Cargando…
A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2020
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472141/ https://www.ncbi.nlm.nih.gov/pubmed/32824187 http://dx.doi.org/10.3390/s20164583 |
_version_ | 1783578920464941056 |
---|---|
author | Dutta, Vibekananda Choraś, Michał Pawlicki, Marek Kozik, Rafał |
author_facet | Dutta, Vibekananda Choraś, Michał Pawlicki, Marek Kozik, Rafał |
author_sort | Dutta, Vibekananda |
collection | PubMed |
description | Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection. |
format | Online Article Text |
id | pubmed-7472141 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2020 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-74721412020-09-04 A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection Dutta, Vibekananda Choraś, Michał Pawlicki, Marek Kozik, Rafał Sensors (Basel) Article Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection. MDPI 2020-08-15 /pmc/articles/PMC7472141/ /pubmed/32824187 http://dx.doi.org/10.3390/s20164583 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Dutta, Vibekananda Choraś, Michał Pawlicki, Marek Kozik, Rafał A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title | A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title_full | A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title_fullStr | A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title_full_unstemmed | A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title_short | A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection |
title_sort | deep learning ensemble for network anomaly and cyber-attack detection |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472141/ https://www.ncbi.nlm.nih.gov/pubmed/32824187 http://dx.doi.org/10.3390/s20164583 |
work_keys_str_mv | AT duttavibekananda adeeplearningensemblefornetworkanomalyandcyberattackdetection AT chorasmichał adeeplearningensemblefornetworkanomalyandcyberattackdetection AT pawlickimarek adeeplearningensemblefornetworkanomalyandcyberattackdetection AT kozikrafał adeeplearningensemblefornetworkanomalyandcyberattackdetection AT duttavibekananda deeplearningensemblefornetworkanomalyandcyberattackdetection AT chorasmichał deeplearningensemblefornetworkanomalyandcyberattackdetection AT pawlickimarek deeplearningensemblefornetworkanomalyandcyberattackdetection AT kozikrafał deeplearningensemblefornetworkanomalyandcyberattackdetection |