Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection using Deep Neural Networks

Published byDomenic Butler Modified over 6 years ago

Similar presentations

Presentation on theme: "Intrusion Detection using Deep Neural Networks"— Presentation transcript:

1 Intrusion Detection using Deep Neural Networks
Milad Ghaznavi

2 Outline Introduction Dataset Multi Layer Perceptron
Convolutional Neural Network Evaluation Related Work Conclusion

3 Introduction Intrusion Detection Background

4 DDoS attack an example of intrusion
Intrusion Detection Definition Example Intrusion = Malicious activity + Policy violation DDoS attack an example of intrusion

5 Background Misuse Detection Anomaly Detection
Training based on labeled data Rich literature using different approaches Data-mining Classification Rare class predictive models Association rules No labeled data Building the normal behavior of the network Detection of the deviation from the normal behavior

6 Background - Continue Advantage Disadvantage Misuse Detection
Accurate Detection Less false positive Cannot Detect unknown attacks Anomaly Detection Detection of the unknown attacks High false positive Limited by training data

7 Dataset Overview OF ISCX Dataset Features OF ISCX Dataset

8 Overview OF ISCX Dataset
7 Days Traffic from July 11, 2010 to July 17, 2010 Normal Bruteforce + Infiltrating HTTP DDoS DDoS Bruteforce SSH

9 Features OF ISCX Dataset
Type appName Alphabetic destination IP Address sourcePayloadAsUTF Unicode sensorInterfaceId Numeric sourcePort Port number sourcePayloadAsBase64 protocolName destinationPort destinationPayloadAsBase64 direction totalSourceBytes destinationPayloadAsUTF sourceTCPFlagsDescription totalDestinationBytes startDateTime Datetime destinationTCPFlagsDescription totalSourcePackets stopDateTime source totalDestinationPackets Tag Label Payload Tag Features Payload Tag

10 Multi Layer Perceptron
Dataset Preprocessing Training and Testing Network Designs Results

11 Dataset Preprocessing
Payload is discarded Among 17 features 12 features are selected Are digitized Are normalized Features Payload Tag Normalized Features Tag Digitize Normalize

12 Network Design Hyper Parameters design Optimizer: Adam
Cost function: Soft-max cross entropy Learning rate: 0.001 Input layer 12 Neurons 2 Hidden layers: Changing number of neurons: 4, 6, 8 Activation function: ReLU Output layer Changing number of neurons: 2, 3, 4, 5, 6

13 Training and Testing Training Testing Percentage Epochs: Batch size
50%, 60%, 70%, 80%, 90% Epochs: 10, 20, 30, 40, …, 100 Batch size 1000 Percentage 50%, 40%, 30%, 20%, 10%

14 Results Results for the classification of traffic flows into anomaly and normal A B C

15 Results - Continue Epoch = 80

16 Convolutional Neural Network
Dataset Preprocessing Results Design

17 Dataset Preprocessing
Convert a well-defined value to a byte-vector Convert a payload to byte-vector Features Payload Tag Tag Byte-vector The the payload has different size for each flow The payload size can be very long ?

18 Dataset Preprocessing - Continue
Frequency average Frequency standard deviation

19 Dataset Preprocessing - Continue
Frequency average Frequency standard deviation

20 Dataset Preprocessing - Continue
Create the bag of words Words that are in attack flows and not in normal flows Words whose normalized frequencies are in the range of [avg, avg+std] Compare their normalized frequency in the normal flows Samples in bag of words ERR, ModifiedLast, AdminSection, Login, arpa, HacmeBank_v2_Website, dll, login, OvCgi, anonymousPASS, ManagerWORKGROUP, Apache, Unix, … Words whose normalized frequencies lie this range

21 Dataset Preprocessing - Continue
Features Payload Tag Tag Byte-vector Bag of words

22 Design 15x15 6 1 4 5

23 Results Number of Classes = 6 A B

24 Evaluation Baselines Compared Results

25 Baselines SVM Nearest Neighbor Classifier Decision Tree

26 Compared Results Training Percentage of the Dataset = 70

27 Related Work Summary of Related Work Comparison of Results

28 Summary of Related Work

29 Comparison of Results

30 Conclusion Summary

31 Summary Network Anomaly Detection
Deep learning seems promising in this area

32

Download ppt "Intrusion Detection using Deep Neural Networks"

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Florida International University COP 4770 Introduction of Weka.

Florida International University COP 4770 Introduction of Weka.
Face Recognition: A Convolutional Neural Network Approach

Face Recognition: A Convolutional Neural Network Approach
Scott Wiese ECE 539 Professor Hu

Scott Wiese ECE 539 Professor Hu
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.

Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Anomaly Based Intrusion Detection System

Anomaly Based Intrusion Detection System
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Chapter 5 Data mining : A Closer Look.

Chapter 5 Data mining : A Closer Look.
Machine Learning Usman Roshan Dept. of Computer Science NJIT.

Machine Learning Usman Roshan Dept. of Computer Science NJIT.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )
Review – Backpropagation

Review – Backpropagation
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS:200118258 Technical Seminar Presentation - 2004 by MANOJ KUMAR GANTAYAT.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.
Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.

Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.

1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.
11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,

Similar presentations

Ads by Google