research-article

Network anomaly detection using deep learning techniques

Authors:

Mohammad Kazim Hooshmand,

Doreswamy HosahalliAuthors Info & Claims

CAAI Transactions on Intelligence Technology, Volume 7, Issue 2

Pages 228 - 243

https://doi.org/10.1049/cit2.12078

Published: 31 January 2022 Publication History

Abstract

Convolutional neural networks (CNNs) are the specific architecture of feed‐forward artificial neural networks. It is the de‐facto standard for various operations in machine learning and computer vision. To transform this performance towards the task of network anomaly detection in cyber‐security, this study proposes a model using one‐dimensional CNN architecture. The authors' approach divides network traffic data into transmission control protocol (TCP), user datagram protocol (UDP), and OTHER protocol categories in the first phase, then each category is treated independently. Before training the model, feature selection is performed using the Chi‐square technique, and then, over‐sampling is conducted using the synthetic minority over‐sampling technique to tackle a class imbalance problem. The authors' method yields the weighted average f‐score 0.85, 0.97, 0.86, and 0.78 for TCP, UDP, OTHER, and ALL categories, respectively. The model is tested on the UNSW‐NB15 dataset.

References

[1]

Vinayakumar, R., et al.: Deep learning approach for intelligent intrusion detection system. IEEE Access. 7, 41525–41550 (2019)

[2]

Baek, S., et al.: Unsupervised labeling for supervised anomaly detection in enterprise and cloud networks. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 205–210. IEEE (2017)

[3]

Kwon, D., et al.: An empirical study on network anomaly detection using convolutional neural networks. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 1595–1598. IEEE (2018)

[4]

Deng, L., Yu, D.: Deep learning: methods and applications. Found. Trends Signal Process. 7(3–4), 197–387 (2014)

[5]

Japkowicz, N., et al.: Learning from imbalanced data sets: a comparison of various strategies. In: AAAI Workshop on Learning From Imbalanced Data Sets, vol. 68, pp. 10–15. AAAI Press, Menlo Park, CA. (2000)

[6]

Hooshmand M.K., et al.: Using ensemble learning approach to identify rare cyberattacks in network traffic data. In: 2020 International Conference on Advanced Computer Science and Information Systems (ICACSIS), pp. 141–146. IEEE (2020)

[7]

Primartha, R., Tama, B.A.: Anomaly detection using random forest: a performance revisited. In: 2017 International Conference on Data and Software Engineering (ICoDSE), pp. 1–6. IEEE (2017)

[8]

Hu, W., Liao, Y., Vemuri, V.R.: Robust anomaly detection using support vector machines. In: Proceedings of the International Conference on Machine Learning, pp. 282–289. Citeseer (2003)

[9]

Lei, Y.: Network anomaly traffic detection algorithm based on svm. In: 2017 International Conference on Robots & Intelligent System (ICRIS), pp. 217–220. IEEE (2017)

[10]

Hooshmand, D.M.K.: Machine learning based network anomaly detection. Int. J. Recent Technol. Eng. (2019)

[11]

Batista, G.E., Prati, R.C., Monard, M.C.: A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD Explorations Newslett. 6(1), 20–29 (2004)

[12]

Singh, A., Purohit, A.: A survey on methods for solving data imbalance problem for classification. Int. J. Comput. Appl. 127(15), 37–41 (2015)

[13]

Kumari, C., Abulaish, M., Subbarao, N.: Using smote to deal with class‐imbalance problem in bioactivity data to predict mtor inhibitors. SN Comput. Sci. 1, 1–7 (2020)

[14]

Li, Z., et al.: Intrusion detection using convolutional neural networks for representation learning. In: International Conference on Neural Information Processing, pp. 858–866. Springer (2017)

[15]

Tang, T.A., et al.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE (2016)

[16]

Vinayakumar, R., Soman, K., Poornachandran, P.: Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1222–1228. IEEE (2017)

[17]

Potluri, S., Diedrich, C.: Accelerated deep neural networks for enhanced intrusion detection system. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–8. IEEE (2016)

[18]

