virus software, firewalls, and encryption.…”

Section: B Machine Learning For Es Cybersecuritymentioning

confidence: 99%

Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II

et al. 2021

View full text Add to dashboard Cite

This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach's detection mechanism detects cyber-attacks by distinguishing anomalous performance and resource consumption patterns from a pre-determinable reference model. The defense mechanism of this approach acts as an additional layer of protection for ESs. This technique's effectiveness was previously evaluated statistically, and in this paper, we tested this approach's efficiency computationally by using the support-vector machine algorithm. The datasets were generated and collected based on a testbed model, where it was run repeatedly under different operation conditions (normal cases (Rs) versus attacked cases). The executed attack scenarios are (1) denial-of-service (DoS), (2) brute force (BF), (3) remote code execution (RCE), and man-in-the-middle (MITM). A septenary tuple model, which consists of seven determinants that are analyzed based on seven statistical criteria, is the core of the detection mechanism. The prediction accuracy in terms of classifying anomalous patterns compared to normal patterns based on the confusion matrix revealed promising results, proving this approach's effectiveness, where the final results confirmed very high prediction accuracies in terms of distinguishing anomalous patterns from the typical patterns. Therefore, integrating the ARCD concept into the operating system's instructions will help software developers to augment the security countermeasures of the ESs. Adopting the ARCD approach will pave the way for software engineers to build secure operating systems in line with the embedded system's capabilities, without depleting its resources.

show abstract

“…To discriminate between normal and abnormal traffic, and to auto-profile traffic patterns, D-PACK has been proposed [9]. is approach integrates an unsupervised CNN model to investigate just the first few bytes of the first few packets in each flow, therefore detecting abnormal traffic early using raw packet-level data.…”

Section: Related Work and Motivationmentioning

confidence: 99%

“…Two major gaps were seen during the literature review of anomaly detection problems. Firstly, there is a high falsealarm rate [8][9][10] for the methods used in anomaly detection. Secondly, training datasets were used in the training as well as the testing of models, employing cross-validation processes.…”

Section: Introductionmentioning

confidence: 99%

A Mean Convolutional Layer for Intrusion Detection System

Mohammadpour

Ling

Liew

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

The significant development of Internet applications over the past 10 years has resulted in the rising necessity for the information network to be secured. An intrusion detection system is a fundamental network infrastructure defense that must be able to adapt to the ever-evolving threat landscape and identify new attacks that have low false alarm. Researchers have developed several supervised as well as unsupervised methods from the data mining and machine learning disciplines so that anomalies can be detected reliably. As an aspect of machine learning, deep learning uses a neuron-like structure to learn tasks. A successful deep learning technique method is convolution neural network (CNN); however, it is presently not suitable to detect anomalies. It is easier to identify expected contents within the input flow in CNNs, whereas there are minor differences in the abnormalities compared to the normal content. This suggests that a particular method is required for identifying such minor changes. It is expected that CNNs would learn the features that form the characteristic of the content of an image (flow) rather than variations that are unrelated to the content. Hence, this study recommends a new CNN architecture type known as mean convolution layer (CNN-MCL) that was developed for learning the anomalies’ content features and then identifying the particular abnormality. The recommended CNN-MCL helps in designing a strong network intrusion detection system that includes an innovative form of convolutional layer that can teach low-level abnormal characteristics. It was observed that assessing the proposed model on the CICIDS2017 dataset led to favorable results in terms of real-world application regarding detecting anomalies that are highly accurate and have low false-alarm rate as opposed to other best models.

show abstract

An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection

Cited by 166 publications

References 27 publications

Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs)

Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs)

Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II

A Mean Convolutional Layer for Intrusion Detection System

Contact Info

Product

Resources

About