54 research outputs found
Machine learning approach for detection of nonTor traffic
Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset
Multitask Learning for Network Traffic Classification
Traffic classification has various applications in today's Internet, from
resource allocation, billing and QoS purposes in ISPs to firewall and malware
detection in clients. Classical machine learning algorithms and deep learning
models have been widely used to solve the traffic classification task. However,
training such models requires a large amount of labeled data. Labeling data is
often the most difficult and time-consuming process in building a classifier.
To solve this challenge, we reformulate the traffic classification into a
multi-task learning framework where bandwidth requirement and duration of a
flow are predicted along with the traffic class. The motivation of this
approach is twofold: First, bandwidth requirement and duration are useful in
many applications, including routing, resource allocation, and QoS
provisioning. Second, these two values can be obtained from each flow easily
without the need for human labeling or capturing flows in a controlled and
isolated environment. We show that with a large amount of easily obtainable
data samples for bandwidth and duration prediction tasks, and only a few data
samples for the traffic classification task, one can achieve high accuracy. We
conduct two experiment with ISCX and QUIC public datasets and show the efficacy
of our approach
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Multidomain transformer-based deep learning for early detection of network intrusion
Timely response of Network Intrusion Detection Systems (NIDS) is constrained
by the flow generation process which requires accumulation of network packets.
This paper introduces Multivariate Time Series (MTS) early detection into NIDS
to identify malicious flows prior to their arrival at target systems. With this
in mind, we first propose a novel feature extractor, Time Series Network Flow
Meter (TS-NFM), that represents network flow as MTS with explainable features,
and a new benchmark dataset is created using TS-NFM and the meta-data of
CICIDS2017, called SCVIC-TS-2022. Additionally, a new deep learning-based early
detection model called Multi-Domain Transformer (MDT) is proposed, which
incorporates the frequency domain into Transformer. This work further proposes
a Multi-Domain Multi-Head Attention (MD-MHA) mechanism to improve the ability
of MDT to extract better features. Based on the experimental results, the
proposed methodology improves the earliness of the conventional NIDS (i.e.,
percentage of packets that are used for classification) by 5x10^4 times and
duration-based earliness (i.e., percentage of duration of the classified
packets of a flow) by a factor of 60, resulting in a 84.1% macro F1 score (31%
higher than Transformer) on SCVIC-TS-2022. Additionally, the proposed MDT
outperforms the state-of-the-art early detection methods by 5% and 6% on ECG
and Wafer datasets, respectively.Comment: 6 pages, 7 figures, 3 tables, IEEE Global Communications Conference
(Globecom) 202
Classification of Darknet Traffic by Application Type
The darknet is frequently exploited for illegal purposes and activities, which makes darknet traffic detection an important security topic. Previous research has focused on various classification techniques for darknet traffic using machine learning and deep learning. We extend previous work by considering the effectiveness of a wide range of machine learning and deep learning technique for the classification of darknet traffic by application type. We consider the CICDarknet2020 dataset, which has been used in many previous studies, thus enabling a direct comparison of our results to previous work. We find that XGBoost performs the best among the classifiers that we have tested
An intrusion detection system for packet and flow based networks using deep neural network approach
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest data set available at online, formatted with packet based, flow based data and some additional metadata. The data set is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multi-class classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature
Insertion Detection System Employing Neural Network MLP and Detection Trees Using Different Techniques
by addressing intruder attacks, network security experts work to maintain services available at all times. The Intrusion Detection System (IDS) is one of the available mechanisms for detecting and classifying any abnormal behavior. As a result, the IDS must always be up to date with the most recent intruder attack signatures to maintain the confidentiality, integrity, and availability of the services. This paper shows how the NSL-KDD dataset may be used to test and evaluate various Machine Learning techniques. It focuses mostly on the NLS-KDD pre-processing step to create an acceptable and balanced experimental data set to improve accuracy and minimize false positives. For this study, the approaches J48 and MLP were employed. The Decision Trees classifier has been demonstrated to have the highest accuracy rate for detecting and categorizing all NSL-KDD dataset attacks
- …