Potluri, S., Diedrich, C.: Deep feature extraction for multi‐class intrusion detection in industrial control systems. Int. J. Comput. Theory Eng. 9(5), 374–379 (2017)

[19]

Sheikhan, M., Jadidi, Z., Farrokhi, A.: Intrusion detection using reduced‐size rnn based on feature grouping. Neural Comput. Appl. 21(6), 1185–1190 (2012)

[20]

Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the unsw‐nb15 data set and the comparison with the kdd99 data set. Inf. Secur. J. A Glob. Perspect. 25(1‐3), 18–31 (2016)

[21]

Moustafa, N., Slay, J.: The unsw‐nb15 data set description, Unsw. adfa. edu. au. [Online] https://www.unsw.adfa.edu.au/unsw‐canberracyber/cybersecurity/ADFANB15‐Datasets/ (2016). Accessed 10 May 2020

[22]

Moustafa, N., Slay, J.: Unsw‐nb15: a comprehensive data set for network intrusion detection systems (unsw‐nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)

[23]

Hooshmand, M.K., Gad, I.: Feature selection approach using ensemble learning for network anomaly detection. CAAI Trans. Intell. Technol. 5(4), 283–293 (2020)

[24]

Ganganwar, V.: An overview of classification algorithms for imbalanced datasets. Int. J. Emerg. Technol. Adv. Eng. 2(4), 42–47 (2012)

[25]

Kotsiantis, S., et al.: Handling imbalanced datasets: a review. GESTS Int. Transac. Comput. Sci. Eng. 30(1), 25–36 (2006)

[26]

Ramentol, E., et al.: Smote‐rsb*: a hybrid preprocessing approach based on oversampling and undersampling for high imbalanced data‐sets using SMOTE and rough sets theory. Knowl. Inf. Syst. 33(2), 245–265 (2012)

[27]

Liu, A., Ghosh, J., Martin, C.E.: Generative oversampling for mining imbalanced datasets. DMIN, 66–72 (2007)

[28]

Chawla, N.V., et al.: Smote: synthetic minority over‐sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)

[29]

Abdel‐Hamid, O., et al.: Applying convolutional neural networks concepts to hybrid nn‐hmm model for speech recognition. In: 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 4277–4280. IEEE (2012)

[30]

Lee, C.‐Y., Gallagher, P.W., Tu, Z.: Generalizing pooling functions in convolutional neural networks: mixed, gated, and tree. In: Artificial Intelligence and Statistics, pp. 464–472. PMLR (2016)

[31]

O’Shea, K., Nash, R.: An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458 (2015)

[32]

Wu, H., Gu, X.: Max‐pooling dropout for regularization of convolutional neural networks. In: International Conference on Neural Information Processing, pp. 46–54. Springer (2015)

[33]

Pedregosa, F., et al.: Scikit‐learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

[34]

Team, T.T.D., et al.: Theano: a python framework for fast computation of mathematical expressions. arXiv preprint arXiv:1605.02688 (2016)

[35]

Sriram, S., et al.: Dcnn‐ids: deep convolutional neural network based intrusion detection system. In: International Conference on Computational Intelligence, Cyber Security, and Computational Models, pp. 85–92. Springer (2019)

[36]

Potluri, S., Ahmed, S., Diedrich, C.: Convolutional neural networks for multi‐class intrusion detection system. In: International Conference on Mining Intelligence and Knowledge Exploration, pp. 225–238. Springer (2018)

[37]

Sriram, S., et al.: Network flow based IoT botnet attack detection using deep learning. In: IEEE INFOCOM 2020‐IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 189–194. IEEE (2020)

[38]

Vinayakumar, R., et al.: A visualized botnet detection system based deep learning for the Internet of Things networks of smart cities. IEEE Trans. Ind. Appl. 56(4), 4436–4456 (2020)

[39]

Ravi, V., et al.: Adversarial defense: dga‐based botnets and dns homographs detection through integrated deep learning. IEEE Trans. Eng. Manag. (2021)

[40]

Hartl, A., et al.: Explainability and adversarial robustness for rnns. In: 2020 IEEE Sixth International Conference on Big Data Computing Service and Applications (BigDataService), pp. 148–156. IEEE (2020)

