Hunter in the Dark: Discover Anomalous Network Activity Using Deep Ensemble Network

@article{Yang2021HunterIT,
  title={Hunter in the Dark: Discover Anomalous Network Activity Using Deep Ensemble Network},
  author={Shiyi Yang and Peilun Wu and Hui Guo and Nour Moustafa},
  journal={2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)},
  year={2021},
  pages={829-840}
}
  • Shiyi Yang, Peilun Wu, Nour Moustafa
  • Published 19 May 2021
  • Computer Science
  • 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
Machine learning (ML)-based intrusion detection systems (IDSs) play a critical role in discovering unknown threats in a large-scale cyberspace. They have been adopted as a mainstream hunting method in many organizations, such as financial institutes, manufacturing companies and govern-ment agencies. However, existing designs achieve a high threat detection performance at the cost of a large number of false alarms, leading to alert fatigue. To tackle this issue, in this paper, we propose a… 

Figures and Tables from this paper

References

SHOWING 1-10 OF 54 REFERENCES
DualNet: Locate Then Detect Effective Payload with Deep Attention Network
TLDR
This paper proposes a novel neural network based detection system, DualNet, which is constructed with a general feature extraction stage and a crucial feature learning stage and is more effective than existing DL methods for NID in terms of accuracy, detection rate and false alarm rate.
Pelican: A Deep Residual Network for Network Intrusion Detection
  • Peilun Wu, Hui Guo
  • Computer Science
    2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
  • 2020
TLDR
A deep neural network, Pelican, that is built upon specially-designed residual blocks that can achieve a high attack detection performance while keeping a much low false alarm rate when compared with a set of up-to-date machine learning based designs.
A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks
TLDR
The experimental results show that RNN-IDS is very suitable for modeling a classification model with high accuracy and that its performance is superior to that of traditional machine learning classification methods in both binary and multiclass classification.
1D CNN based network intrusion detection with normalization on imbalanced data
TLDR
A deep learning approach for developing the efficient and flexible IDS using one-dimensional Convolutional Neural Network (1D-CNN) and its variant architectures and is evaluated on UNSW_NB15 IDS dataset to show the effectiveness of this method.
Using convolutional neural networks to network intrusion detection for cyber threats
TLDR
This study focused on network intrusion detection using convolutional neural networks (CNNs) based on LeNet-5 to classify the network threats.
LSTM deep learning method for network intrusion detection system
TLDR
A new idea for Network Intrusion Detection System (NIDS) based on Long Short-TermMemory (LSTM) to recognize menaces and to obtain a long-term memory on them in order to stop the new attacks that are like the existing ones, and at the sametime, to have a single mean to block intrusions.
An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks
TLDR
The experimental results indicate that the AC, FAR, and timeliness of the CNN–IDS model are higher than those of traditional algorithms, therefore, the model has not only research significance but also practical value.
An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units
TLDR
This paper considers the characteristics of the time-related intrusion and proposes a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module that can reach the best performance compared with the recently published methods.
Applying convolutional neural network for network intrusion detection
TLDR
This paper models network traffic as time-series, particularly transmission control protocol / internet protocol (TCP/IP) packets in a predefined time range with supervised learning methods such as multi-layer perceptron (MLP), CNN, CNN-recurrent neural network (CNN-RNN), CNN-long short-term memory ( CNN-LSTM) and CNN-gated recurrent unit (GRU), using millions of known good and bad network connections.
Feed-forward neural network for Network Intrusion Detection
TLDR
A methodology based on feed-forward neural network for intrusion detection with better performances than traditional machine learning techniques can be achieved when all steps of the methodology are applied.
...
...