A deep autoencoder and transfer learning model for intrusion detection
Abstract
Machine learning techniques for network-based intrusion detection often assumes that network traffic does not change over time, or that model updates can be easily performed. In this paper we propose a novel reminiscent intrusion detection model based on deep autoencoders and transfer learning to easiness the model update burden. Experiments carried out have shown that approaches in the literature are unable to deal with changes in network traffic over time. The proposed approach is able to decrease the false positive rate by up to 23.9%, and provide accuracy rates similar to traditional techniques, requiring only 22% of training data and 28% of computational costs.
Keywords:
Intrusion Detection, Machine Learning, Deep Autoencoder
References
Ahmim, A., Maglaras, L., Ferrag, M. A., Derdour, M., and Janicke, H. (2019). A novel hierarchical intrusion detection system based on decision tree and rules-based models. In 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). IEEE.
Alam, M., Samad, M., Vidyaratne, L., Glandon, A., and Iftekharuddin, K. (2020). Survey on deep neural networks in speech and vision systems. Neurocomputing, 417:302–321.
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on OS diversity for SCADA. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Cheng, Z., Zhu, E., Wang, S., Zhang, P., and Li, W. (2021). Unsupervised outlier detection via transformation invariant autoencoder. IEEE Access, 9:43991–44002.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchIn Proc. of the 6th Int. Conf. on emerging Networking EXperiments and marking. Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Gondara, L. (2016). Medical image denoising using convolutional denoising autoenIn 2016 IEEE 16th International Conference on Data Mining Workshops coders. (ICDMW). IEEE.
Kevric, J., Jukic, S., and Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 28(S1):1051–1058.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
MAWI (2021). MAWI Working Group Trafc Archive Samplepoint F. Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-view intrusion detection model for reliable and autonomous model updates. In ICC 2021 IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. In 2018 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenantaware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., and Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7:525–550.
Yan, Y., Qi, L., Wang, J., Lin, Y., and Chen, L. (2020). A network intrusion detection method based on stacked autoencoder and LSTM. In ICC 2020 IEEE Int. Conf. on Communications (ICC). IEEE.
Yang, H. and Wang, F. (2019). Wireless network intrusion detection based on improved convolutional neural network. IEEE Access, 7:64366–64374.
Zhang, J., Li, F., Wu, H., and Ye, F. (2019). Autonomous model update scheme for deep learning based network trafc classiers. In 2019 IEEE Global Communications Conference (GLOBECOM). IEEE.
Alam, M., Samad, M., Vidyaratne, L., Glandon, A., and Iftekharuddin, K. (2020). Survey on deep neural networks in speech and vision systems. Neurocomputing, 417:302–321.
Bulle, B. B., Santin, A. O., Viegas, E. K., and dos Santos, R. R. (2020). A host-based intrusion detection model based on OS diversity for SCADA. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE.
Cheng, Z., Zhu, E., Wang, S., Zhang, P., and Li, W. (2021). Unsupervised outlier detection via transformation invariant autoencoder. IEEE Access, 9:43991–44002.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchIn Proc. of the 6th Int. Conf. on emerging Networking EXperiments and marking. Technologies (CoNEXT).
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proc. of the Workshop on New Security Paradigms (NSPW), pages 21–29.
Gondara, L. (2016). Medical image denoising using convolutional denoising autoenIn 2016 IEEE 16th International Conference on Data Mining Workshops coders. (ICDMW). IEEE.
Kevric, J., Jukic, S., and Subasi, A. (2016). An effective combining classier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 28(S1):1051–1058.
Li, X., Chen, W., Zhang, Q., and Wu, L. (2020). Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 95:101851.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PPCensor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
MAWI (2021). MAWI Working Group Trafc Archive Samplepoint F. Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-view intrusion detection model for reliable and autonomous model updates. In ICC 2021 IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. In 2018 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenantaware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., and Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7:525–550.
Yan, Y., Qi, L., Wang, J., Lin, Y., and Chen, L. (2020). A network intrusion detection method based on stacked autoencoder and LSTM. In ICC 2020 IEEE Int. Conf. on Communications (ICC). IEEE.
Yang, H. and Wang, F. (2019). Wireless network intrusion detection based on improved convolutional neural network. IEEE Access, 7:64366–64374.
Zhang, J., Li, F., Wu, H., and Ye, F. (2019). Autonomous model update scheme for deep learning based network trafc classiers. In 2019 IEEE Global Communications Conference (GLOBECOM). IEEE.
Published
2021-10-04
How to Cite
DOS SANTOS, Roger R.; VIEGAS, Eduardo K.; SANTIN, Altair O..
A deep autoencoder and transfer learning model for intrusion detection. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 267-280.
DOI: https://doi.org/10.5753/sbseg.2021.17321.
