Network Traffic Anomaly Detection via Deep Learning

Fotiadou, Konstantina; Velivassaki, Terpsichori-Helen; Voulkidis, Artemis; Skias, Dimitrios; Tsekeridou, Sofia; Zahariadis, Theodore

doi:10.3390/info12050215

Cited by 34 publications

(13 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figs. [5][6][7][8][9][10][11] illustrates the comparison of the performance metrics in storage overhead, response time, accuracy, attack detection rate, precision, recall, and f-measure. The proposed work achieved less storage overhead due to DAG-based network construction and Multi-zone-wise blockchain.…”

Section: Research Summarymentioning

confidence: 99%

See 1 more Smart Citation

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Kably¹,

Benbarrad²,

Alaoui³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works

show abstract

Section: Research Summarymentioning

confidence: 99%

“…These approaches failed to apply to large volumes of intrusions and had low accuracy and precision [5]. Several existing methods implemented various deep learning techniques to detect the attacks efficiently [6,7]. Most of the attack patterns are similar to benign patterns, but it increases the risk of intrusions.…”

Section: Introductionmentioning

confidence: 99%

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Kably¹,

Benbarrad²,

Alaoui³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…The most significant indicator that quantitatively evaluates the performance of the proposed architectures is the (Accuracy, Acc) metric, defined as follows [24]:…”

Section: Evaluation Metricsmentioning

confidence: 99%

An Intrusion Detection Method for Industrial Control System Based on Machine Learning

et al. 2022

View full text Add to dashboard Cite

The integration of communication networks and the internet of industrial control in Industrial Control System (ICS) increases their vulnerability to cyber attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDS) largely rely on predefined models and are trained mostly on specific cyber attacks, which means the traditional IDS cannot cope with unknown attacks. Additionally, most IDS do not consider the imbalanced nature of ICS datasets, thus suffering from low accuracy and high False Positive Rates when being put to use. In this paper, we propose the NCO–double-layer DIFF_RF–OPFYTHON intrusion detection method for ICS, which consists of NCO modules, double-layer DIFF_RF modules, and OPFYTHON modules. Detected traffic will be divided into three categories by the double-layer DIFF_RF module: known attacks, unknown attacks, and normal traffic. Then, the known attacks will be classified into specific attacks by the OPFYTHON module according to the feature of attack traffic. Finally, we use the NCO module to improve the model input and enhance the accuracy of the model. The results show that the proposed method outperforms traditional intrusion detection methods, such as XGboost and SVM. The detection of unknown attacks is also considerable. The accuracy of the dataset used in this paper reaches 98.13%. The detection rates for unknown attacks and known attacks reach 98.21% and 95.1%, respectively. Moreover, the method we proposed has achieved suitable results on other public datasets.

show abstract

“…Semisupervised anomaly detection methods extract training data from a sufficiently large amount of collected logs or network measurements to provide accurate estimates of the probability distribution of the normal and malicious classes. Unsupervised anomaly detection methodologies aim to automatically identify normal network behaviors from abnormal ones without exploiting labeled data [11]. Moreover, there are also three main anomaly detection methods based on Deep Learning, including Boltzmann Machine-(RBM-) based [12], Stacked Auto Encoders-(SAE-) based [13], and Convolutional Neural Network-(CNN-) based [14].…”

Section: Related Workmentioning

confidence: 99%

Task-Oriented Network Abnormal Behavior Detection Method

Dong

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Since network systems have become increasingly large and complex, the limitations of traditional abnormal packet detection have gradually emerged. The existing detection methods mainly rely on the recognition of packet features, which lack the association of specific applications and result in hysteresis and inaccurate judgement. In this paper, a task-oriented abnormal packet behavior detection method is proposed, which creatively collects action identifications during the execution of network tasks and inserts security labels into communication packets. Specifically, this paper defines the network tasks as a collection of state and action sequences to achieve the fine-grained division of the execution of network tasks, performs Hash value matching based on random communication string and action identification sequence for packet authentication, and proposes a mechanism of action identification sequence matching and abnormal behavior decision-making based on a finite state machine, according to the fine-grained monitoring of task execution action sequence. Furthermore, to verify the validity of the anomaly detection method proposed in this paper, a prototype based on the FTP communication platform is constructed, on which the simulation experiments, including the DDOS attack and backdoor attack, are conducted. The experimental results show that the proposed task-oriented abnormal behavior detection method can effectively intercept network malicious data packets and realize the active security defense for network systems.

show abstract

Network Traffic Anomaly Detection via Deep Learning

Cited by 34 publications

References 53 publications

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

An Intrusion Detection Method for Industrial Control System Based on Machine Learning

Task-Oriented Network Abnormal Behavior Detection Method

Contact Info

Product

Resources

About