Pendekatan unsupervised untuk Mendeteksi Serangan Tingkat Rendah pada Jaringan Komputer
DOI:
https://doi.org/10.28926/briliant.v7i2.1004Keywords:
Deteksi intrusi, deep learning, serangan tingkat rendahAbstract
Serangan tingkat rendah merupakan serangan yang diam-diam masuk ke dalam system tanpa mengirimkan paket-paket dalam jumlah besar. Contoh dari serangan jenis ini adalah exploit, backdoors, dan worms. Untuk mencegah serangan jenis ini, kami mengusulkan system deteksi intrusi dengan menggunakan Recurrent Neural Network dan Autoencoders.
Pendekatan unsupervised yang diusulkan mampu mengidentifikasi serangan tingkat rendah dalam koneksi jaringan, mengesampingkan persyaratan untuk menyediakan sampel berbahaya untuk data pelatihan. Pendekatan yang diusulkan memberikan peningkatan detection rate setidaknya 12,04% dari penelitian sebelumnya.
References
Anastassiou, G. A. (2011). Multivariate hyperbolic tangent neural network approximation. Computers & Mathematics with Applications, 61, 809–821.
Ariu, D.;Tronci, R.;& Giacinto, G. (2011). HMMPayl: An intrusion detection system based on Hidden Markov Models. computers & security, 30, 221–241.
Bolzoni, D.;Etalle, S.;& Hartel, P. (2006). POSEIDON: a 2-tier anomaly-based network intrusion detection system. Fourth IEEE International Workshop on Information Assurance (IWIA'06), (ss. 10–pp).
Bortolameotti, R.;van Ede, T.;Caselli, M.;Everts, M. H.;Hartel, P.;Hofstede, R.;. . . Peter, A. (2017). Decanter: Detection of anomalous outbound http traffic by passive application fingerprinting. Proceedings of the 33rd Annual Computer Security Applications Conference, (ss. 373–386).
Carrasco, R. S.;& Sicilia, M.-A. (2018). Unsupervised intrusion detection through skip-gram models of network behavior. Computers & Security, 78, 187–197.
Chiba, Z.;Abghour, N.;Moussaid, K.;El Omri, A.;& Rida, M. (2018). A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Computers & Security, 75, 36–58.
Chitrakar, R.;& Huang, C. (2014). Selection of candidate support vectors in incremental SVM for network intrusion detection. computers & security, 45, 231–241.
Chung, J.;Gulcehre, C.;Cho, K.;& Bengio, Y. (2014). Empirical evaluation of gated recurrent neural networks on sequence modeling. NIPS 2014 Workshop on Deep Learning, December 2014.
CVE-2014-6271. (2014). CVE-2014-6271. Noudettu osoitteesta https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
CVE-2019-1619. (2019). CVE-2019-1619. Noudettu osoitteesta https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1619
d'Agostino, R. B. (1971). An omnibus test of normality for moderate and large size samples. Biometrika, 58, 341–348.
Davis, J. J.;& Clark, A. J. (2011). Data preprocessing for anomaly based network intrusion detection: A review. Computers & Security, 30, 353–375.
Diez, D. M.;Barr, C. D.;& Cetinkaya-Rundel, M. (2012). OpenIntro statistics. CreateSpace.
Elkhadir, Z.;& Mohammed, B. (2019). A cyber network attack detection based on GM Median Nearest Neighbors LDA. Computers & Security.
Feng, C.;Li, T.;& Chana, D. (2017). Multi-level anomaly detection in industrial control systems via package signatures and lstm networks. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), (ss. 261–272).
Glorot, X.;Bordes, A.;& Bengio, Y. (2011). Deep sparse rectifier neural networks. Proceedings of the fourteenth international conference on artificial intelligence and statistics, (ss. 315–323).
Goodfellow, I.;Bengio, Y.;& Courville, A. (2016). Deep Learning. MIT Press.
Hadžiosmanović, D.;Simionato, L.;Bolzoni, D.;Zambon, E.;& Etalle, S. (2012). N-gram against the machine: On the feasibility of the n-gram network analysis for binary protocols. International Workshop on Recent Advances in Intrusion Detection, (ss. 354–373).
Hamed, T.;Dara, R.;& Kremer, S. C. (2018). Network intrusion detection system based on recursive feature addition and bigram technique. Computers & Security, 73, 137–155.
Hao, Y.;Sheng, Y.;& Wang, J. (2019). Variant gated recurrent units with encoders to preprocess packets for payload-aware intrusion detection. IEEE Access, 7, 49985–49998.
Hawkins, S.;He, H.;Williams, G.;& Baxter, R. (2002). Outlier detection using replicator neural networks. International Conference on Data Warehousing and Knowledge Discovery, (ss. 170–180).
