Generic placeholder image

Recent Advances in Computer Science and Communications

Author(s): Lingjing Kong*, Ying Zhou and Huijing Wang

DOI: 10.2174/2666255816666220920112251

DownloadDownload PDF Flyer Cite As
A Robust and Effective Anomaly Detection Model for Identifying Unknown Network Traffic

Article ID: e200922208975 Pages: 9

  • * (Excluding Mailing and Handling)

Abstract

Background: Network security is getting more serious and has attracted much attention in recent years. Anomaly detection is an important technology to identify bad network flows and protect the network, which has been a hot topic in the network security field. However, in an anomaly detection system, the unknown network flows are always identified as some known flows in the existing solutions, which results in poorer identification performance.

Objective: Aiming at detecting unknown flows and improving the detection performance, based on the KDD’99 dataset from a simulated real network environment, we analyzed the dataset and the main factors which affect the accuracy, and proposed a more robust and effective anomaly detection model (READM) to improve the accuracy of the detection.

Methods: Based on unknown flows determination, the extra unknown type class is trained by neural network and identified by deep inspection method. Then, the identification result for unknown class will be updated to the detection system. Finally, the newly proposed robust and effective anomaly detection model (READM) is constructed and validated.

Results: Through experiments comparison and analysis, the results indicate that READM achieves higher detection accuracy and less prediction time, which proves more efficient and shows better performance.

Conclusion: Our study found that the existence of unknown flows always results in error detection and becomes the main factor influencing the detection performance. So, we propose a robust and effective anomaly detection model based on the construction and training of the extra unknown traffic class. Through the comparison of three experiments with different ways of thinking, it is proved that READM improves detection accuracy and reduces prediction time. Besides, after comparing with other solutions, it also shows better performance and has great application value in this field.

Keywords: Robust, anomaly detection, unknown network, traffic, identification, READM

