TU Darmstadt / ULB / TUbiblio

Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks

Garcia Cordero, Carlos ; Hauke, Sascha ; Mühlhäuser, Max ; Fischer, Mathias (2016)
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks.
doi: 10.1109/PST.2016.7906980
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2016
Autor(en): Garcia Cordero, Carlos ; Hauke, Sascha ; Mühlhäuser, Max ; Fischer, Mathias
Art des Eintrags: Bibliographie
Titel: Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks
Sprache: Englisch
Publikationsjahr: Dezember 2016
Verlag: IEEE
Titel der Zeitschrift, Zeitung oder Schriftenreihe: Privacy, Security and Trust Conference
Buchtitel: 14th Annual Conference on Privacy, Security and Trust (PST)
DOI: 10.1109/PST.2016.7906980
Kurzbeschreibung (Abstract):

Defending key network infrastructure, such as Internet backbone links or the communication channels of critical infrastructure, is paramount, yet challenging. The inherently complex nature and quantity of network data impedes detecting attacks in real world settings. In this paper, we utilize features of network flows, characterized by their entropy, together with an extended version of the original Replicator Neural Network (RNN) and deep learning techniques to learn models of normality. This combination allows us to apply anomaly-based intrusion detection on arbitrarily large amounts of data and, consequently, large networks. Our approach is unsupervised and requires no labeled data. It also accurately detects network-wide anomalies without presuming that the training data is completely free of attacks. The evaluation of our intrusion detection method, on top of real network data, indicates that it can accurately detect resource exhaustion attacks and network profiling techniques of varying intensities. The developed method is efficient because a normality model can be learned by training an RNN within a few seconds only.

Freie Schlagworte: - SSI - Area Secure Smart Infrastructures
ID-Nummer: TUD-CS-2016-14643
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 31 Dez 2016 12:59
Letzte Änderung: 14 Jun 2021 06:14
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen