Skip to main content
Top

2019 | OriginalPaper | Chapter

Dynamic Network Anomaly Detection System by Using Deep Learning Techniques

Authors : Peng Lin, Kejiang Ye, Cheng-Zhong Xu

Published in: Cloud Computing – CLOUD 2019

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The Internet and computer networks are currently suffering from serious security threats. Those threats often keep changing and will evolve to new unknown variants. In order to maintain the security of network, we design and implement a dynamic network anomaly detection system using deep learning methods. We use Long Short Term Memory (LSTM) to build a deep neural network model and add an Attention Mechanism (AM) to enhance the performance of the model. The SMOTE algorithm and an improved loss function are used to handle the class-imbalance problem in the CSE-CIC-IDS2018 dataset. The experimental results show that the classification accuracy of our model reaches 96.2%, which is higher than other machine learning algorithms. In addition, the class-imbalance problem is alleviated to a certain extent, making our method have great practicality.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Ngu, A.H., et al.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet of Things J. 4(1), 1–20 (2017)CrossRef Ngu, A.H., et al.: IoT middleware: a survey on issues and enabling technologies. IEEE Internet of Things J. 4(1), 1–20 (2017)CrossRef
2.
go back to reference Gill, P., Jain, N., Nagappan, N.: Understanding network failures in data centers: measurement, analysis, and implications. ACM SIGCOMM Comput. Commun. Rev. 41(4), 350–361 (2011)CrossRef Gill, P., Jain, N., Nagappan, N.: Understanding network failures in data centers: measurement, analysis, and implications. ACM SIGCOMM Comput. Commun. Rev. 41(4), 350–361 (2011)CrossRef
3.
go back to reference Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection systems. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 113–116 (2018) Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection systems. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 113–116 (2018)
4.
go back to reference LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)CrossRef LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)CrossRef
5.
go back to reference Aksu, D., Aydin, M.A.: Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 77–80 (2018) Aksu, D., Aydin, M.A.: Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 77–80 (2018)
7.
go back to reference Javaid, A., et al.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, pp. 21–26 (2016) Javaid, A., et al.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, pp. 21–26 (2016)
8.
go back to reference Dong, B., Wang, X.: Comparison deep learning method to traditional methods using for network intrusion detection. In: 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN), pp. 581–585 (2016) Dong, B., Wang, X.: Comparison deep learning method to traditional methods using for network intrusion detection. In: 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN), pp. 581–585 (2016)
11.
go back to reference Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRef Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRef
12.
go back to reference Chawla, N.V., et al.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)CrossRef Chawla, N.V., et al.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)CrossRef
13.
go back to reference Chorowski, J.K., et al. Attention-based models for speech recognition. In: Advances in Neural Information Processing Systems, pp. 577–585 (2015) Chorowski, J.K., et al. Attention-based models for speech recognition. In: Advances in Neural Information Processing Systems, pp. 577–585 (2015)
15.
go back to reference Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016), pp. 265–283 (2016) Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016), pp. 265–283 (2016)
16.
go back to reference Kruegel, C., et al.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference. IEEE (2003) Kruegel, C., et al.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference. IEEE (2003)
18.
go back to reference Roesch, M.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229–238 (1999)MathSciNet Roesch, M.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229–238 (1999)MathSciNet
19.
go back to reference Scheirer, W., Chuah, M.C.: Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int. J. Secur. Networks 3(1), 24–35 (2008)CrossRef Scheirer, W., Chuah, M.C.: Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int. J. Secur. Networks 3(1), 24–35 (2008)CrossRef
20.
go back to reference Pfahringer, B.: Winning the kdd99 classification cup: bagged boosting. ACM SIGKDD Explor. Newsl. 1(2), 65–66 (2000)CrossRef Pfahringer, B.: Winning the kdd99 classification cup: bagged boosting. ACM SIGKDD Explor. Newsl. 1(2), 65–66 (2000)CrossRef
21.
go back to reference Levin, I.: Kdd-99 classifier learning contest: Llsoft’s results overview. SIGKDD Explor. 1(2), 67–75 (2000)CrossRef Levin, I.: Kdd-99 classifier learning contest: Llsoft’s results overview. SIGKDD Explor. 1(2), 67–75 (2000)CrossRef
22.
go back to reference Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)CrossRef Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)CrossRef
Metadata
Title
Dynamic Network Anomaly Detection System by Using Deep Learning Techniques
Authors
Peng Lin
Kejiang Ye
Cheng-Zhong Xu
Copyright Year
2019
DOI
https://doi.org/10.1007/978-3-030-23502-4_12

Premium Partner