Cited By

Tariq NAlsirhani AHumayun MAlserhani FShaheen M(2024)A fog-edge-enabled intrusion detection system for smart gridsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00609-913:1Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1186/s13677-024-00609-9
Li Y(2024)Network Anomaly Detection Algorithm Based on Deep Learning and Data MiningProceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology10.1145/3673277.3673316(220-225)Online publication date: 19-Jan-2024
https://dl.acm.org/doi/10.1145/3673277.3673316
Kumar ASingh NNamasudra SCrespo RMoparthi N(2024)Traffic matrix estimation using matrix-CUR decompositionComputer Communications10.1016/j.comcom.2024.02.002217:C(200-207)Online publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.02.002
Show More Cited By

Recommendations

Capacity of several neural networks with respect to digital adder and multiplier
SSST '95: Proceedings of the 27th Southeastern Symposium on System Theory (SSST'95)

Many neural network designers are often curious about the capacity of a neural network. If they are able to know move about the capacity of neural networks, they would have an easier time deciding what neural network architecture to use as well as how ...
Training multilayer feedforward neural networks using dynamic programming
SSST '96: Proceedings of the 28th Southeastern Symposium on System Theory (SSST '96)

A Abstract: The dynamic programming method is implemented as an alternative supervised training algorithm for designing multilayer feedforward artificial neural networks. The author demonstrates its feasibility and competitiveness by two examples. It ...
Enhanced CNN for image denoising

Owing to the flexible architectures of deep convolutional neural networks (CNNs) are successfully used for image denoising. However, they suffer from the following drawbacks: (i) deep network architecture is very difficult to train. (ii) Deeper networks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image CAAI Transactions on Intelligence Technology

CAAI Transactions on Intelligence Technology Volume 7, Issue 2

June 2022

199 pages

EISSN:2468-2322

DOI:10.1049/cit2.v7.2

Issue’s Table of Contents

© 2022 The Authors. CAAI Transactions on Intelligence Technology published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology and Chongqing University of Technology.

This is an open access article under the terms of the Creative Commons Attribution‐NonCommercial License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 31 January 2022

Author Tags

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tariq NAlsirhani AHumayun MAlserhani FShaheen M(2024)A fog-edge-enabled intrusion detection system for smart gridsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-024-00609-913:1Online publication date: 14-Feb-2024
https://dl.acm.org/doi/10.1186/s13677-024-00609-9
Li Y(2024)Network Anomaly Detection Algorithm Based on Deep Learning and Data MiningProceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology10.1145/3673277.3673316(220-225)Online publication date: 19-Jan-2024
https://dl.acm.org/doi/10.1145/3673277.3673316
Kumar ASingh NNamasudra SCrespo RMoparthi N(2024)Traffic matrix estimation using matrix-CUR decompositionComputer Communications10.1016/j.comcom.2024.02.002217:C(200-207)Online publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.02.002
Hadian Dehkordi MMashhadi SFarahi SNoorallahzadeh M(2024)Verifiable Changeable Threshold Secret Image Sharing Scheme Based on LWE ProblemWireless Personal Communications: An International Journal10.1007/s11277-024-11454-z137:2(1099-1118)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/s11277-024-11454-z
Chen LLi YDeng XLiu CHe TXiao R(2024)Adversarial enhanced attributed network embeddingKnowledge and Information Systems10.1007/s10115-023-01980-w66:2(1301-1336)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10115-023-01980-w
Li ZGe YYue XMeng L(2024)MCAD: Multi-classification anomaly detection with relational knowledge distillationNeural Computing and Applications10.1007/s00521-024-09838-036:23(14543-14557)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s00521-024-09838-0
Xu QAli SYue TNedim ZSingh IChandra SBlincoe KTonella P(2023)KDDT: Knowledge Distillation-Empowered Digital Twin for Anomaly DetectionProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3613879(1867-1878)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3613879
Namasudra SSharma P(2023)Achieving a Decentralized and Secure Cab Sharing System Using Blockchain TechnologyIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.318636124:12(15568-15577)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1109/TITS.2022.3186361

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents