Abstract
Network flow classification allows to distinguish normal flows from deviant behaviors. However, given the diversity of the approaches proposed for intrusion detection via IDS probes, an adequate fundamental solution is required. Indeed, most of existing solutions address a specific context which does not allow to assess the efficiency of the proposed models on a different context. Therefore, we propose in this paper an approach for malicious flow detection based on One Dimensional Convolutional Neural Networks (1D-CNN). Our solution extracts features based on the definition of network flows. Thus, it can be common to any network flow classification model. This feature engineering phase is coupled to CNN’s feature detector in order to provide an efficient classification approach. To evaluate its performance, our solution has been evaluated on two different datasets (a recent dataset extracted from a real IBM industrial context and the NSL-KDD dataset that is widely used in the literature). Moreover, a comparison with existing solutions has been provided to NSL-KDD dataset. Attacks in both datasets have been defined using the globally-accessible knowledge base of adversary tactics and techniques MITRE framework. The evaluation results have shown that our proposed solution allows an efficient and accurate classification in both datasets (with an accuracy rate of 94% at least). Moreover, it outperforms existing solutions in terms of classification metrics and execution time as well.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lin, P., et al.: A novel multimodal deep learning framework for encrypted traffic classification. IEEE/ACM Trans. Network. 31, 1369–1384 (2022)
Zhu, X., et al.: Machine-learning-assisted traffic classification of user activities at programmable data plane. In: 23rd Asia-Pacific Network Operations and Management Symposium (APNOMS) (2022)
Xin, S.: Research of intrusion detection system. In: International Conference on Computational and Information Sciences, pp. 1460–1462 (2013)
Yin, C., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)
Kılıc̨, H., et al.: Evasion techniques efficiency over the IPS/IDS technology. In: 4th International Conference on Computer Science and Engineering (UBMK), pp. 542–547 (2019)
Salman, O., et al.: A review on machine learning-based approaches for Internet traffic classification. Ann. Telecommun. 75(11), 673–710 (2020)
Jabbar, M.A., et al.: Intelligent network intrusion detection using alternating decision trees. In: International Conference on Circuits, Controls, Communications and Computing (I4C) (2016)
Sharmila, B.S., et al.: Intrusion detection system using naive bayes algorithm. In: IEEE International WIE Conference on Electrical and Computer Engineering (WIECON-ECE) (2019)
Meena, G., et al.: A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA. In: International Conference on Computer, Communications and Electronics (Comptelix), pp. 553–558 (2017)
Koc, L., et al.: Network intrusion detection using a HNB binary classifier. In: 17th UKSim-AMSS International Conference on Modelling and Simulation (UKSim), pp. 81–85 (2015). https://doi.org/10.1109/UKSim.2015.37
Varanasi, V., et al.: Network intrusion detection using machine learning, deep learning - a review. In: 4th International Conference on Smart Systems and Inventive Technology (ICSSIT), pp. 1618–1624 (2022)
Vinayakumar, R., et al.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)
Sivamohan, S., et al.: An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory. In: International Conference on Intelligent Technologies (CONIT) (2021)
Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2018)
Azizjon, M., et al.: 1D CNN based network intrusion detection with normalization on imbalanced data. In: International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp. 218–224 (2020)
Atefi, K., et al.: A hybrid anomaly classification with deep learning (DL) and binary algorithms (BA) as optimizer in the intrusion detection system (IDS). In: 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), pp. 29–34 (2020)
Rajesh, P., et al.: Analysis of cyber threat detection and emulation using MITRE attack framework. In: International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pp. 4–12 (2022)
Zheng, W.-F.: Intrusion detection based on convolutional neural network. In: International Conference on Computer Engineering and Application (ICCEA), pp. 273–277 (2020)
Sekharan, S.S., et al.: Profiling SIEM tools and correlation engines for security analytics. In: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 717–721 (2017)
MITRE ATTA &CK. https://attack.mitre.org/
Tavallaee, M., et al.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009)
Shah, B., et al.: Reducing features of KDD cup 1999 dataset for anomaly detection using back propagation neural network. In: 2015 Fifth International Conference on Advanced Computing & Communication Technologies, pp. 247–251 (2015)
Zhang, C., et al.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45 (2019)
Liu, L., et al.: Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access 9, 7550–7563 (2021)
Tauscher, Z., et al.: Learning to detect: a data-driven approach for network intrusion detection. In: 2021 IEEE International Performance, Computing, and Communications Conference (IPCCC), pp. 1–6 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Touré, A., Imine, Y., Delot, T., Gallais, A., Semnont, A., Giraudo, R. (2024). Automated and Improved Detection of Cyber Attacks via an Industrial IDS Probe. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-56326-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56325-6
Online ISBN: 978-3-031-56326-3
eBook Packages: Computer ScienceComputer Science (R0)
