nach oben

International Journal of Information Security

Erschienen in:

03.12.2019 | regular contribution

A context-aware robust intrusion detection system: a reinforcement learning-based approach

verfasst von: Kamalakanta Sethi, E. Sai Rupesh, Rahul Kumar, Padmalochan Bera, Y. Venu Madhav

Erschienen in: International Journal of Information Security | Ausgabe 6/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to detect malicious activities in the network. However, most of the existing IDSs are incapable of providing higher accuracy and less false positive rate (FPR). Therefore, there is a need for adaptive techniques to detect network intrusions that maintain a balance between accuracy and FPR. In this paper, we present a context-adaptive IDS that uses multiple independent deep reinforcement learning agents distributed across the network for accurate detection and classification of new and complex attacks. We have done extensive experimentation using three benchmark datasets including NSL-KDD, UNSW-NB15 and AWID on our model that shows better accuracy and less FPR compared to the state-of-the-art systems. Further, we analysed the robustness of our model against adversarial attack and observed only a small decrease in accuracy as compared to the existing models. To further improve the robustness of the system, we implemented the concept of denoising autoencoder. Also, we have shown the usability of our system in real-life application with changes in the attack pattern.

Vorheriger Artikel FDCO: attribute-based fast data cloud-outsourcing scheme for mobile devices

Nächster Artikel Lightweight multi-factor mutual authentication protocol for IoT devices

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

It is a Python library for generating adversarial samples.

Each component of a classification vector indicates the classification result of a classifier.

The sample represents a feature vector in our dataset.

The numpy is a Python library that supports for large, multidimensional arrays and matrices.

Mohamed, A.B., Idris, N.B., Shanmugum, B.: A brief introduction to intrusion detection system. In: International Conference on Intelligent Robotics, Automation, and Manufacturing, pp. 263–271. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-35197-6_29

Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502CrossRef

Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)CrossRef

Reddy, R.R., Ramadevi, Y., Sunitha, K.V.N.: Effective discriminant function for intrusion detection using SVM. In: Proceedings of International Conference on Advance in Computing, Communication and Information (ICACCI), pp. 1148–1153 (2016)

Li, W., Yi, P., Wu, Y., Pan, L., Li, J.: A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J. Electron. Comput. Eng. 2014, 240217 (2014)

Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. Artif. Neural Netw. 12(1), 579–584 (2002)

Quinlan, R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)

Ross Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann, Burlington (1993)

Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (BICT), pp. 21–26 (2015)

10.

Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418CrossRef

11.

Lavet, V.F., Henderson, P., Islam, R., Bellemare, M.G., Pineau, J.: An introduction to deep reinforcement learning. arXiv:1811.12560 [cs.LG] (2018)

12.

Mnih, V., et al.: Human-level control through deep reinforcement learning. Nature 518, 529–533 (2015). https://doi.org/10.1038/nature14236CrossRef

13.

Kober, J., Bagnell, J.A., Peters, J.: Reinforcement learning in robotics: a survey. Int. J. Robot. Res. 32(11), 1238–1274 (2013). https://doi.org/10.1177/0278364913495721CrossRef

14.

Mahmud, M., Kaiser, M.S., Hussain, A., Vassanelli, S.: Applications of deep learning and reinforcement learning to biological data. IEEE Trans. Neural Netw. Learn. Syst. 29(6), 2063–2079 (2018). https://doi.org/10.1109/TNNLS.2018.2790388MathSciNetCrossRef

15.

Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. The MIT Press, Cambridge (2015)MATH

16.

Kumar, N., Swain, S.N., Siva Ram Murthy, C.: A novel distributed Q-learning based resource reservation framework for facilitating D2D content access requests in LTE-A networks. IEEE Trans. Netw. Serv. Manag. 15(2), 718–731 (2018). https://doi.org/10.1109/TNSM.2018.2807594CrossRef

17.

Roderick, M., MacGlashan, J.: Implementing the deep Q-network. Stefanie Tellex, Humans To Robots Laboratory, Brown University, Providence, RI 02912, CoRR (2017)

18.

RotaBulò, S., Biggio, B., Pillai, I., Pelillo, M., Roli, F.: Randomized prediction games for adversarial machine learning. IEEE Trans. Neural Netw. Learn. Syst. 28(11), 2466–2478 (2017). https://doi.org/10.1109/TNNLS.2016.2593488MathSciNetCrossRef

19.

Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 26(4), 984–996 (2014). https://doi.org/10.1109/TKDE.2013.57CrossRef

20.

Biggio, B., et al.: Security evaluation of support vector machines in adversarial environments. In: Ma, Y., Guo, G. (eds.) Support Vector Machines Applications, pp. 105–153. Springer, Cham (2014)CrossRef

21.

