International journal of advanced smart convergence

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Evaluating Unsupervised Deep Learning Models for Network Intrusion Detection Using Real Security Event Data

  • Jang, Jiho (Department of Computer Software, Sungkyunkwan University) ;
  • Lim, Dongjun (Department of Computer Software, Sungkyunkwan University) ;
  • Seong, Changmin (Department of Computer Software, Sungkyunkwan University) ;
  • Lee, JongHun (Electronics and Telecommunications Research Institute) ;
  • Park, Jong-Geun (Electronics and Telecommunications Research Institute) ;
  • Cheong, Yun-Gyung (Department of Artificial Intelligence, Sungkyunkwan University)
  • Received : 2022.09.15
  • Accepted : 2022.09.19
  • Published : 2022.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.

Keywords

Acknowledgement

This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-00952, Development of 5G Edge Security Technology for Ensuring 5G+ Service Stability and Availability).

References

  1. Raghunath, Bane Raman, and Shivsharan Nitin Mahadeo. "Network intrusion detection system (NIDS)." 2008 First International Conference on Emerging Trends in Engineering and Technology. IEEE, 2008. DOI: 10.1109/ICETET.2008.252.
  2. Buczak, Anna L., and Erhan Guven. "A survey of data mining and machine learning methods for cyber security intrusion detection." IEEE Communications surveys & tutorials 18.2 (2015): 1153-1176. DOI: 10.1109/COMST.2015.2494502.
  3. Zavrak, Sultan, and Murat Iskefiyeli. "Anomaly-based intrusion detection from network flow features using variational autoencoder." IEEE Access 8 (2020): 108346-108358. DOI: 10.1109/ACCESS.2020.3001350.
  4. McHugh, John, Alan Christie, and Julia Allen. "Defending yourself: The role of intrusion detection systems." IEEE software 17.5 (2000): 42-51. DOI: 10.1109/52.877859.
  5. Song, Youngrok, Sangwon Hyun, and Yun-Gyung Cheong. "Analysis of autoencoders for network intrusion detection." Sensors 21.13 (2021): 4294. DOI: 10.3390/s21134294.
  6. Kumar, Sailesh. "Survey of current network intrusion detection techniques." Washington Univ. in St. Louis (2007): 1-18.
  7. Wu, Handong, Stephen Schwab, and Robert Lom Peckham. "Signature based network intrusion detection system and method." U.S. Patent No. 7,424,744. 9 Sep. 2008.
  8. Zhang, Jiong, and Mohammad Zulkernine. "Anomaly based network intrusion detection with unsupervised outlier detection." 2006 IEEE International Conference on Communications. Vol. 5. IEEE, 2006. DOI: 10.1109/ICC.2006.255127.
  9. Ahmad, Zeeshan, et al. "Network intrusion detection system: A systematic study of machine learning and deep learning approaches." Transactions on Emerging Telecommunications Technologies 32.1 (2021): e4150. DOI: 10.1002/ett.4150.
  10. Chkirbene, Zina, et al. "TIDCS: A dynamic intrusion detection and classification system based feature selection." IEEE Access 8 (2020): 95864-95877. DOI: 10.1109/ACCESS.2020.2994931.
  11. Vinayakumar, Ravi, et al. "Deep learning approach for intelligent intrusion detection system." Ieee Access 7 (2019): 41525-41550. DOI: 10.1109/ACCESS.2019.2895334.
  12. Panda, Mrutyunjaya, et al. "Network intrusion detection system: A machine learning approach." Intelligent Decision Technologies 5.4 (2011): 347-356. DOI: 10.3233/IDT-2011-0117.
  13. Althubiti, Sara A., Eric Marcell Jones, and Kaushik Roy. "LSTM for anomaly-based network intrusion detection." 2018 28th International telecommunication networks and applications conference (ITNAC). IEEE, 2018. DOI: 10.1109/ATNAC.2018.8615300.
  14. Jo, Wooyeon, et al. "Packet Preprocessing in CNN-based network intrusion detection system." Electronics 9.7 (2020): 1151. DOI: 10.3390/electronics9071151.
  15. Goodfellow, Ian, et al. "Generative adversarial networks." Communications of the ACM 63.11 (2020): 139-144. DOI: 10.1145/3422622.
  16. Karras, Tero, Samuli Laine, and Timo Aila. "A style-based generator architecture for generative adversarial networks." Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2019. DOI: 10.1109/cvpr.2019.00453.
  17. Zhu, Jun-Yan, et al. "Unpaired image-to-image translation using cycle-consistent adversarial networks." Proceedings of the IEEE international conference on computer vision. 2017. DOI: 10.1109/ICCV.2017.244.
  18. Schlegl, Thomas, et al. "Unsupervised anomaly detection with generative adversarial networks to guide marker discovery." International conference on information processing in medical imaging. Springer, Cham, 2017. DOI: 10.1007/978-3-319-59050-9_12.
  19. Kingma, Diederik P., and Max Welling. "Auto-encoding variational bayes." arXiv preprint arXiv:1312.6114 (2013). DOI: 10.48550/arXiv.1312.6114.
  20. Vincent, Pascal, et al. "Extracting and composing robust features with denoising autoencoders." Proceedings of the 25th international conference on Machine learning. 2008.} DOI: 10.1145/1390156.1390294.
  21. Aygun, R. Can, and A. Gokhan Yavuz. "Network anomaly detection with stochastically improved autoencoder based models." 2017 IEEE 4th international conference on cyber security and cloud computing (CSCloud). IEEE, 2017. DOI: 10.1109/CSCloud.2017.39.
  22. Mirsky, Yisroel, et al. "Kitsune: an ensemble of autoencoders for online network intrusion detection." arXiv preprint arXiv:1802.09089 (2018). DOI: 10.48550/arXiv.1802.09089.
  23. Lee, Jonghoon, et al. "Cyber threat detection based on artificial neural networks using event profiles." IEEE Access 7 (2019): 165607-165626. DOI: 10.1109/ACCESS.2019.2953095.
  24. Chen, Z., Peng, Z., Zou, X., Sun, H. (2022). Deep Learning Based Anomaly Detection for Muti-dimensional Time Series: A Survey. In: Lu, W., Zhang, Y., Wen, W., Yan, H., Li, C. (eds) Cyber Security. CNCERT 2021. Communications in Computer and Information Science, vol 1506. Springer, Singapore. DOI: https://doi.org/10.1007/978-981-16-9229-1_5