Network attack classification framework based on Autoencoder model and online stream analysis technology
DOI:
https://doi.org/10.54654/isj.v1i18.938Keywords:
network attack detection, online stream processing, autoencoder, network data representationTóm tắt
Abstract— To deal with diverse and constantly changing forms of cyberattacks, machine learning methods have been researched and applied extensively in network data processing for positive results in network attack detection. However, machine learning models require extensive computational resources and their application to handle significant real-time data flow monitoring problems still needs improvement. In this paper, we research and propose a network attack detection framework using a 2-stage classification algorithm with an Autoencoder model, integrating online stream processing technology based on Apache Kafka and Spark technology. The results show that the proposed framework has high efficiency in detecting network attacks and faster processing time than traditional data processing technology.
Downloads
References
A. Chidukwani, S. Zander and P. Koutsakis, “A Survey on the Cyber Security of Small-to-Medium Businesses: Challenges, Research Focus and Recommendations,” in IEEE Access, vol. 10, pp. 85701-85719, 2022, doi: 10.1109/ACCESS.2022.3197899.
A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi and R. Ahmad, “Machine Learning and Deep Learning Approaches for CyberSecurity: A Review,” in IEEE Access, vol. 10, pp. 19572-19585, 2022, doi: 10.1109/ACCESS.2022.3151248.
R. P. Krupani, M. G. Aditya, C. S. Prithvi Raghavan and H. S. Gururaja, “Big Data Cybersecurity Monitoring System using Machine Learning,” 2021 International Conference on Forensics, Analytics, Big Data, Security (FABS), Bengaluru, India, 2021, pp. 1-7, doi: 10.1109/FABS52071.2021.9702637.
Clay. P. - “A modern threat response framework”, Network Security, v.2015, n. 4, pp. 5(October 2015).
IBM report - “Cost of a data breach 2022” - https://www.ibm.com/reports/data-breach - Last Visited: 7/3/2023.
COLUCCIO, R., Ghidini, G., REALE, A., et al. “Online stream processing of machine-to-machine communications traffic: A platform comparison”. In: IEEE Symposium on Computers and Communication (ISCC), pp. 1{7, 6 2014. doi: 10.1109/ISCC.2014.6912528.
Hu P., Li, H., Fu, H., et al. “Dynamic defense strategy against advanced persistent threat with insiders.” In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747.
Paxson V. “Bro: a system for detecting network intruders in real-time”, Computer Networks, v. 31, n. 23-24, pp. 2435.
Bar A., Finamore A., Casas, P., et al. “Large-scale network traffic monitoring with DBStream, a system for rolling big data analysis.” In: 2014 IEEE International Conference on Big Data (Big Data), pp. 165{170. IEEE, 10 2014. ISBN: 978-1- 4799-5666-1. doi: 10.1109/BigData.2014.7004227.
Stonebraker M.,Etintemel U., Zdonik, S. “The 8 requirements of real-time stream processing”, ACM SIGMOD Record, v. 34, n. 4, pp. 42{ 47, 12 2005. ISSN: 01635808. doi : 10.1145/1107499.1107504.
S plunk Buys Another Startup, Launches Mission Control - https://www.sdxcentral.com/articles/news/splunk-buys-another-startup-launches-mission-control/2019/10/ - Last Accessed 6/7 2020.
Dimensionality reduction for machine learning based iot botnet detection, H. Bahsi, S. Nomm, and FBL Torre, in 15th International Conference on Control, Automation, Robotics and Vision, ICARCV 2018, Singapore, November 18-21 , 2018, pp . 1857-1862.
Unsupervised anomaly based botnet detection in iot networks, S. Nomm and H. Bahsi, in 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018, Orlando, FL, USA, December 17-20, 2018, 2018, pp. 1048–1053.
G. Pang, C. Shen, L. Cao, and A. Van Den Hengel, “Deep Learning for Anomaly Detection: A Review,” ACM Computing Surveys, vol. 54, no. 2. Association for Computing Machinery, Apr. 01, 2021, doi: 10.1145/3439950.
R. Kumar and R. Verma, (2012), “Classification algorithms for data mining: A survey”, International Journal of Innovations in Engineering and Technology (IJIET), [7-14].
Adnan Mohsin Abdulazeez, (2021), “Classification Based on Decision Tree Algorithm for Machine Learning”, Journal of Applied Science and Technology Trends.
Dianne SV Medeiros; Helio N. Cunha Neto; Martin Andreoni Lopez, (2020), “A survey on data analysis on large-Scale wireless networks: online stream processing, trends, and challenges”, Journal of Internet Services and Applications.
Haruna Isah; Tariq Abughofa; Sazia Mahfuz; Dharmitha Ajerla; Farhana Zulkernine; Shahzad Khan, (2019), “A Survey of Distributed Data Stream Processing Frameworks”, IEEE Access, 7, 154300 – 154316.
Meijuan Gao, Jingwen Tian, Mingping Xia, Intrusion Detection Method Based on Classify Support Vector Machine , secondInternational Conference on Intelligent Computation Technology and Automation, ICICTA ’09, vol. 2, pp. 391-394.
BHUYAN, Monowar H.; BHATTACHARYYA, Dhruba K.; KALITA, Jugal K, AOCD: An Adaptive Outlier Based Coordinated Scan Detection Approach , IJ Network Security, 2012, 14.6: 339-351.
Chao Wang, Bailing Wang, Hongri Liu, Haikuo, Anomaly Detection for Industrial Control System Based on Autoencoder Neural Network, 2020, Wireless Communications and Mobile Computing.
Nguyen Viet Hung, Nguyen Van Quan, Le Thi Trang Linh, Shone Nathan, (2018), “Using Deep Learning Model for Network Scanning Detection”, ICFET ‘18: Proceedings of the 4th International Conference on Frontiers of Educational Technologies , [117-121].
Xavier Glorot, Yoshua Bengio, (2010), “Understanding the difficulty of training deep feedforward neural networks”, Journal of Machine Learning Research 9, [249-256].
JIRSIK, T., CERMAK, M., TOVARNAK, D., et al. “Toward Stream-Based IP
Flow Analysis”, IEEE Communications Magazine, v. 55, n. 7, pp. 70-76,
ISSN: 0163-6804. doi: 10.1109/MCOM.2017.1600972.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).