Intrusion Detection Using Big Data and Deep Learning Techniques

Faker, Osama; Doğdu, Erdoğan

doi:10.1145/3299815.3314439

Cited by 165 publications

(77 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Faker et al [15] evaluated the performance of three classification methods (DNN, RF, and GBT) using Apache Spark on subsets of the selected features from both UNSW-NB15 and CICIDS2017 datasets. Both binary and multi-class attack classifications were used in their study, and they concluded that DNN has the best performance, exhibiting 99.19% accuracy using the UNSW-NB15 dataset and 99.99% accuracy using CICIDS2017.…”

Section: B Applications Of ML Algorithmsmentioning

confidence: 99%

Evaluation of Machine Learning Algorithms for Anomaly Detection

Elmrabit

Zhou

et al. 2020

2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

105

View full text Add to dashboard Cite

Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyberattack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

show abstract

Section: B Applications Of ML Algorithmsmentioning

confidence: 99%

Evaluation of Machine Learning Algorithms for Anomaly Detection

Elmrabit

Zhou

et al. 2020

2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

105

View full text Add to dashboard Cite

show abstract

“…One was raw PCAP or parsed CSV format, containing network packet level features, and the other was also CSV format, containing network flow level features, which showed the statistic information of many network packets. Out of all the seven works, (Yuan et al 2017;Varenne et al 2019) used packet information as raw inputs, (Yin et al 2017;Ustebay et al 2019;Faker and Dogdu 2019) used flow information as raw inputs, and (Millar et al 2018) explored both cases. Observation 6.3: In order to parse the raw inputs, preprocessing methods, including one-hot vectors for categorical texts, normalization on numeric data, and removal of unused features/data samples, were commonly used.…”

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

“…After preprocessing the raw data, while transformed the data into image representation, (Yuan et al 2017;Varenne et al 2019;Faker and Dogdu 2019;Ustebay et al 2019;Yin et al 2017) directly used the original vectors as an input data. Also, (Millar et al 2018) explored both cases and reported better performance using image representation.…”

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

Using deep learning to solve computer security challenges: a survey

et al. 2020

View full text Add to dashboard Cite

Although using machine learning techniques to solve computer security challenges is not a new idea, the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community. This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. In particular, the review covers eight computer security problems being solved by applications of Deep Learning: security-oriented program analysis, defending return-oriented programming (ROP) attacks, achieving control-flow integrity (CFI), defending network attacks, malware classification, system-event-based anomaly detection, memory forensics, and fuzzing for software security.

show abstract

“…It was created based on B-Profile system [12]. After CIC-2017 released, several studies suggest intrusion detection model using CIC-2017 based on ML [13][14]. CIC-2018 is the most up-to-date dataset including common attacks for IDS evaluation.…”

Section: Introductionmentioning

confidence: 99%

“…CIC-2017 contains network traffic with most common attack families including brute force attacks, heartbleed attacks, botnets, DDOS attacks and web attacks. Faker[13] studies intrusion detection using CIC-2017 and UNSW-NB15 datasets. This study removes socket information to prevent model overfitting.…”

mentioning

confidence: 99%

An Intrusion Detection Model based on a Convolutional Neural Network

Kim¹,

Shin²,

Choi³

2019

J Multimed Inf Syst

100

View full text Add to dashboard Cite

Machine-learning techniques have been actively employed to information security in recent years. Traditional rule-based security solutions are vulnerable to advanced attacks due to unpredictable behaviors and unknown vulnerabilities. By employing ML techniques, we are able to develop intrusion detection systems (IDS) based on anomaly detection instead of misuse detection. Moreover, threshold issues in anomaly detection can also be resolved through machine-learning. There are very few datasets for network intrusion detection compared to datasets for malicious code. KDD CUP 99 (KDD) is the most widely used dataset for the evaluation of IDS. Numerous studies on ML-based IDS have been using KDD or the upgraded versions of KDD. In this work, we develop an IDS model using CSE-CIC-IDS 2018, a dataset containing the most up-to-date common network attacks. We employ deep-learning techniques and develop a convolutional neural network (CNN) model for CSE-CIC-IDS 2018. We then evaluate its performance comparing with a recurrent neural network (RNN) model. Our experimental results show that the performance of our CNN model is higher than that of the RNN model when applied to CSE-CIC-IDS 2018 dataset. Furthermore, we suggest a way of improving the performance of our model.

show abstract

Intrusion Detection Using Big Data and Deep Learning Techniques

Cited by 165 publications

References 27 publications

Evaluation of Machine Learning Algorithms for Anomaly Detection

Evaluation of Machine Learning Algorithms for Anomaly Detection

Using deep learning to solve computer security challenges: a survey

An Intrusion Detection Model based on a Convolutional Neural Network

Contact Info

Product

Resources

About