Gramian angular field transformation-based intrusion detection

• Autorzy: Terzi Duygu Sinanc

Identyfikatory

DOI

10.7494/csci.2022.23.4.4406

• Języki publikacji: EN

Abstrakty

EN

Cyber threats are increasing progressively in their frequency, scale, sophistication, and cost. The advancement of such threats has raised the need to enhance intelligent intrusion-detection systems. In this study, a different perspective has been developed for intrusion detection. Gramian angular fields were adapted to encode network traffic data as images. Hereby, a way to reveal bilateral feature relationships and benefit from the visual interpretation capability of deep-learning methods has been opened. Then, image-encoded intrusions were classified as binary and multi-class using convolutional neural networks. The obtained results were compared to both conventional machine-learning methods and related studies. According to the results, the proposed approach surpassed the success of traditional methods and produced success rates that were close to the related studies. Despite the use of complex mechanisms such as feature extraction, feature selection, class balancing, virtual data generation, or ensemble classifiers in related studies, the proposed approach is fairly plain – involving only data-image conversion and classification. This shows the power of simply changing the problem space.

Słowa kluczowe

EN

encoding intrusions as images; convolutional neural networks; Gramian angular fields; intrusion detection; network security

• Wydawca: Wydawnictwa AGH
• Czasopismo: Computer Science
• Rocznik: 2022
• Tom: T. 23 (4)
• Strony: 571--585
• Opis fizyczny: Bibliogr. 36 poz., rys., tab.

Twórcy

autor

Terzi Duygu Sinanc

• Amasya University, Department of Computer Engineering, Amasya, Turkey

• https://orcid.org//0000-0002-3332-9414

Bibliografia

• [1] Alzubaidi L., Zhang J., Humaidi A.J., Al-Dujaili A., Duan Y., Al-Shamma O., Santamarıa J., Fadhel M.A., Al-Amidie M., Farhan L.: Review of deep learning: Concepts, CNN architectures, challenges, applications, future directions, Journal of Big Data, vol. 8(1), pp. 1–74, 2021.
• [2] Ambusaidi M.A., Tan Z., He X., Nanda P., Lu L.F., Jamdagni A.: Intrusion detection method based on nonlinear correlation measure, International Journal of Internet Protocol Technology, vol. 8(2–3), pp. 77–86, 2014.
• [3] Axelsson S.: The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security, vol. 3(3), pp. 186–205, 2000.
• [4] Buczak A.L., Guven E.: A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Communications Surveys & Tutorials, vol. 18(2), pp. 1153–1176, 2015.
• [5] Chiba Z., Abghour N., Moussaid K., El omri A., Rida M.: Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms, Computers & Security, vol. 86, pp. 291–317, 2019.
• [6] Elmasry W., Akbulut A., Zaim A.H.: Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic, Computer Networks, vol. 168, 2020.
• [7] Goodfellow I., Bengio Y., Courville A.: Deep learning, MIT Press, 2016.
• [8] HerjavecGroup: Official Annual Cybercrime Report. Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades, Steve Morgan, Editor-in-Chief Cybersecurity Ventures, 2019.
• [9] Huang S., Lei K.: IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks, Ad Hoc Networks, vol. 105, 2020. doi: 10.1016/j.adhoc.2020.102177.
• [10] Hussain F., Abbas S.G., Husnain M., Fayyaz U.U., Shahzad F., Shah G.A.: IoT DoS and DDoS Attack Detection using ResNet. In: 2020 IEEE 23rd International Multitopic Conference (INMIC), pp. 1–6, IEEE, 2020.
• [11] Lee J., Kim J., Kim I., Han K.: Cyber threat detection based on artificial neural networks using event profiles, IEEE Access, vol. 7, pp. 165607–165626, 2019.
• [12] Lee J., Park K.: GAN-based imbalanced data intrusion detection system, Personal and Ubiquitous Computing, vol. 25, p. 121–128, 2021. doi: 10.1007/ s00779-019-01332-y.
• [13] Liu L., Xu B., Zhang X., Wu X.: An intrusion detection method for internet of things based on suppressed fuzzy clustering, EURASIP Journal on Wireless Communications and Networking, vol. 2018(1), pp. 1–7, 2018.
• [14] Lyngdoh J., Hussain M.I., Majaw S., Kalita H.K.: An intrusion detection method using artificial immune system approach. In: International Conference on Advanced Informatics for Computing Research, pp. 379–387, Springer, 2018.
• [15] Maaten van der L., Hinton G.: Visualizing Data using t-SNE, Journal of Machine Learning Research, vol. 9(11), pp. 2579–2605, 2008.
• [16] Manimurugan S., Majdi A., Mohmmed M., Narmatha C., Varatharajan R.: Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system, Microprocessors and Microsystems, vol. 79, 2020.
• [17] Mao J., Wang H., Spencer Jr B.F.: Toward data anomaly detection for automated structural health monitoring: Exploiting generative adversarial nets and autoencoders, Structural Health Monitoring, vol. 20(4), pp. 1609–1626, 2021.
• [18] Marir N., Wang H., Feng G., Li B., Jia M.: Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark, IEEE Access, vol. 6, pp. 59657–59671, 2018.
• [19] Milenkoski A., Vieira M., Kounev S., Avritzer A., Payne B.D.: Evaluating computer intrusion detection systems: A survey of common practices, ACM Computing Surveys (CSUR), vol. 48(1), pp. 1–41, 2015.
• [20] Moustafa N., Hu J., Slay J.: A holistic review of network anomaly detection systems: A comprehensive survey, Journal of Network and Computer Applications, vol. 128, pp. 33–55, 2019.
• [21] Nisioti A., Mylonas A., Yoo P.D., Katos V.: From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods, IEEE Communications Surveys & Tutorials, vol. 20(4), pp. 3369–3388, 2018.
• [22] Rath P.S., Barpanda N.K., Singh R., Panda S.: A prototype Multiview approach for reduction of false alarm rate in network intrusion detection system, International Journal of Computer Networks and Communications Security, vol. 5(3), pp. 49–59, 2017.
• [23] Rawashdeh A., Alkasassbeh M., Al-Hawawreh M.: An anomaly-based approach for DDoS attack detection in cloud environment, International Journal of Computer Applications in Technology, vol. 57(4), pp. 312–324, 2018.
• [24] Sharafaldin I., Lashkari A.H., Ghorbani A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp, vol. 1, pp. 108–116, 2018.
• [25] Shyu M.L., Chen S.C., Sarinnapakorn K., Chang L.: A Novel Anomaly Detection Scheme Based on Principal Component Classifier. In: Proceedings of Conference: IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM’03), pp. 353–365, 2003.
• [26] Stojanovic B., Hofer-Schmitz K., Kleb U.: APT datasets and attack modeling for automated detection methods: A review, Computers & Security, vol. 92, 2020.
• [27] Syarif I., Prugel-Bennett A., Wills G.: Unsupervised clustering approach for network anomaly detection. In: International Conference on Networked Digital Technologies, pp. 135–145, Springer, 2012.
• [28] Tama B.A., Nkenyereye L., Islam S.R., Kwak K.S.: An enhanced anomaly detection in web traffic using a stack of classifier ensemble, IEEE Access, vol. 8, pp. 24120–24134, 2020.
• [29] Tan Z., Jamdagni A., He X., Nanda P., Liu R.P.: A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Transactions on Parallel and Distributed Systems, vol. 25(2), pp. 447–456, 2013.
• [30] Voulodimos A., Doulamis N., Doulamis A., Protopapadakis E.: Deep learning for computer vision: A brief review, Computational Intelligence and Neuroscience, vol. 2018, 2018.
• [31] Wang Z., Oates T.: Encoding time series as images for visual inspection and classification using tiled convolutional neural networks. In: Workshops At the Twenty-Ninth AAAI Conference on Artificial Intelligence, 2015.
• [32] Xia S., Pan Z., Chen Z., Bai W., Yang H.: Malware Classification with Markov Transition Field Encoded Images. In: 2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), pp. 1–5, IEEE, 2018.
• [33] Ye N., Chen Q.: An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems, Quality and Reliability Engineering International, vol. 17(2), pp. 105–112, 2001.
• [34] Yilmaz M., Catak F.O., Gul E.: Sensor based cyber attack detections in critical infrastructures using deep learning algorithms, Computer Science, vol. 20(2), pp. 213–243, 2019. doi: 10.7494/csci.2019.20.2.3191.
• [35] Zhang H., Huang L., Wu C.Q., Li Z.: An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset, Computer Networks, vol. 177, 2020. doi: 10.1016/j.comnet.2020. 107315.
• [36] Zhou Y., Cheng G., Jiang S., Dai M.: Building an efficient intrusion detection system based on feature selection and ensemble classifier, Computer Networks, vol. 174, 2020. doi: 10.1016/j.comnet.2020.107247

Uwagi

PL

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).