Hochreiter, S.;& Schmidhuber, J. (1997). Long short-term memory. Neural computation, 9, 1735–1780.
Hubert, M.;& Vandervieren, E. (2008). An adjusted boxplot for skewed distributions. Computational statistics & data analysis, 52, 5186–5201.
Iglewicz, B.;& Hoaglin, D. C. (1993). How to detect and handle outliers (Osa/vuosik. 16). Asq Press.
Keras: The Python Deep Learning library. (ei pvm). Keras: The Python Deep Learning library. Noudettu osoitteesta https://keras.io/
Khammassi, C.;& Krichen, S. (2017). A GA-LR wrapper approach for feature selection in network intrusion detection. computers & security, 70, 255–277.
LeCun, Y.;Bengio, Y.;& Hinton, G. (2015). Deep learning. nature, 521, 436–444.
Liu, H.;Lang, B.;Liu, M.;& Yan, H. (2019). CNN and RNN based payload classification methods for attack detection. Knowledge-Based Systems, 163, 332–341.
Malhotra, P.;Vig, L.;Shroff, G.;& Agarwal, P. (2015). Long short term memory networks for anomaly detection in time series. Proceedings, 89.
Mirsky, Y.;Doitshman, T.;Elovici, Y.;& Shabtai, A. (2018). Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. machine learning, 5, 2.
Mitrecnd. (July 2014). PyNIDS. PyNIDS. Noudettu osoitteesta https://github.com/MITRECND/pynids
Moustafa, N.;& Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Military Communications and Information Systems Conference (MilCIS), 2015, (ss. 1–6).
Oza, A.;Ross, K.;Low, R. M.;& Stamp, M. (2014). HTTP attack detection using n-gram analysis. Computers & Security, 45, 242–254.
Pearson, E. S.;D ‘‘'AGOSTINO, R. B.;& Bowman, K. O. (1977). Tests for departure from normality: Comparison of powers. Biometrika, 64, 231–246.
Perdisci, R.;Ariu, D.;Fogla, P.;Giacinto, G.;& Lee, W. (2009). McPAD: A multiple classifier system for accurate payload-based anomaly detection. Computer Networks, 53, 864–881.
Qin, Z.-Q.;Ma, X.-K.;& Wang, Y.-J. (2018). Attentional Payload Anomaly Detector for Web Applications. International Conference on Neural Information Processing, (ss. 588–599).
Rieck, K.;& Laskov, P. (2007). Language models for detection of unknown attacks in network traffic. Journal in Computer Virology, 2, 243–256.
Shen, M.;Wei, M.;Zhu, L.;& Wang, M. (2017). Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Transactions on Information Forensics and Security, 12, 1830–1843.
Sommer, R.;& Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. 2010 IEEE symposium on security and privacy, (ss. 305–316).
Swarnkar, M.;& Hubballi, N. (2016). OCPAD: One class Naive Bayes classifier for payload based anomaly detection. Expert Systems with Applications, 64, 330–339.
Transmission Control Protocol. (1981). Transmission Control Protocol. Noudettu osoitteesta https://tools.ietf.org/html/rfc793
Wang, K.;& Stolfo, S. J. (2004). Anomalous Payload-Based Network Intrusion Detection. Teoksessa E. Jonsson;A. Valdes;& M. Almgren (Toim.), Recent Advances in Intrusion Detection: 7th International Symposium, RAID 2004, Sophia Antipolis, France, September 15 - 17, 2004. Proceedings (ss. 203–222). Berlin: Springer Berlin Heidelberg. doi:10.1007/978-3-540-30143-1_11
Wang, K.;Parekh, J. J.;& Stolfo, S. J. (2006). Anagram: A content anomaly detector resistant to mimicry attack. International Workshop on Recent Advances in Intrusion Detection, (ss. 226–248).
Wang, W.;Liu, J.;Pitsilis, G.;& Zhang, X. (2018). Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences, 433, 417–430.
Whalen, S.;Boggs, N.;& Stolfo, S. J. (2014). Model aggregation for distributed content anomaly detection. Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, (ss. 61–71).
Wressnegger, C.;Schwenk, G.;Arp, D.;& Rieck, K. (2013). A close look on n-grams in intrusion detection: anomaly detection vs. classification. Proceedings of the 2013 ACM workshop on Artificial intelligence and security, (ss. 67–76).
Xiang, J.;Westerlund, M.;Sovilj, D.;& Pulkkis, G. (2014). Using extreme learning machine for intrusion detection in a big data environment. Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, (ss. 73–82).
Zeiler, M. D. (2012). ADADELTA: an adaptive learning rate method. arXiv preprint arXiv:1212.5701.