Cargando…

A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection

Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT...

Descripción completa

Detalles Bibliográficos
Autores principales: Dutta, Vibekananda, Choraś, Michał, Pawlicki, Marek, Kozik, Rafał
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472141/
https://www.ncbi.nlm.nih.gov/pubmed/32824187
http://dx.doi.org/10.3390/s20164583
_version_ 1783578920464941056
author Dutta, Vibekananda
Choraś, Michał
Pawlicki, Marek
Kozik, Rafał
author_facet Dutta, Vibekananda
Choraś, Michał
Pawlicki, Marek
Kozik, Rafał
author_sort Dutta, Vibekananda
collection PubMed
description Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection.
format Online
Article
Text
id pubmed-7472141
institution National Center for Biotechnology Information
language English
publishDate 2020
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-74721412020-09-04 A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection Dutta, Vibekananda Choraś, Michał Pawlicki, Marek Kozik, Rafał Sensors (Basel) Article Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection. MDPI 2020-08-15 /pmc/articles/PMC7472141/ /pubmed/32824187 http://dx.doi.org/10.3390/s20164583 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Dutta, Vibekananda
Choraś, Michał
Pawlicki, Marek
Kozik, Rafał
A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title_full A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title_fullStr A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title_full_unstemmed A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title_short A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection
title_sort deep learning ensemble for network anomaly and cyber-attack detection
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472141/
https://www.ncbi.nlm.nih.gov/pubmed/32824187
http://dx.doi.org/10.3390/s20164583
work_keys_str_mv AT duttavibekananda adeeplearningensemblefornetworkanomalyandcyberattackdetection
AT chorasmichał adeeplearningensemblefornetworkanomalyandcyberattackdetection
AT pawlickimarek adeeplearningensemblefornetworkanomalyandcyberattackdetection
AT kozikrafał adeeplearningensemblefornetworkanomalyandcyberattackdetection
AT duttavibekananda deeplearningensemblefornetworkanomalyandcyberattackdetection
AT chorasmichał deeplearningensemblefornetworkanomalyandcyberattackdetection
AT pawlickimarek deeplearningensemblefornetworkanomalyandcyberattackdetection
AT kozikrafał deeplearningensemblefornetworkanomalyandcyberattackdetection