Garcia Cordero, Carlos ; Hauke, Sascha ; Mühlhäuser, Max ; Fischer, Mathias (2016)
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks.
doi: 10.1109/PST.2016.7906980
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Garcia Cordero, Carlos ; Hauke, Sascha ; Mühlhäuser, Max ; Fischer, Mathias |
| Art des Eintrags: | Bibliographie |
| Titel: | Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks |
| Sprache: | Englisch |
| Publikationsjahr: | Dezember 2016 |
| Verlag: | IEEE |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Privacy, Security and Trust Conference |
| Buchtitel: | 14th Annual Conference on Privacy, Security and Trust (PST) |
| DOI: | 10.1109/PST.2016.7906980 |
| Kurzbeschreibung (Abstract): | Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only. |
| Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures |
| ID-Nummer: | TUD-CS-2016-14643 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 31 Dez 2016 12:59 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum