nach oben

The Journal of Supercomputing

Erschienen in:

16.10.2020

Multi-level Gaussian mixture modeling for detection of malicious network traffic

verfasst von: Radhika Chapaneri, Seema Shah

Erschienen in: The Journal of Supercomputing | Ausgabe 5/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Along with the growing network connectivity across the world, there is a substantial increase in malicious network traffic to exploit the vulnerabilities, thus hampering several organizations and end-users. Though signature-based and classification-based machine learning approaches can detect malicious network traffic, they cannot reliably detect unknown attacks. Several issues are yet unsolved using the existing approaches such as imbalanced training data, high false alarm rate, and lack of detection of unknown attacks. To address these issues, in this work, we propose a novel multi-level classification method that can accurately classify the network traffic into several classes and identify the novel attacks. The unsupervised Gaussian mixture modeling approach is used to learn the statistical characteristics of each traffic category, and an adaptive thresholding technique based on the interquartile range is used to identify any outlier. The proposed work is evaluated on the benchmark CICIDS2017 dataset that includes modern network traffic patterns. The results show a significant improvement relative to the state-of-the-art techniques for detecting unknown attacks and classifying multiple network traffic attacks.

Vorheriger Artikel Analysis of parallel application checkpoint storage for system configuration

Nächster Artikel Using intelligent technology and real-time feedback algorithm to improve manufacturing process in IoT semiconductor industry

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

McAfee Labs (2019) McAfee Labs threats report, pp. 1–60. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf. Accessed 14 May 2020

Truong D, Tran D, Nguyen L, Mac H, Tran H, Bui T (2019) Detecting web attacks using stacked denoising autoencoder and ensemble learning methods. In: ACM Int. Conf. Proceeding Series pp 267–272. https://doi.org/10.1145/3368926.3369715

Shah S, Issac B (2018) Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems 80:157–170. https://doi.org/10.1016/j.future.2017.10.016CrossRef

Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD CUP 99 dataset. In: Proc. of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA), Ottawa, Canada. https://doi.org/10.1109/CISDA.2009.5356528

Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems. In: Proc. of IEEE Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, pp 10–15. https://doi.org/10.1109/MilCIS.2015.7348942

CVE Identifiers https://cve.mitre.org/cve/ Accessed 4 Jan 2020

Sharafaldin I, Gharib A, Lashkari A, Ghorbani A (2017) Towards a reliable intrusion detection benchmark dataset. Softw Netw 1:177–200. https://doi.org/10.13052/jsn2445-9739.2017.009CrossRef

Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184. https://doi.org/10.1016/j.asoc.2014.01.028CrossRef

Li W, Yi P, Wu Y, Pan L, Li J (2014) A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J Electr Computer Eng 2014:240217. https://doi.org/10.1155/2014/240217CrossRef

10.

Ingre B, Yadav A (2015) Performance analysis of NSL-KDD dataset using ANN. In: IEEE Intl. Conf. on Signal Processing and Communication Engineering Systems pp. 92–96. https://doi.org/10.1109/SPACES.2015.7058223

11.

Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system. Procedia Comput Sci 89:213–217CrossRef

12.

Saied A, Overill R, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. https://doi.org/10.1016/j.neucom.2015.04.101CrossRef

13.

Bhuyan M, Bhattacharyya D, Kalita J (2013) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutor 16:303–336. https://doi.org/10.1109/SURV.2013.052213.00046CrossRef

14.

Chapaneri R, Shah S (2018) A comprehensive survey of machine learning-based network intrusion detection. Smart Intell Comput Appl 104:345–356. https://doi.org/10.1007/978-981-13-1921-1_35CrossRef

15.

Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41:1–58. https://doi.org/10.1145/1541880.1541882CrossRef

16.

Haseeb K, Islam N, Almogren A, Ud Din I (2019) Intrusion prevention framework for secure routing in WSN-based mobile Internet of things. IEEE Access 7:185496–185505. https://doi.org/10.1109/ACCESS.2019.2960633CrossRef

17.

