Strengthening Network Security: A Deep Dive into Intrusion Detection with Image-Based CNN and Transfer Learning
Abstract
The application of machine learning (ML) to real-world network intrusion detection has been limited, despite its success reported in the literature. To address the challenges of model updating, this paper presents a new approach that uses convolutional neural networks (CNNs) and transfer learning. To extend the lifetime of the model, the CNN uses flow-based feature expansion. The training data and computational cost are significantly reduced by periodically updating the model using transfer learning. Experiments on 2.6 TB of real-world network traffic demonstrate the feasibility of our proposal. Our proposal improves the average F1 by up to 0.19 without updates thereby improving the accuracy of the system.
References
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on os diversity for scada. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Calugar, A. N., Meng, W., and Zhang, H. (2022). Towards artificial neural network based intrusion detection with enhanced hyperparameter tuning. In IEEE GLOBECOM. IEEE.
de Carvalho Bertoli, G., Junior, L. A. P., Saotome, O., and dos Santos, A. L. (2023). Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. Computers & Security, 127:103106.
dos Santos, R. R., Viegas, E. K., Santin, A. O., and Tedeschi, P. (2023). Federated learning for reliable model updates in network-based intrusion detection. Computers amp; Security, 133:103413.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance bench-marking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Kamali, A. E., Chougdali, K., and Abdellatif, K. (2023). A new intrusion detection system based on convolutional neural network. In ICC 2023 - IEEE International Conference on Communications. IEEE.
Mehedi, S. T., Anwar, A., Rahman, Z., Ahmed, K., and Islam, R. (2023). Dependable intrusion detection system for IoT: A deep transfer learning based approach. IEEE Transactions on Industrial Informatics, pages 1006–1017.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Transactions on Network and Service Management, 17(4):2451–2479.
Okey, O. D., Melgarejo, D. C., Saadi, M., Rosa, R. L., Kleinschmidt, J. H., and Rodriguez, D. Z. (2023). Transfer learning approach to IDS on cloud IoT devices using optimized CNN. IEEE Access, pages 1023–1038.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Abreu, V., and Oliveira, L. S. (2018). Enabling anomaly-based intrusion detection through model generalization. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Williams, N., Zander, S., and Armitage, G. (2006). A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5):5–16.
Wu, X., Sahoo, D., and Hoi, S. C. (2020). Recent advances in deep learning for object detection. Neurocomputing, 396:39–64.
Yang, L. and Shami, A. (2022). A transfer learning and optimized CNN based intrusion detection system for internet of vehicles. In ICC 2022 - IEEE International Conference on Communications. IEEE.
Zayo (2023). The state of ddos attacks ddos insights from q1 & q2, 2023. Technical report, Zayo. Accessed: 2023-10.
Calugar, A. N., Meng, W., and Zhang, H. (2022). Towards artificial neural network based intrusion detection with enhanced hyperparameter tuning. In IEEE GLOBECOM. IEEE.
de Carvalho Bertoli, G., Junior, L. A. P., Saotome, O., and dos Santos, A. L. (2023). Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. Computers & Security, 127:103106.
dos Santos, R. R., Viegas, E. K., Santin, A. O., and Tedeschi, P. (2023). Federated learning for reliable model updates in network-based intrusion detection. Computers amp; Security, 133:103413.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance bench-marking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Kamali, A. E., Chougdali, K., and Abdellatif, K. (2023). A new intrusion detection system based on convolutional neural network. In ICC 2023 - IEEE International Conference on Communications. IEEE.
Mehedi, S. T., Anwar, A., Rahman, Z., Ahmed, K., and Islam, R. (2023). Dependable intrusion detection system for IoT: A deep transfer learning based approach. IEEE Transactions on Industrial Informatics, pages 1006–1017.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Transactions on Network and Service Management, 17(4):2451–2479.
Okey, O. D., Melgarejo, D. C., Saadi, M., Rosa, R. L., Kleinschmidt, J. H., and Rodriguez, D. Z. (2023). Transfer learning approach to IDS on cloud IoT devices using optimized CNN. IEEE Access, pages 1023–1038.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Abreu, V., and Oliveira, L. S. (2018). Enabling anomaly-based intrusion detection through model generalization. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Williams, N., Zander, S., and Armitage, G. (2006). A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5):5–16.
Wu, X., Sahoo, D., and Hoi, S. C. (2020). Recent advances in deep learning for object detection. Neurocomputing, 396:39–64.
Yang, L. and Shami, A. (2022). A transfer learning and optimized CNN based intrusion detection system for internet of vehicles. In ICC 2022 - IEEE International Conference on Communications. IEEE.
Zayo (2023). The state of ddos attacks ddos insights from q1 & q2, 2023. Technical report, Zayo. Accessed: 2023-10.
Published
2024-05-20
How to Cite
HORCHULHACK, Pedro; VIEGAS, Eduardo Kugler; SANTIN, Altair Olivo; SIMIONI, João André.
Strengthening Network Security: A Deep Dive into Intrusion Detection with Image-Based CNN and Transfer Learning. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 449-460.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1420.
