nach oben

Neural Computing and Applications

Erschienen in:

11.04.2019 | Hybrid Artificial Intelligence and Machine Learning Technologies

Hybrid intrusion detection and signature generation using Deep Recurrent Neural Networks

verfasst von: Sanmeet Kaur, Maninder Singh

Erschienen in: Neural Computing and Applications | Ausgabe 12/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Automated signature generation for Intrusion Detection Systems (IDSs) for proactive security of networks is a promising area of research. An IDS monitors a system or activities of a network for detecting any policy violations or malicious actions and produces reports to the management system. Numerous solutions have been proposed by various researchers so far for intrusion detection in networks. However, the need to efficiently identifying any intrusion in the network is on the rise as the network attacks are increasing exponentially. This research work proposes a deep learning-based system for hybrid intrusion detection and signature generation of unknown web attacks referred as D-Sign. D-Sign is capable of successfully detecting and generating attack signatures with high accuracy, sensitivity and specificity. It has been for attack detection and signature generation of web-based attacks. D-Sign has reported significantly low False Positives and False Negatives. The experimental results demonstrated that the proposed system identifies the attacks proactively than other state-of-the-art approaches and generates signatures effectively thereby causing minimum damage due to network attacks.

Vorheriger Artikel A wrapper-filter feature selection technique based on ant colony optimization

Nächster Artikel Understanding NFC-Net: a deep learning approach to word-level handwritten Indic script recognition

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Kaur S, Singh M (2013) Automatic attack signature generation systems: a review. IEEE Secur Priv 11(6):54–61CrossRef

Kreibich C, Crowcroft J (2004) Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Comput Commun Rev 34(1):51–56CrossRef

Kim HA, Karp B (2004) Autograph: toward automated, distributed worm signature detection. In: 13th usenix security symposium (Security 2004), San Diego, CA, pp 271–286

Singh S, Eitan C, Varghese G, Savage S (2004) Automated worm fingerprinting. In: 6th conference on symposium on operating systems design and implementation (OSDI). USENIX Association, Berkeley, CA, USA, pp 45–60

Singh S, Estan C, Varghese G, Savage S (2003) Earlybird system for real-time detection of unknown worms. Department of Computer Science and Engineering, University of California, San Diego

Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Jonsson E, Valdes A, Almgren M (eds) Recent advances in intrusion detection, vol 3224. Springer, Berlin, Heidelberg, pp 203–222CrossRef

Liang Z, Sekar R (2005) Automatic generation of buffer overflow attack signatures: an approach based on program behavior models. In: 21st annual computer security applications conference, Tucson, Arizona, USA, pp 1–10

Newsome J, Karp B, Song D (2005) Polygraph: automatically generating signatures for polymorphic worm. In: IEEE symposium on security and privacy. IEEE Press, Oakland, pp 226–241

Yegneswaran V, Giffin JT, Barford P, Jha S (2005) An architecture for generating semantic aware signatures. In: USENIX security symposium, pp 97–112

10.

Tang Y, Chen S (2005) Defending against internet worms: a signature based approach. In: IEEE INFOCOM’2005. IEEE Press, Miami, pp 1384–1394

11.

Costa M, Crowcroft J, Castro M, Rowstron A, Zhou L, Zhang L, Barham P (2005) Vigilante: end-to-end containment of Internet worms. In: 20th ACM symposium on operating systems principles (SOSP’05), New York, USA, pp 133–147

12.

Portokalidis G, Slowinska A, Bos H (2006) Argos: an emulator for fingerprinting zero-day attack. In: International conference of ACM SIGOPS EUROSYS, Leuven, Belgium, pp 15–28

13.

Li Z, Sanghi M, Chen Y, Kao M, Chavez B (2006) Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: IEEE symposium on security and privacy (S&P’06). IEEE Computer Society, Washington, pp 32–47

14.

Mohammed MMZE, Chan HA, Ventura N (2008) Honeycyber: automated signature generation for zero-day polymorphic worms. In: IEEE military communications conference (MILCOM), San Diego, CA, pp 1–6

15.

Portokalidis G, Bos H (2008) Eudaemon: involuntary and on-demand emulation against zero-day exploit. In: 3rd international conference on ACM SIGOPS/EuroSys European conference on computer systems, New York, USA, pp 287–299

16.

Griffin K, Schneider S, Hu X, Chiueh T (2009) Automatic generation of string signatures for malware detection. In: 12th international symposium on recent advances in intrusion detection. Springer, Berlin, pp 101–120

17.

