TU Darmstadt / ULB / TUbiblio

Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks

Cordero, Carlos Garcia and Hauke, Sascha and Mühlhäuser, Max and Fischer, Mathias (2016):
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks.
In: 14th Annual Conference on Privacy, Security and Trust (PST), IEEE, ISBN 978-1-5090-4379-8,
DOI: 10.1109/PST.2016.7906980, [Conference or Workshop Item]

Abstract

Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Cordero, Carlos Garcia and Hauke, Sascha and Mühlhäuser, Max and Fischer, Mathias
Title: Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks
Language: ["languages_typename_1" not defined]
Abstract:

Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only.

Journal or Publication Title: Privacy, Security and Trust Conference
Title of Book: 14th Annual Conference on Privacy, Security and Trust (PST)
Publisher: IEEE
ISBN: 978-1-5090-4379-8
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
20 Department of Computer Science > Telecooperation
Profile Areas > Cybersecurity (CYSEC)
20 Department of Computer Science
LOEWE > LOEWE-Zentren
Profile Areas
LOEWE
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/PST.2016.7906980
Identification Number: TUD-CS-2016-14643
Export:

Optionen (nur für Redakteure)

View Item View Item