Deep Feature Extraction for multi-Class Intrusion Detection in Industrial Control Systems

Potluri, Sasanka; Diedrich, Christian

doi:10.7763/ijcte.2017.v9.1169

Cited by 18 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The application of HBOS with dynamic bins showed better results compared to other related methods, especially those detecting R2L and U2R types of attacks. A comparison of results based on the NSL-KDD dataset with other approaches [11][12][13][14][15] is listed in Table 2. The application of HBOS with dynamic bins showed better results compared to other related methods, especially those detecting R2L and U2R types of attacks.…”

Section: Resultsmentioning

confidence: 99%

Application of Histogram-Based Outlier Scores to Detect Computer Network Anomalies

Paulauskas

Baškys

2019

Electronics

View full text Add to dashboard Cite

Misuse activity in computer networks constantly creates new challenges and difficulties to ensure data confidentiality, integrity, and availability. The capability to identify and quickly stop the attacks is essential, as the undetected and successful attack may cause losses of critical resources. The anomaly-based intrusion detection system (IDS) is a valuable security tool that is capable of detecting new, previously unseen attacks. Anomaly-based IDS sends an alarm when it detects an event that deviates from the behavior characterized as normal. This paper analyses the use of the histogram-based outlier score (HBOS) to detect anomalies in the computer network. Experimental results of different histogram creation methods and the influence of the number of bins on the performance of anomaly detection are presented. Experiments were conducted using an NSL-KDD dataset.

show abstract

Section: Resultsmentioning

confidence: 99%

Application of Histogram-Based Outlier Scores to Detect Computer Network Anomalies

Paulauskas

Baškys

2019

Electronics

View full text Add to dashboard Cite

show abstract

“…Because of network bandwidth and data increase, [23] proposes a deep packet inspection in order to learn the necessary feature that would allow DoS, Probe, R2L and U2R attacks detection. The authors used a Deep Neural Networks (DNN) approach which architecture is a stacked auto-encoders for the feature learning, to which a softmax layer is added for the classification ( However, the approach proposed by [23] gives promising results in feature learning and good detection rate for some classes of attacks detection. It uses the NSL-KDD dataset for the experiment.…”

Section: Stacked Auto-encoder Based Anomaly Detectionmentioning

confidence: 99%

Review of Anomaly Detection Systems in Industrial Control Systems Using Deep Feature Learning Approach

Kabore¹,

Kouassi²,

N’goran³

et al. 2021

ENG

View full text Add to dashboard Cite

“…However, this method had a difficulty in dealing with the unbalanced data and small samples. Potluri et al [22] used DBN for feature extraction, and softmax and SVM for classification at the end of the network. The detection accuracy of categories of attacks on the NSL-KDD dataset was 80-90%, while that of small categories was about 20%.…”

Section: Related Work a Machine Learning Based Intrusion Detectimentioning

confidence: 99%

A Multiple-Layer Representation Learning Model for Network-Based Attack Detection

et al. 2019

View full text Add to dashboard Cite

Accurate detection of network-based attacks is crucial to prevent security breaches of information systems. The recent application of deep learning approaches for network intrusion detection has shown promising. However, the challenges remain on how to deal with imbalance data and small samples as well as reducing false alarm rate (FAR). To address these issues, this work has proposed a multiple-layer representation learning model for accurate end-to-end network intrusion detection by combining deep convolutional neural networks (CNN) with gcForest. The contributions of this work lie in 1) a new data encoding scheme based on P-Zigzag to encode network traffic data into two-dimensional gray-scale images for representation learning without loss of original information; 2) The combination of gcForest and CNN allows accurate detection on imbalanced data and small scale data with fewer hyperparamters comparing to most existing deep learning models, which increase computational efficiency. The proposed approach is based on a multiple-layer approach consisting of a coarse layer and a fine layer, in which the coarse layer with the improved CNN model (GoogLeNetNP) focuses on identification of N abnormal classes and a normal class. While in the fine layer, an improved model based on gcForest (caXGBoost) further classifies the abnormal classes into N-1 subclasses. This ensures fine-grained detection of various attacks. The proposed framework has been compared with the existing deep learning models using three real datasets (a new dataset NBC, a combination of UNSW-NB15 and CICIDS2017 consisting of 101 classes). The experimental results show that our proposed method outperforms other single deep learning methods (i.e., AlexNet, VGG19, GoogleNet, InceptionV3, ResNet18) in terms of accuracy, detection rate, and FAR, which demonstrates its effectiveness in detecting fine-grained attacks and handling imbalanced datasets with high-precision and low FAR. INDEX TERMS Network intrusion detection, convolutional neural networks, deep random forests, representation learning.

show abstract

Deep Feature Extraction for multi-Class Intrusion Detection in Industrial Control Systems

Cited by 18 publications

References 7 publications

Application of Histogram-Based Outlier Scores to Detect Computer Network Anomalies

Application of Histogram-Based Outlier Scores to Detect Computer Network Anomalies

Review of Anomaly Detection Systems in Industrial Control Systems Using Deep Feature Learning Approach

A Multiple-Layer Representation Learning Model for Network-Based Attack Detection

Contact Info

Product

Resources

About