Graphical Abstract

[1]
Statista. Global digital population 2022. Available from: https://www.statista.com/statistics/617136/digitalpopulation-worldwide/ (Accessed on: 10. 18, 2021).
[2]
Cisco. Cisco Visual Networking Index: Forecast and Trends, 2017- 2022, Available from: https://cyrekdigital.com/uploads/content/files/white-paper-c11-741490.pdf (Accessed on: 10. 18, 2021).
[3]
Varonis. The world in data breaches, 2020. Available from: https://www.varonis.com/blog/the-world-in-data-breaches/ (Accessed: 10. 18, 2021).
[4]
Risk based security. 2019 MidYear quickview data breach report, 2019 Available from: https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report (Accessed: 10. 18, 2021).
[5]
H. Hindy, D. Brosset, E. Bayne, A.K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens, "A taxonomy of network threats and the effect of current datasets on intrusion detection systems", IEEE Access, vol. 8, pp. 104650-104675, 2020.
[http://dx.doi.org/10.1109/ACCESS.2020.3000179]
[6]
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: Techniques, datasets and challenges", Cybersecurity, vol. 2, no. 1, p. 20, 2019.
[http://dx.doi.org/10.1186/s42400-019-0038-7]
[7]
M. Cotton, L. Eggert, and J. Touch, "Internet assigned numbers authority (iana) procedures for the management of the service name and transport protocol port number registry", Technical Report RFC, p. 6335, 2011.
[http://dx.doi.org/10.17487/rfc6335]
[8]
A. Madhukar, and C. Williamson, "A longitudinal study of P2P traffic classification", In the 14th IEEE International Symposium on Modeling, Analysis, and Simulation, Sept 11-14, 2006, Monterey, CA, USA, pp. 179-188, 2006.
[http://dx.doi.org/10.1109/MASCOTS.2006.6]
[9]
S. Sen, O. Spatscheck, and D. Wang, "Accurate, scalable in-network identification of p2p traffic using application signatures", In the Proceedings of the 13th International Conference on World Wide Web, May 17, 2004,, New York, NY, United States,, 2004, pp. 512-521
[http://dx.doi.org/10.1145/988672.988742]
[10]
T.S. Choi, C.H. Kim, and S. Yoon, "Content-aware internet application traffic measurement and analysis", In the IEEE/IFIP Network Operations and Management Symposium, Apr 23, 2004,, Seoul, Korea (South),, 2004, pp. 511-524
[http://dx.doi.org/10.1109/NOMS.2004.1317737]
[11]
N. Keegan, S.Y. Ji, A. Chaudhary, C. Concolato, B. Yu, and D.H. Jeong, "A survey of cloud-based network intrusion detection analysis", Human-centric Comput. Inform.. Sci., vol. 6, no. 1, p. 19, 2016.
[http://dx.doi.org/10.1186/s13673-016-0076-z]
[12]
J. Frank, "Artificial intelligence and intrusion detection: Current and future directions", In the Proceedings of the 17th national computer security conference, Oct 11, 1994,, Baltimore, Maryland, United States,, 1994, pp. 1-12
[13]
K. Leung, and C. Leckie, "Unsupervised anomaly detection in network intrusion detection using clusters", In Proceedings Twenty-Eighth Australasian Computer Science Conference (ACSC2005) Jan 20, 2012, Newcastle, Australia, vol. 38, 2012, pp. 333-342.
[14]
F. Jemili, M. Zaghdoud, and A. Ben, "A framework for an adaptive intrusion detection system using Bayesian network", 2007 IEEE Intelligence and Security Informatics, May 23-24, 2007,, New Brunswick, NJ, USA,, 2007, pp. 66-70.
[http://dx.doi.org/10.1109/ISI.2007.379535]
[15]
N. Farnaaz, and M.A. Jabbar, Random forest modeling for network intrusion detection system.In Procedia Computer Science, Elsevier,, vol. 89. 2016, pp. 213-217.
[16]
A. Akyol, M. Hacibeyoğlu, and B. Karlik,, "Design of multilevel hybrid classifier with variant feature sets for intrusion detection system", IEICE Trans. Inf. Syst., vol. E99, no. 7, pp. 1810-1821, 2016.
[http://dx.doi.org/10.1587/transinf.2015EDP7357]
[17]
L.J. Kong, G.W. Huang, and K.K. Wu, "Identification of abnormal network traffic using support vector machine", 18th International Conference on Parallel and Distributed Computing, Application and Technologies Dec 18-20, 2017 Taipei, Taiwan, pp. 288-292, 2017.
[http://dx.doi.org/10.1109/PDCAT.2017.00054]
[18]
Q. Niyaz, W.Q. Sun, and A.Y. Javaid, "A deep learning approach for network intrusion detection system", BICT'15: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), Dec 3 - 5, 2015,, New York, United States,, 2015, pp. 21-26.
[19]
T. Ma, F. Wang, and J.J. Cheng, "A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks", Sensors , vol. 16, no. 10, p. 1701, 2016.
[20]
KDD’99 competition dataset, 1999 Available from:http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html(Accessed on: 10. 18, 2021).
[21]
Y. Xin, L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang, "Machine learning and deep learning methods for cybersecurity", IEEE Access, vol. 6, pp. 35365-35381, 2018.
[http://dx.doi.org/10.1109/ACCESS.2018.2836950]
[22]
M. Moradi, and M. Zulkernine, "A neural network based system for intrusion detection and classification of attacks", IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, Oct 12-14, 2022, Warsaw, Poland.pp. 1-4, 2004.,
[23]
M.A. Siddiqui, High performance data mining techniques for intrusion detection, MSc. Thesis, University of Engineering & Technology, School of Computer Science, College of Engineering & Computer Science at the University of Central Florida, 2004.
[24]
L.M. Ibrahim, D.T. Basheer, and M.S. Mahmod, "A Comparison study for intrusion database (KDD99, NSL-KDD) based on Self Organization Map (SOM) artificial neural network", J. Engin. Sci. Technol., vol. 8, pp. 107-119, 2013.
[25]
N. Gao, L. Gao, and Q.L. Gao, "An intrusion detection model based on deep belief networks", In the Second International Conference on Advanced cloud and Big Data, IEEE Computer Society, Nov, 20-22, 2014,, Huangshan, China,, 2015.