Li L, Hansman R, Palacios R, Welsch R (2016) Anomaly detection via a Gaussian mixture model for flight operation and safety monitoring. Transp Res Part C Emerg Technol 64:45–57. https://doi.org/10.1016/j.trc.2016.01.007CrossRef

18.

Chapaneri R, Shah S (2019) Detection of malicious network traffic using convolutional neural networks. In: IEEE 10th Intl. Conf. on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India. https://doi.org/10.1109/ICCCNT45670.2019.8944814

19.

Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418CrossRef

20.

Kim J, Thu H, Kim H (2017) Long short term memory recurrent neural network classifier for intrusion detection. In: IEEE Intl. Conf. Platform Technology and Service, South Korea. https://doi.org/10.1109/PlatCon.2016.7456805

21.

Wu P, Guo H, Moustafa N (2020) Pelican: a deep residual network for network intrusion detection. In: 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). https://doi.org/10.1109/DSN-W50199.2020.00018

22.

Dutta V, Choraś M, Kozik R, Pawlicki M (2020) Hybrid model for improving the classification effectiveness of network intrusion detection. In: Intl. Conference on Complex, Intelligent, and Software Intensive Systems, Springer, Berlin https://doi.org/10.1007/978-3-030-57805-3_38

23.

Almalawi A, Fahad A, Tari Z, Khan A, Alzahrani N, Bakhsh S, Alassafi M, Alshdadi A, Qaiyum S (2020) Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data. Electronics 9:1017. https://doi.org/10.3390/electronics9061017CrossRef

24.

Merrill N, Eskandarian A (2020) Modified autoencoder training and scoring for robust unsupervised anomaly detection in deep learning. IEEE Access. https://doi.org/10.1109/ACCESS.2020.2997327CrossRef

25.

Chen X, Cao C, Mai J (2020) Network anomaly detection based on deep support vector data description. In: 5th IEEE International Conference on Big Data Analytics (ICBDA). https://doi.org/10.1109/ICBDA49040.2020.9101325

26.

Maaten L, Hinton G (2008) Visualizing data using t-SNE. J Mach Learn Res 9:2579–2605MATH

27.

Pérez D, Alonso S, Morán A, Prada M, Fuertes J, Dománguez M (2019) Comparison of network intrusion detection performance using feature representation. In: Intl. Conf. on Engineering Applications of Neural Networks pp 463–475. https://doi.org/10.1007/978-3-030-20257-6_40

28.

Marir N, Wang H, Feng G, Li B, Jia M (2018) Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2875045CrossRef

29.

Aksu D, Aydin M (2018) Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: IEEE Intl. Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) Turkey pp 77–80. https://doi.org/10.1109/IBIGDELFT.2018.8625370

30.

Sharafaldin I, Habibi L, Ghorbani A (2018) A detailed analysis of the CICIDS2017 data set. In: Intl. Conf. on Information Systems Security and Privacy, Springer Cham.https://doi.org/10.1007/978-3-030-25109-3_9

31.

Yulianto A, Sukarno P, Suwastika N (2019) Improving AdaBoost-based intrusion detection system performance on CICIDS 2017 dataset. In: Journal of Physics: Conference Series, vol 1192, no. 1. https://doi.org/10.1088/1742-6596/1192/1/012018

Titel: Multi-level Gaussian mixture modeling for detection of malicious network traffic
verfasst von: Radhika Chapaneri
Seema Shah
Publikationsdatum: 16.10.2020
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 5/2021
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-020-03447-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 5/2021

Toward forecasting future day air pollutant index in Malaysia

Exploratory study of introducing HPC to non-ICT researchers: institutional strategy is possibly needed for widespread adaption

Accurate computing of facial expression recognition using a hybrid feature extraction technique

ACEP: an adaptive strategy for proactive and elastic processing of complex events

A latency-aware and energy-efficient computation offloading in mobile fog computing: a hidden Markov model-based approach

SDAM: a combined stack distance-analytical modeling approach to estimate memory performance in GPUs

Premium Partner