Anomaly detection in ad-hoc networks based on deep learning model: A plug and play device
Introduction
Ad-hoc network is a temporary, no center and self-organized wireless network. Due to the advantage of flexible, easy to form network and low cost, it has been widely used in military, disaster relief. The other aspect, Ad-hoc network has no fixed infrastructure and no fixed self-protection mechanism. So Ad-hoc network needs to face more security problems than the conventional network. In other words, Ad-hoc network not only faces the security problems of the conventional network, but also faces new security threats such as DoS attacks. Although there have been many intrusion prevention methods in this area. Intrusion prevention is dependable a hundred percent impossible. Hence, anomaly detection can be used as the next line of defense to issue the early-warning signal.
Hinton et al. [1] proposed the concept of deep learning in 2006. Deep neural networks contain more hidden layers than shallow neural network. Along with the increase of layers, compared to traditional machine learning method, deep neural network have more stronger learning ability and can achieve higher accuracy. Therefore, deep learning has been applied successfully in natural language processing [2], speech recognition [3] and image recognition [4]. The most frequently deep learning methods are Deep neural network (DNN), Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM). In this paper, we design a novel plug and play device to detect various attacks based on deep learning model in ad-hoc networks. This plug and play device combines with function of data crawling, data processing and data detection. Firstly, this novel plug and play device need to grab their respective attacks data aiming at different attacks by scraping tool. Next, it parses these captured data and preprocesses the parse data by a series of methods. Then these captured data are translated into easily recognized format and are put into deep learning detection model to detect. This paper we use DNN deep learning model to detect DoS attacks and use DNN, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) detection model to detect XSS and SQL attacks. An alarm will be triggered if the detected result is attack. In this way, we can avoid the detected attack to spreading out in larger scale. The results of the experiment show that these deep learning detection models can achieve very high accuracy and recall. It proofs that the proposed method can be effectively applied for attack detection. In addition, this novel device can be extended to all other attacks with little modification in ad-hoc networks.
The contributions of this paper can be summarized as follows: we are the first to apply deep learning model (DNN, CNN, LSTM) and word2vec model to Ad-hoc network for DoS and privacy attacks detection. Aiming at the characteristics of Ad-hoc network, we develop an anomaly detector against DoS, XSS and SQL attacks. Furthermore, the proposed anomaly detection is implemented on a plug and play device, which makes the adoption of the proposed scheme much easier and more convenient. The plug and play device mainly concludes packets capture module, data processing module, deep learning detection module and response module. In addition, a CNN is usually a two-dimensional(2D) convolutional neural networks, while one-dimensional(1D) CNN is used in this paper. In the experiment, three deep learning models show promising results in terms of detection Accuracy, Precision, Recall and . For the detection of three different attacks, the method proposed in this paper would all achieve over the Accuracy of 98.5%.
The rest of this paper is organized as follows: Section 2 describes the related work. We describe the proposed method in Section 3. Section 4 gives the details of our experiments and results. In Section 5, we conclude the paper and address the future work.
Section snippets
Related work
Intrusion detection system (IDS) is an immediate monitoring system and gives warning when it finds any abnormality. In recent years, many intrusion detection methods have been proposed. In this section, we mainly describe the related work of intrusion detection in ad-hoc networks. On the other hand, with the era of big data coming, many methods have been proposed in order to resolve anomaly detection in large scale datasets. Then at the end of this section, we briefly survey the approaches of
The proposed method
In this section, Firstly, we mainly describe the general attack detection process based on deep learning detection model by using a plug and play device. In addition, aiming at different attacks, the detection process has a minor change. Therefore, the detection flowchart of DoS, XSS and SQL attacks is introduced concretely in the following two subsections, respectively. This paper is focus on deep learning detection models. Hence, we further describe three deep learning models of this paper in
Data preparation
Zhang [28] have simulated an ad hoc network using KDD CUP 99 data set by NS-2. In this paper, we use the same environment aiming at the detection of DoS attacks. Experimental parameters of NS-2 simulation environment are listed in Table 1. The difference is that we only analyse the content associated with DoS attacks. The adopted features are 1, 4–9, 23–31 and 32–41 in KDD CUP 99 data set. More details of these features can refer to KDD CUP 99 data set [29]. Table 2 shows the detailed
Conclusion
Cloud computing, big data and the internet of things have brought about to enterprises chance, they have also brought about new security issues. We need to have new technology to solve these new security issues. Deep learning is the hottest method in the artificial intelligence field. The combination of deep learning and security technologies will be the future of the security field.
