Cargando…

DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic

With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted....

Descripción completa

Detalles Bibliográficos
Autores principales: Yoshimura, Naoto, Kuzuno, Hiroki, Shiraishi, Yoshiaki, Morii, Masakatu
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9227447/
https://www.ncbi.nlm.nih.gov/pubmed/35746191
http://dx.doi.org/10.3390/s22124405
_version_ 1784734179328524288
author Yoshimura, Naoto
Kuzuno, Hiroki
Shiraishi, Yoshiaki
Morii, Masakatu
author_facet Yoshimura, Naoto
Kuzuno, Hiroki
Shiraishi, Yoshiaki
Morii, Masakatu
author_sort Yoshimura, Naoto
collection PubMed
description With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many machine learning and deep learning-based methods require significant effort to design the detection feature values, extract the feature values from network packets, and acquire the labeled data used for model training. To solve the aforementioned problems, this paper proposes a new model called DOC-IDS, which is an intrusion detection system based on Perera’s deep one-class classification. The DOC-IDS, which comprises a pair of one-dimensional convolutional neural networks and an autoencoder, uses three different loss functions for training. Although, in general, only regular traffic from the computer network subject to detection is used for anomaly detection training, the DOC-IDS also uses multi-class labeled traffic from open datasets for feature extraction. Therefore, by streamlining the classification task on multi-class labeled traffic, we can obtain a feature representation with highly enhanced data discrimination abilities. Simultaneously, we perform variance minimization in the feature space, even on regular traffic, to further improve the model’s ability to discriminate between normal and abnormal traffic. The DOC-IDS is a single deep learning model that can automatically perform feature extraction and anomaly detection. This paper also reports experiments for evaluating the anomaly detection performance of the DOC-IDS. The results suggest that the DOC-IDS offers higher anomaly detection performance while reducing the load resulting from the design and extraction of feature values.
format Online
Article
Text
id pubmed-9227447
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-92274472022-06-25 DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic Yoshimura, Naoto Kuzuno, Hiroki Shiraishi, Yoshiaki Morii, Masakatu Sensors (Basel) Article With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many machine learning and deep learning-based methods require significant effort to design the detection feature values, extract the feature values from network packets, and acquire the labeled data used for model training. To solve the aforementioned problems, this paper proposes a new model called DOC-IDS, which is an intrusion detection system based on Perera’s deep one-class classification. The DOC-IDS, which comprises a pair of one-dimensional convolutional neural networks and an autoencoder, uses three different loss functions for training. Although, in general, only regular traffic from the computer network subject to detection is used for anomaly detection training, the DOC-IDS also uses multi-class labeled traffic from open datasets for feature extraction. Therefore, by streamlining the classification task on multi-class labeled traffic, we can obtain a feature representation with highly enhanced data discrimination abilities. Simultaneously, we perform variance minimization in the feature space, even on regular traffic, to further improve the model’s ability to discriminate between normal and abnormal traffic. The DOC-IDS is a single deep learning model that can automatically perform feature extraction and anomaly detection. This paper also reports experiments for evaluating the anomaly detection performance of the DOC-IDS. The results suggest that the DOC-IDS offers higher anomaly detection performance while reducing the load resulting from the design and extraction of feature values. MDPI 2022-06-10 /pmc/articles/PMC9227447/ /pubmed/35746191 http://dx.doi.org/10.3390/s22124405 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Yoshimura, Naoto
Kuzuno, Hiroki
Shiraishi, Yoshiaki
Morii, Masakatu
DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title_full DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title_fullStr DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title_full_unstemmed DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title_short DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
title_sort doc-ids: a deep learning-based method for feature extraction and anomaly detection in network traffic
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9227447/
https://www.ncbi.nlm.nih.gov/pubmed/35746191
http://dx.doi.org/10.3390/s22124405
work_keys_str_mv AT yoshimuranaoto docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic
AT kuzunohiroki docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic
AT shiraishiyoshiaki docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic
AT moriimasakatu docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic