TY - GEN
T1 - Unsupervised Approach for Detecting Low Rate Attacks on Network Traffic with Autoencoder
AU - Pratomo, Baskoro Adi
AU - Burnap, Pete
AU - Theodorakopoulos, George
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/4
Y1 - 2018/12/4
N2 - Most approaches to network intrusion detection look only at the header part of network packets. These approaches are able to detect high-rate attacks, such as Denial of Service or probing, with high degrees of accuracy. However, it remains to be seen whether they are also able to detect more subtle attacks, such as when adversaries try to exploit a vulnerability or plant a backdoor. In these cases, the attributes of network packets are usually very similar to the legitimate traffic which presents a limitation for header-only intrusion detection methods. Such attacks present an increasing problem to network security, especially given the rise of Internet of Things (IoT) and the rapidly increasing number of devices that can be exploited through low-intensity attacks. To address this problem we propose the use of the Autoencoder method for network intrusion detection. Autoencoder is a deep learning architecture that has the capability to identify outliers in a dataset. Thus it does not need labelled datasets which contain both legitimate and malicious traffic for training purposes. Through our experiments, we show that the proposed approach was able to detect 100% of low rate attack traffic with an average false positive rate of 8.01%. To demonstrate the improvement over the state of the art we have compared our results to a number of other similar works and our proposed method gave at least 32.81% better in detection rate.
AB - Most approaches to network intrusion detection look only at the header part of network packets. These approaches are able to detect high-rate attacks, such as Denial of Service or probing, with high degrees of accuracy. However, it remains to be seen whether they are also able to detect more subtle attacks, such as when adversaries try to exploit a vulnerability or plant a backdoor. In these cases, the attributes of network packets are usually very similar to the legitimate traffic which presents a limitation for header-only intrusion detection methods. Such attacks present an increasing problem to network security, especially given the rise of Internet of Things (IoT) and the rapidly increasing number of devices that can be exploited through low-intensity attacks. To address this problem we propose the use of the Autoencoder method for network intrusion detection. Autoencoder is a deep learning architecture that has the capability to identify outliers in a dataset. Thus it does not need labelled datasets which contain both legitimate and malicious traffic for training purposes. Through our experiments, we show that the proposed approach was able to detect 100% of low rate attack traffic with an average false positive rate of 8.01%. To demonstrate the improvement over the state of the art we have compared our results to a number of other similar works and our proposed method gave at least 32.81% better in detection rate.
KW - autoen-coder
KW - deep learning
KW - intrusion detection
KW - payload inspection
UR - http://www.scopus.com/inward/record.url?scp=85060493770&partnerID=8YFLogxK
U2 - 10.1109/CyberSecPODS.2018.8560678
DO - 10.1109/CyberSecPODS.2018.8560678
M3 - Conference contribution
AN - SCOPUS:85060493770
T3 - 2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
BT - 2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
Y2 - 11 June 2018 through 12 June 2018
ER -