Intrusion Detection using Deep Neural Networks

Slides:

Advertisements

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Advertisements

Florida International University COP 4770 Introduction of Weka.

Face Recognition: A Convolutional Neural Network Approach

Scott Wiese ECE 539 Professor Hu

Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.

Anomaly Based Intrusion Detection System

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Chapter 5 Data mining : A Closer Look.

Machine Learning Usman Roshan Dept. of Computer Science NJIT.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

Review – Backpropagation

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.

Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

Introduction to machine learning and data mining 1 iCSC2014, Juan López González, University of Oviedo Introduction to machine learning Juan López González.

1 Pattern Classification X. 2 Content General Method K Nearest Neighbors Decision Trees Nerual Networks.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

Look who’s talking? Project 3.1 Yannick Thimister Han van Venrooij Bob Verlinden Project DKE Maastricht University.

Neural Text Categorizer for Exclusive Text Categorization Journal of Information Processing Systems, Vol.4, No.2, June 2008 Taeho Jo* 報告者 : 林昱志.

An Artificial Neural Network Approach to Surface Waviness Prediction in Surface Finishing Process by Chi Ngo ECE/ME 539 Class Project.

BotCop: An Online Botnet Traffic Classifier 鍾錫山 Jan. 4, 2010.

Estimation of car gas consumption in city cycle with ANN Introduction  An ANN based approach to estimation of car fuel consumption  Multi Layer Perceptron.

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao.

WHAT IS DATA MINING?  The process of automatically extracting useful information from large amounts of data.  Uses traditional data analysis techniques.

Active Learning for Network Intrusion Detection ACM CCS 2009 Nico Görnitz, Technische Universität Berlin Marius Kloft, Technische Universität Berlin Konrad.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Lecture 3a Analysis of training of NN

Machine Learning Usman Roshan Dept. of Computer Science NJIT.

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

Speech Recognition through Neural Networks By Mohammad Usman Afzal Mohammad Waseem.

Automatic Classification of Audio Data by Carlos H. L. Costa, Jaime D. Valle, Ro L. Koerich IEEE International Conference on Systems, Man, and Cybernetics.

Combining Models Foundations of Algorithms and Machine Learning (CS60020), IIT KGP, 2017: Indrajit Bhattacharya.

Learning to Detect and Classify Malicious Executables in the Wild by J

Data Mining, Neural Network and Genetic Programming

Speaker Classification through Deep Learning

Convolutional Neural Fabrics by Shreyas Saxena, Jakob Verbeek

Source: Procedia Computer Science（2015）70:

Damiano Bolzoni, Sandro Etalle, Pieter H. Hartel

Policy Compression for MDPs

Deep Learning Convoluted Neural Networks Part 2 11/13/

Machine Learning Week 1.

Convolutional Neural Networks

Detecting Targeted Attacks Using Shadow Honeypots

Prepared by: Mahmoud Rafeek Al-Farra

Introduction to Deep Learning with Keras

Ninja Trader: Introduction to data mining in financial applications

Road Traffic Sign Recognition

An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.

RHMD: Evasion-Resilient Hardware Malware Detectors

Classiﬁcation of highly unbalanced data using deep learning techniques

Intrusion Detection with Neural Networks my awesome graphic ↑

Object Detection Creation from Scratch Samsung R&D Institute Ukraine

Image Classification Painting and handwriting identification

Department of Electrical Engineering

Neural Networks II Chen Gao Virginia Tech ECE-5424G / CS-5824

Face Recognition: A Convolutional Neural Network Approach

Neural Networks II Chen Gao Virginia Tech ECE-5424G / CS-5824

Statistical based IDS background introduction

Introduction to Neural Networks

Elena Mikhalkova, Nadezhda Ganzherli, Yuri Karyakin, Dmitriy Grigoryev

Modeling IDS using hybrid intelligent systems

Presentation transcript:

Intrusion Detection using Deep Neural Networks Milad Ghaznavi

Outline Introduction Dataset Multi Layer Perceptron Convolutional Neural Network Evaluation Related Work Conclusion

Introduction Intrusion Detection Background

DDoS attack an example of intrusion Intrusion Detection Definition Example Intrusion = Malicious activity + Policy violation DDoS attack an example of intrusion

Background Misuse Detection Anomaly Detection Training based on labeled data Rich literature using different approaches Data-mining Classification Rare class predictive models Association rules … No labeled data Building the normal behavior of the network Detection of the deviation from the normal behavior

Background - Continue Advantage Disadvantage Misuse Detection Accurate Detection Less false positive Cannot Detect unknown attacks Anomaly Detection Detection of the unknown attacks High false positive Limited by training data

Dataset Overview OF ISCX Dataset Features OF ISCX Dataset

Overview OF ISCX Dataset 7 Days Traffic from July 11, 2010 to July 17, 2010 Normal Bruteforce + Infiltrating HTTP DDoS DDoS Bruteforce SSH

Features OF ISCX Dataset Type appName Alphabetic destination IP Address sourcePayloadAsUTF Unicode sensorInterfaceId Numeric sourcePort Port number sourcePayloadAsBase64 protocolName destinationPort destinationPayloadAsBase64 direction totalSourceBytes destinationPayloadAsUTF sourceTCPFlagsDescription totalDestinationBytes startDateTime Datetime destinationTCPFlagsDescription totalSourcePackets stopDateTime source totalDestinationPackets Tag Label Payload Tag Features Payload Tag

Multi Layer Perceptron Dataset Preprocessing Training and Testing Network Designs Results

Dataset Preprocessing Payload is discarded Among 17 features 12 features are selected Are digitized Are normalized Features Payload Tag Normalized Features Tag Digitize Normalize

Network Design Hyper Parameters design Optimizer: Adam Cost function: Soft-max cross entropy Learning rate: 0.001 Input layer 12 Neurons 2 Hidden layers: Changing number of neurons: 4, 6, 8 Activation function: ReLU Output layer Changing number of neurons: 2, 3, 4, 5, 6

Training and Testing Training Testing Percentage Epochs: Batch size 50%, 60%, 70%, 80%, 90% Epochs: 10, 20, 30, 40, …, 100 Batch size 1000 Percentage 50%, 40%, 30%, 20%, 10%

Results Results for the classification of traffic flows into anomaly and normal A B C

Results - Continue Epoch = 80

Convolutional Neural Network Dataset Preprocessing Results Design

Dataset Preprocessing Convert a well-defined value to a byte-vector Convert a payload to byte-vector Features Payload Tag … Tag Byte-vector The the payload has different size for each flow The payload size can be very long ?

Dataset Preprocessing - Continue Frequency average Frequency standard deviation

Dataset Preprocessing - Continue Frequency average Frequency standard deviation

Dataset Preprocessing - Continue Create the bag of words Words that are in attack flows and not in normal flows Words whose normalized frequencies are in the range of [avg, avg+std] Compare their normalized frequency in the normal flows Samples in bag of words ERR, ModifiedLast, AdminSection, Login, arpa, HacmeBank_v2_Website, dll, login, OvCgi, anonymousPASS, ManagerWORKGROUP, Apache, Unix, … Words whose normalized frequencies lie this range

Dataset Preprocessing - Continue Features Payload Tag … Tag Byte-vector Bag of words

Design 15x15 6 1 4 5

Results Number of Classes = 6 A B

Evaluation Baselines Compared Results

Baselines SVM Nearest Neighbor Classifier Decision Tree

Compared Results Training Percentage of the Dataset = 70

Related Work Summary of Related Work Comparison of Results

Summary of Related Work

Comparison of Results

Conclusion Summary

Summary Network Anomaly Detection Deep learning seems promising in this area