Deep learning model transposition for network intrusion detection systems

Detalhes bibliográficos
Autor(a) principal: Figueiredo, J.
Data de Publicação: 2023
Outros Autores: Serrão, C., de Almeida, A.
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/28099
Resumo: Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.
id RCAP_b7f9c1da090a7117b309f8bdd38afce6
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/28099
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Deep learning model transposition for network intrusion detection systemsNetwork intrusion detection system (NIDS)Intrusion detectionAnomaly detectionDeep learning (DL)Long short-term memory (LSTM)Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.MDPI2023-03-01T12:25:45Z2023-01-01T00:00:00Z20232023-03-01T12:24:51Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10071/28099eng2079-929210.3390/electronics12020293Figueiredo, J.Serrão, C.de Almeida, A.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:49:17Zoai:repositorio.iscte-iul.pt:10071/28099Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:24:11.582189Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Deep learning model transposition for network intrusion detection systems
title Deep learning model transposition for network intrusion detection systems
spellingShingle Deep learning model transposition for network intrusion detection systems
Figueiredo, J.
Network intrusion detection system (NIDS)
Intrusion detection
Anomaly detection
Deep learning (DL)
Long short-term memory (LSTM)
title_short Deep learning model transposition for network intrusion detection systems
title_full Deep learning model transposition for network intrusion detection systems
title_fullStr Deep learning model transposition for network intrusion detection systems
title_full_unstemmed Deep learning model transposition for network intrusion detection systems
title_sort Deep learning model transposition for network intrusion detection systems
author Figueiredo, J.
author_facet Figueiredo, J.
Serrão, C.
de Almeida, A.
author_role author
author2 Serrão, C.
de Almeida, A.
author2_role author
author
dc.contributor.author.fl_str_mv Figueiredo, J.
Serrão, C.
de Almeida, A.
dc.subject.por.fl_str_mv Network intrusion detection system (NIDS)
Intrusion detection
Anomaly detection
Deep learning (DL)
Long short-term memory (LSTM)
topic Network intrusion detection system (NIDS)
Intrusion detection
Anomaly detection
Deep learning (DL)
Long short-term memory (LSTM)
description Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.
publishDate 2023
dc.date.none.fl_str_mv 2023-03-01T12:25:45Z
2023-01-01T00:00:00Z
2023
2023-03-01T12:24:51Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/28099
url http://hdl.handle.net/10071/28099
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2079-9292
10.3390/electronics12020293
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv MDPI
publisher.none.fl_str_mv MDPI
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134804198817792

Registros relacionados