Papernot, N., McDaniel, P., Wux, X., Jhax, S., Swamiz, A.: Distillation as a defense to adversarial perturbations against deep neural networks. CoRR (2016). https://doi.org/10.1109/SP.2016.41.

22.

Pattanaik, A., Tang, Z., Liu, S., Bommannan, G., Chowdhary, G.: Robust Deep Reinforcement Learning with Adversarial Attacks. University of Illinois at Urbana-Champaign, CoRR (2017)

23.

Wang, Z.: Deep learning-based intrusion detection with adversaries. IEEE Access 6, 38367–38384 (2018)CrossRef

24.

Jain, K., Dubes, R.C.: Algorithms for Clustering Data. Prentice-Hall, Englewood Cliffs (1988)MATH

25.

Blowers, M., Williams, J.: Machine learning applied to cyber operations. In: Network Science and Cybersecurity, pp. 55–175. Springer, New York (2014)

26.

Farnaaz, N., Jabbar, M.A.: Random forest modelling for network intrusion detection system. Procedia Comput. Sci. 89, 213–217 (2016)CrossRef

27.

Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Appl. Soft Comput. 9, 462–469 (2009)CrossRef

28.

Polikar, R.: Ensemble based systems in decision making. IEEE Circuits Syst. Mag. 6(3), 21–45 (2006). https://doi.org/10.1109/MCAS.2006.1688199CrossRef

29.

Gharibian, F., Ghorbani, A.: Comparative study of supervised machine learning techniques for intrusion detection. In: Fifth Annual Conference on Communication Networks and Services Research (CNSR’07), pp. 350–358 (2007)

30.

Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cybern. C Appl. Rev. 38(5), 649–659 (2008). https://doi.org/10.1109/TSMCC.2008.923876CrossRef

31.

Mukkamalla, S., Sung, A.H., Abhraham, A.: Intrusion detection using an ensemble of intelligent paradigms. J. Netw. Comput. Appl. 28, 167–182 (2005)CrossRef

32.

Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Topics Comput. Intell. 2(1), 41–50 (2018). https://doi.org/10.1109/TETCI.2017.277279210.1109/TETCI.2017.2772792CrossRef

33.

Szegedy, C., et al.: Intriguing properties of neural networks (2013). arXiv:1312.6199

34.

Cannady, J.: Next generation intrusion detection: autonomous reinforcement learning of network attacks. In: Proceedings of the 23rd National Information Systems Security Conference, Baltimore, pp. 1–12 (2000)

35.

Xu, X., Xie, T.: A reinforcement learning approach for host-based intrusion detection using sequences of system calls. In: Proceedings of International Conference on Intelligent Computing, Lecture Notes in Computer Science, LNCS 3644, pp. 995–1003 (2005)

36.

Malialis, K., Devlin, S., Kudenko, D.: Distributed reinforcement learning for adaptive and robust network intrusion response. Connect. Sci. 27(3), 234–252 (2015)CrossRef

37.

Servin, A., Kudenko, D.: Multi-agent reinforcement learning for intrusion detection. In: Proceedings of the 5th, 6th and 7th European Conference on Adaptive and Learning Agents and Multi-agent Systems: Adaptation and Multi-agent Learning, pp. 211–223 (2008)

38.

Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, S.: Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Surv. Tutor. 18(1), 184–208 (2016). https://doi.org/10.1109/COMST.2015.2402161CrossRef

39.

Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS). Canberra, ACT 2015, pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942

40.

Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017). https://doi.org/10.1109/TBDATA.2017.2715166CrossRef

41.

Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Glob. Perspect. 25(1–3), 18–31 (2016). https://doi.org/10.1080/19393555.2015.1125974CrossRef

42.

Mikhail, J.W., Fossaceca, J.M., Iammartino, R.: A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection. ACM Trans. Intell. Syst. Technol. 10, 1–27 (2017). https://doi.org/10.1145/3313778CrossRef

43.

Kolias, C., Kolias, V., Kambourakis, G.: TermID: a distributed swarm intelligence-based approach for wireless intrusion detection. Int. J. Inf. Secur. 16, 401–416 (2017). https://doi.org/10.1007/s10207-016-0335-zCrossRef

44.

Nsl-kdd dataset. https://www.unb.ca/cic/datasets/nsl.html (2014). Accessed 23 July 2018

45.

Awid dataset—wireless security datasets project. http://icsdweb.aegean.gr/awid/ (2014). Accessed 6 July 2019

46.

The UNSW-NB15 Dataset Description. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/ (2015). Accessed 10 July 2019

47.

Meena, G., Choudhary, R.R.: A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA. In: International Conference on Computer, Communications and Electronics, Jaipur, pp. 553–558 (2017)

48.

49.

scikit-learn user guide, scikit-learn Developers, Release 0.21.dev0 [User Guide]. http://scikit-learn.org/dev/_downloads/scikit-learn-docs.pdf (2015). Accessed 3 May 2018

50.

Pedregosa, F., Varoquaux, G., Gramfort, A., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetMATH

51.

Goodfellow, I., Papernot, N., Huang, S., Duan, Y., Abbeel, P., Clark, J.: Attacking machine learning with adversarial examples. OpenAI. https://blog.openai.com/adversarial-example-research/ (2017). Accessed 2 June 2018

52.

Goodfellow, I.J., Papernot, N., McDaniel, P.D.: cleverhans v0.1: an adversarial machine learning library. CoRR, arXiv:1610.00768 (2016)

53.

Papernot, N., McDaniel, P., Jhay, S., Fredriksonz, M., Berkay Celik, Z., Swamix, A.: The limitations of deep learning in adversarial setting. In: 1st IEEE European Symposium on Security and Privacy, Saarbrucken, Germany (2016). https://doi.org/10.1109/EuroSP.2016.36

54.

Google Inc.: OpenAI and Pennsylvania State University, a repository for \(cleverhans\) library [Github Repository]. https://github.com/tensorflow/cleverhans (2016). Accessed 3 May 2018

55.

Meng, L., Ding, S., Xue, Y.: Research on denoising sparse autoencoder. Int. J. Mach. Learn. Cybern. 8, 1719–1729 (2017)CrossRef

56.

Chollet, F.: Building Autoencoders in Keras. The Keras Blog [Blog post]. https://blog.keras.io/building-autoencoders-in-keras.html (2016). Accessed 10 May 2018

57.

Ingre, B., Yadav, A.: Performance analysis of NSL-KDD dataset using ANN. In: International Conference on Signal Processing and Communication Engineering Systems, Guntur, pp. 92–96 (2015)

58.

Pham, N.T., Foo, E., Suriadi, S., Jeffrey, H., Lahza, H.F.M.: Improving performance of intrusion detection system using ensemble methods and feature selection. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW ’18, pp. 2:1–2:6. ACM, New York (2018) https://doi.org/10.1145/3167918.3167951

59.

Ibrahim, L.M., Basheer, D.T., Mahamod, M.S.: A comparison study for Intrusion Database (KDD99, NSL-KDD) based on Self Organization Map (SOM) artificial neural network. J. Eng. Sci. Technol. 8(1), 107–119 (2013)

60.

Roshan, S., Miche, Y., Akusok, A., Lendasse, A.: Adaptive and online network intrusion detection system using clustering and extreme learning machines. J. Frankl. Inst. 355, 1752–1779 (2018). https://doi.org/10.1016/j.jfranklin.2017.06.006MathSciNetCrossRefMATH

61.

Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263 (2016). https://doi.org/10.1109/WINCOM.2016.7777224

62.

Yang, K., Liu, J., Zhang, C., Fang, Y.: Adversarial examples against the deep learning based network intrusion detection systems,” MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), Los Angeles, CA, USA, pp. 559–564 (2018). https://doi.org/10.1109/MILCOM.2018.8599759

63.

Zhu, M., Hu, Z., Liu, P.: Reinforcement learning algorithms for adaptive cyber defense against heartbleed. In: Proceedings of 1st ACM Workshop Moving Target Defense, pp. 51–58 (2014). https://doi.org/10.1145/2663474.2663481

64.

Blanco, R., Cilla, J.J., Briongos, S., Malagon, P., Moya, J.M.: Applying cost-sensitive classifiers with reinforcement learning to IDS. In: International Conference on Intelligent Data Engineering and Automated Learning, pp. 531–538. Springer, Berlin (2018). https://doi.org/10.1016/j.neucom.2019.02.056

65.

66.

Khammassi, C., Krichen, S.: A GA-LR wrapper approach for feature selection in network intrusion detection. Comput. Secur. 70, 255–270 (2017). https://doi.org/10.1016/j.cose.2017.06.005CrossRef

Titel: A context-aware robust intrusion detection system: a reinforcement learning-based approach
verfasst von: Kamalakanta Sethi
E. Sai Rupesh
Rahul Kumar
Padmalochan Bera
Y. Venu Madhav
Publikationsdatum: 03.12.2019
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 6/2020
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-019-00482-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 6/2020

After you, please: browser extensions order attacks and countermeasures

Lightweight multi-factor mutual authentication protocol for IoT devices

Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation

FDCO: attribute-based fast data cloud-outsourcing scheme for mobile devices

User-mediated authentication protocols and unforgeability in key collision

A language and a pattern system for temporal property specification: advanced metering infrastructure case study

Premium Partner