In this paper, we design a plug and play device to detect three network attacks based on deep learning model in
Acknowledgements
This work was supported by Ministry of Education - China Mobile Research Foundation under Grant No. MCM20170206, The Fundamental Research Funds for the Central Universities under Grant No. lzujbky-2018-k12, National Natural Science Foundation of China under Grant No. 61402210 and 60973137, Major National Project of High Resolution Earth Observation System under Grant No. 30-Y20A34-9010-15/17, State Grid Corporation Science and Technology Project under Grant No. SGGSKY00FJJS1700302, Program for
Fang Feng received his Master’s degree in Computer Science and Technology from TaiYuan University of Technology in 2013. Now she is a PhD candidate and studying in the School of Information Science and Engineering, Lanzhou University. She is also working at the School of Electronic and Information Engineering of Lanzhou Institute of Technology. She is researching in security, machine learning and neural network.
References (29)
- et al.
A distributed sinkhole detection method using cluster analysis
Expert Syst. Appl.
(2010) Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems
Comput. Commun.
(2011)- et al.
Intrusion detection in manet using classification algorithms: the effects of cost and model selection
Ad Hoc Netw.
(2013) - et al.
Deep learning
Nature
(2015) - et al.
Deep learning for arabic nlp: a survey
J. Comput. Sci.
(2017) Deep learning in speech recognition
Brain Neu. Netw.
(2017)- et al.
Image recognition by deep learning
(2017) - et al.
Routing anomaly detection in mobile ad hoc networks
The International Conference on Computer Communications and Networks, 2003. ICCCN 2003. Proceedings
(2003) - et al.
Secure routing and intrusion detection in ad hoc networks
IEEE International Conference on Pervasive Computing and Communications
(2005) - et al.
Effective intrusion detection using multiple sensors in wireless ad hoc networks
Hawaii International Conference on System Sciences
(2003)
A framework for cost sensitive assessment of intrusion response selection
Computer Software and Applications Conference, 2009. COMPSAC ’09. IEEE International
An intrusion detection algorithm model based on extension clustering support vector machine
International Conference on Artificial Intelligence and Computational Intelligence
Design of hierarchical intrusion detection unit for ad-hoc networks based on bayesian networks
Dissertations & Theses - Gradworks
Cited by (73)
Intrusion Detection using hybridized Meta-heuristic techniques with Weighted XGBoost Classifier
2023, Expert Systems with ApplicationsA gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems
2023, Applied Soft ComputingAn intelligent intrusion detection and performance reliability evaluation mechanism in mobile ad-hoc networks
2023, Engineering Applications of Artificial IntelligenceCitation Excerpt :It does not increase the routing overload. This model is deployed in two ways: a plug-and-play (Feng et al., 2019) method and on agent or IDS nodes (Mohanapriya and Krishnamurthi, 2014). A performance reliability evaluation method provides an additional performance parameter, which analyzes after the execution of intrusion detection methods.
A space-embedding strategy for anomaly detection in multivariate time series
2022, Expert Systems with ApplicationsCitation Excerpt :Traditional machine learning approaches work well in some special applications; however, generalization is still a big challenge (Khreich et al., 2017; Li et al., 2021; Pereira and Silveira, 2019). Due to the stronger learning ability and higher accuracy, Deep Learning (DL) has become state of the art in time series modeling (Feng et al., 2019; LeCun et al., 2015). The most representative DL models for time series anomaly detection include Long Short-Term Memory (LSTM) (Chauhan et al., 2019; Hundman et al., 2018; Lin et al., 2020), Autoencoder (AE) (Aygun et al., 2017; Borghesi et al., 2019; Kim et al., 2020), and Generative adversarial network (GAN) (Liang et al., 2021), etc.
A bio-inspired hybrid deep learning model for network intrusion detection
2022, Knowledge-Based Systems
Fang Feng received his Master’s degree in Computer Science and Technology from TaiYuan University of Technology in 2013. Now she is a PhD candidate and studying in the School of Information Science and Engineering, Lanzhou University. She is also working at the School of Electronic and Information Engineering of Lanzhou Institute of Technology. She is researching in security, machine learning and neural network.
Liu Xin, a security engineer who is studying for a master degree in Lanzhou University. He focus on various types of information securities, especially web scanning and security management.
Binbin Yong received his Master’s degree in Computer Science and Technology from Lanzhou University in 2012, and received PhD in the School of Information Science and Engineering, Lanzhou University in 2017. He is researching in parallel computing of GPU, machine learning, deep learning and general vector machine.
Rui Zhou received his BS in Computer Science from Lanzhou University in 2004, and received his PhD in Applied Mathematics from Lanzhou University in 2010. He is currently working at the School of Information Science and Engineering of Lanzhou University.
Qingguo Zhou received the BS and MS degrees in Physics from Lanzhou University in 1996 and 2001, respectively, and received PhD in Theoretical Physics from Lanzhou University in 2005. Now he is a professor of Lanzhou University and working in the School of Information Science and Engineering. He is also a Fellow of IET. He was a recipient of IBM Real-Time Innovation Award in 2007, a recipient of Google Faculty Award in 2011, and a recipient of Google Faculty Research Award in 2012. His research interests include safety-critical systems, embedded systems, and real-time systems.