nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders

verfasst von : Samir Puuska, Tero Kokkonen, Janne Alatalo, Eppu Heilimo

Erschienen in: Innovative Security Solutions for Information Technology and Communications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The number of intrusions and attacks against data networks and networked systems increases constantly, while encryption has made it more difficult to inspect network traffic and classify it as malicious. In this paper, an anomaly-based intrusion detection system using Haar wavelet transforms in combination with an adversarial autoencoder was developed for detecting malicious TLS-encrypted Internet traffic. Data containing legitimate, as well as advanced malicious traffic was collected from a large-scale cyber exercise and used in the analysis. Based on the findings and domain expertise, a set of features for distinguishing modern malware from packet timing analysis were chosen and evaluated. Performance of the adversarial autoencoder was compared with a traditional autoencoder. The results indicate that the adversarial model performs better than the traditional autoencoder. In addition, a machine learning pipeline capable of analyzing traffic in near real time was developed for data analysis.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Limited Proxying for Content Filtering Based on X.509 Proxy Certificate Profile

Nächstes Kapitel Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods

https://www.cobaltstrike.com/.

https://www.powershellempire.com/.

https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/.

https://www.kali.org/.

https://trac.torproject.org/projects/tor/wiki/doc/meek.

https://github.com/salesforce/ja3.

Apache Kafka: Apache kafka a distributed streaming platform. https://kafka.apache.org/. Accessed 31 Aug 2018

Apache Spark: Apache Spark lightning-fast unified analytics engine. https://spark.apache.org/ Accessed 31 Aug 2018

Chan, K., Fu, W.: Efficient time series matching by wavelets. In: Proceedings 15th International Conference on Data Engineering (Cat. No. 99CB36337), pp. 126–133, March 1999. https://doi.org/10.1109/ICDE.1999.754915

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 15:1–15:58 (2009). https://doi.org/10.1145/1541880.1541882CrossRef

Daubechies, I.: The wavelet transform, time-frequency localization and signal analysis. IEEE Trans. Inf. Theory 36(5), 961–1005 (1990). https://doi.org/10.1109/18.57199MathSciNetCrossRefMATH

Dhingra, M., Jain, M., Jadon, R.S.: Role of artificial intelligence in enterprise information security: a review. In: 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC), pp. 188–191, December 2016. https://doi.org/10.1109/PDGC.2016.7913142

Goodfellow, I., et al.: Generative adversarial nets. In: Ghahramani, Z., Welling, M., Cortes, C., Lawrence, N.D., Weinberger, K.Q. (eds.) Advances in Neural Information Processing Systems, vol. 27, pp. 2672–2680. Curran Associates, Inc. (2014)

Haar, A.: Zur theorie der orthogonalen funktionensysteme. Mathematische Annalen 69(3), 331–371 (1910). https://doi.org/10.1007/BF01456326MathSciNetCrossRefMATH

Hendler, D., Kels, S., Rubin, A.: Detecting malicious powershell commands using deep neural networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018, pp. 187–197. ACM, New York (2018). https://doi.org/10.1145/3196494.3196511

10.

Husák, M., Čermák, M., Jirsík, T., Čeleda, P.: HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. EURASIP J. Inf. Secur. 2016(1), 6 (2016). https://doi.org/10.1186/s13635-016-0030-7CrossRef

11.

JAMK University of Applied Sciences, Institute of Information Technology, JYVSECTEC: Rgce cyber range. http://www.jyvsectec.fi/en/rgce/. Accessed 23 Aug 2018

12.

Kokkonen, T., Puuska, S.: Blue team communication and reporting for enhancing situational awareness from white team perspective in cyber security exercises. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN/ruSMART -2018. LNCS, vol. 11118, pp. 277–288. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01168-0_26CrossRef

13.

Komar, M., et al.: High performance adaptive system for cyber attacks detection. In: 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 2, pp. 853–858, September 2017. https://doi.org/10.1109/IDAACS.2017.8095208

14.

Le, T., Kim, J., Kim, H.: An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6, February 2017. https://doi.org/10.1109/PlatCon.2017.7883684

15.

Lin, J., Keogh, E., Lonardi, S., Chiu, B.: A symbolic representation of time series, with implications for streaming algorithms. In: Proceedings of the 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery, DMKD 2003, pp. 2–11. ACM, New York (2003). https://doi.org/10.1145/882082.882086

16.

Lippmann, R.P., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 12–26, January 2000. https://doi.org/10.1109/DISCEX.2000.821506

17.

Makhzani, A., Shlens, J., Jaitly, N., Goodfellow, I.: Adversarial autoencoders. In: International Conference on Learning Representations (2016). http://arxiv.org/abs/1511.05644

18.

Ministry of Defence Finland: The national cyber security exercises is organised in Jyväskylä - Kansallinen kyberturvallisuusharjoitus kyha18 järjestetään Jyväskylässä, official bulletin 11th of May 2018, May 2018. https://valtioneuvosto.fi/artikkeli/-/asset_publisher/kansallinen-kyberturvallisuusharjoitus-kyha18-jarjestetaan-jyvaskylassa. Accessed 23 Aug 2018

19.

Mokarian, A., Faraahi, A., Delavar, A.G.: False positives reduction techniques in intrusion detection systems-a review. IJCSNS Int. J. Comput. Sci. Netw. Secur. 13(10), 128–134 (2013)

20.

Pham, T.S., Hoang, T.H., Vu, V.C.: Machine learning techniques for web intrusion detection – a comparison. In: 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE), pp. 291–297, October 2016. https://doi.org/10.1109/KSE.2016.7758069

21.

Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. https://doi.org/10.17487/RFC5246

22.

Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305–316, May 2010. https://doi.org/10.1109/SP.2010.25

23.

Suricata: Suricata Open Source IDS/IPS/NSM engine. https://suricata-ids.org/. Accessed 31 Aug 2018

24.

Suyal, P., Pant, J., Dwivedi, A., Lohani, M.C.: Performance evaluation of rough set based classification models to intrusion detection system. In: 2016 2nd International Conference on Advances in Computing, Communication, Automation (ICACCA) (Fall), pp. 1–6, September 2016. https://doi.org/10.1109/ICACCAF.2016.7748991

25.

Vartouni, A.M., Kashi, S.S., Teshnehlab, M.: An anomaly detection method to detect web attacks using stacked auto-encoder. In: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), pp. 131–134, February 2018. https://doi.org/10.1109/CFIS.2018.8336654

Titel: Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders
verfasst von: Samir Puuska
Tero Kokkonen
Janne Alatalo
Eppu Heilimo
Verlag: Springer International Publishing
Buch: Innovative Security Solutions for Information Technology and Communications
Print ISBN: 978-3-030-12941-5

Electronic ISBN: 978-3-030-12942-2

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-12942-2_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner