Application of deep learning model in network reconnaissance attack detection
DOI:
https://doi.org/10.54654/isj.v1i16.922Keywords:
network reconnaissance, anomaly detection, intrusion detection system, machine learning, deep learningTóm tắt
Abstract— In recent years, the number of new types of attacks has increased dramatically. Although there are many types of attack techniques, all of them are following the similar chain of attack, beginning with network reconnaissance phase. Therefore, network reconnaissance attack detection problem is important for every Intrusion Detection System (IDS). In fact, network intrusion detection systems are based on pre-defined rules so they are not able to detect new attacks or variants of known attacks. Meanwhile, hackers have developed many automated toolkits that allow subtle changes to the attack behavior sufficient for IDS to treat as a zero-day attack. To overcome this limitation, many machine learning models have been applied in IDS and implemented in a real network. In this paper, we propose a new approach that uses two stage AutoEncoder to detect network reconnaissance attacks. The proposed approach is evaluated on network security datasets: NSL-KDD, UNSW_NB15, four scenarios of the CTU13 datasets and compared to existing methods.
Downloads
References
Elias Bou-Harb, Mourad Debbabi, and Chadi Assi, Cyber Scanning: A Comprehensive Survey, IEEE Communications Surveys and Tutorials, 2014, 16.3: 1496-1519.
Lee, S. Y, Kim, Y. S., Lee, B. H., Kang, S. H.,Youn, C. H., A probe detection model using the analysis of the fuzzy cognitive maps, Computational Science and Its ApplicationsICCSA 2005, 287-291
Vidhya. M, Efficient classification of portscan attacks using
Support Vector Machine, Green High Performance Computing (ICGHPC), 2013 IEEE International Conference, 2013.
Meijuan Gao, Jingwen Tian, Mingping Xia, Intrusion Detection Method Based on Classify Support Vector Machine, secondInternational Conference on Intelligent Computation Technology and Automation, ICICTA ’09, vol. 2, pp. 391-394.
BHUYAN, Monowar H.; BHATTACHARYYA, Dhruba K.; KALITA, Jugal K, AOCD: An Adaptive Outlier Based oordinated Scan Detection Approach, IJ Network Security, 2012, 14.6: 339-351.
Nguyen Viet Hung, Nguyen Van Quan, Le Thi Trang Linh, Shone Nathan, (2018), “Using Deep Learning Model for Network Scanning Detection”, ICFET '18: Proceedings of the 4th International Conference on Frontiers of Educational Technologies , [117–121].
Van Quan Nguyen; Viet Hung Nguyen; Van Loi Cao; Nhien - An Le Khac; Nathan Shone, (2020), “Clustering-Based Deep Autoencoders for Network Anomaly Detection”, Future Data and Security Engineering (pp.290-303).
Nour Moustafa, Jill Slay, (2015), “NSW-NB15 A Comprehensive Data set for Network Intrusion Detection Systems”, School of Engineering and Information Technology, University of New South Wales at the Australian Defence Force Academy Canberra, Australia.
Xavier Glorot, Yoshua Bengio, (2010), “Understanding the difficulty of training deep feedforward neural networks”, Journal of Machine Learning Research 9, [249-256].
Thang, N. M., & Luong, T. T. (2022). Algorithm for detecting attacks on Web applications based on machine learning methods and attributes queries. Journal of Science and Technology on Information Security, 2(14), 26-34.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).