Kim I, Kim D, Choi Y, Kang K, Oh J, Jang J (2009) Validation methods of suspicious network flows for unknown attack detection. Int J Comput 3(1):104–114

18.

Werner T, Fuchs C, Gerhards-Padilla E, Martini P (2009) Nebula-generating syntactical network intrusion signatures. In: 2009 4th international conference on malicious and unwanted software (MALWARE). IEEE, pp 31–38

19.

Tahan G, Glezer C, Elovici Y, Rokach L (2010) Auto-Sign: an automatic signature generator for high-speed malware filtering devices. J Comput Virol 6(2):91–103CrossRef

20.

Shabtai A, Menahem E, Elovici Y (2011) F-sign: automatic, function-based signature generation for malware. IEEE Trans Syst Man Cybern Part C Appl Rev 41(4):494–508CrossRef

21.

Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712CrossRef

22.

Wang W, Sheng Y, Wang J, Zeng X, Ye X, Huang Y, Zhu M (2018) HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806CrossRef

23.

Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961CrossRef

24.

Mohammadi S, Namadchian A (2017) A new deep learning approach for anomaly base IDS using memetic classifier. Int J Comput Commun Control 12(5):677–688CrossRef

25.

Yuan X, Li C, Li X (2017) DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE international conference on smartcomputing (SMARTCOMP). IEEE, pp 1–8

26.

Azzouni A, Pujolle G (2017) A long short-term memory recurrent neural network framework for network traffic matrix prediction. arXiv preprint arXiv:1705.05690

27.

Kim J, Shin N, Jo SY, Kim SH (2017) Method of intrusion detection using deep neural network. In: 2017 IEEE international conference on big data and smart computing (BigComp). IEEE, pp 313–316

28.

Tang TA, Mhamdi L, McLernon D, Zaidi SAR, Ghogho M (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 international conference on wireless networks and mobile communications (WINCOM). IEEE, pp 258–263

29.

Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21(6):1185–1190CrossRef

30.

Ma T, Wang F, Cheng J, Yu Y, Chen X (2016) A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors 16(10):1701CrossRef

31.

Shahriar H, Bond W (2017) Towards an attack signature generation framework for intrusion detection systems. In: Dependable, autonomic and securecomputing, 5th international conference on pervasive intelligence and computing, 3rd international conference on bigdata intelligence and computing and cyber science and technology congress(DASC/PiCom/DataCom/CyberSciTech), 2017 IEEE 15th international. IEEE, pp 597–603

32.

Choi S, Lee J, Choi Y, Kim J, Kim I (2016) Hierarchical network signature clustering and generation. In: 2016 international conference on information and communication technology convergence (ICTC). IEEE, pp 1191–1193

33.

Lee S, Kim S, Lee S, Yoon H, Lee D, Choi J, Lee JR (2016) LARGen: automatic signature generation for Malwares using latent Dirichlet allocation. IEEE Trans Depend Secure Comput 15(5):771–783CrossRef

34.

Wang Y, Xiang Y, Zhou W, Yu S (2012) Generating regular expression signatures for network traffic classification in trusted network management. J Netw Comput Appl 35(3):992–1000CrossRef

35.

Gallagher B, Eliassi-Rad T (2008) Classification of HTTP attacks: a study on the ECML/PKDD 2007 discovery challenge. In: Center for Advanced Signal and Image Sciences (CASIS) workshop, pp 1–8

36.

Open Web Application Security Project (OWASP) Top 10 (2017). https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. Accessed 15 Jul 2018

37.

Ukkonen E (1995) On-line construction of suffix trees. Algorithmica 14(3):249–260MathSciNetCrossRef

Titel: Hybrid intrusion detection and signature generation using Deep Recurrent Neural Networks
verfasst von: Sanmeet Kaur
Maninder Singh
Publikationsdatum: 11.04.2019
Verlag: Springer London
Erschienen in: Neural Computing and Applications / Ausgabe 12/2020
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-019-04187-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 12/2020

Prediction of fresh and hardened properties of self-compacting concrete using support vector regression approach

Generative adversarial fusion network for class imbalance credit scoring

A distant supervision method based on paradigmatic relations for learning word embeddings

A novel modified whale optimization algorithm for load frequency controller design of a two-area power system composing of PV grid and thermal generator

A novel hybrid network of fusing rhythmic and morphological features for atrial fibrillation detection on mobile ECG signals

Classification of severe autism in fMRI using functional connectivity and conditional random forests