Cargando…
DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic
With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted....
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2022
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9227447/ https://www.ncbi.nlm.nih.gov/pubmed/35746191 http://dx.doi.org/10.3390/s22124405 |
_version_ | 1784734179328524288 |
---|---|
author | Yoshimura, Naoto Kuzuno, Hiroki Shiraishi, Yoshiaki Morii, Masakatu |
author_facet | Yoshimura, Naoto Kuzuno, Hiroki Shiraishi, Yoshiaki Morii, Masakatu |
author_sort | Yoshimura, Naoto |
collection | PubMed |
description | With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many machine learning and deep learning-based methods require significant effort to design the detection feature values, extract the feature values from network packets, and acquire the labeled data used for model training. To solve the aforementioned problems, this paper proposes a new model called DOC-IDS, which is an intrusion detection system based on Perera’s deep one-class classification. The DOC-IDS, which comprises a pair of one-dimensional convolutional neural networks and an autoencoder, uses three different loss functions for training. Although, in general, only regular traffic from the computer network subject to detection is used for anomaly detection training, the DOC-IDS also uses multi-class labeled traffic from open datasets for feature extraction. Therefore, by streamlining the classification task on multi-class labeled traffic, we can obtain a feature representation with highly enhanced data discrimination abilities. Simultaneously, we perform variance minimization in the feature space, even on regular traffic, to further improve the model’s ability to discriminate between normal and abnormal traffic. The DOC-IDS is a single deep learning model that can automatically perform feature extraction and anomaly detection. This paper also reports experiments for evaluating the anomaly detection performance of the DOC-IDS. The results suggest that the DOC-IDS offers higher anomaly detection performance while reducing the load resulting from the design and extraction of feature values. |
format | Online Article Text |
id | pubmed-9227447 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2022 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-92274472022-06-25 DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic Yoshimura, Naoto Kuzuno, Hiroki Shiraishi, Yoshiaki Morii, Masakatu Sensors (Basel) Article With the growing diversity of cyberattacks in recent years, anomaly-based intrusion detection systems that can detect unknown attacks have attracted significant attention. Furthermore, a wide range of studies on anomaly detection using machine learning and deep learning methods have been conducted. However, many machine learning and deep learning-based methods require significant effort to design the detection feature values, extract the feature values from network packets, and acquire the labeled data used for model training. To solve the aforementioned problems, this paper proposes a new model called DOC-IDS, which is an intrusion detection system based on Perera’s deep one-class classification. The DOC-IDS, which comprises a pair of one-dimensional convolutional neural networks and an autoencoder, uses three different loss functions for training. Although, in general, only regular traffic from the computer network subject to detection is used for anomaly detection training, the DOC-IDS also uses multi-class labeled traffic from open datasets for feature extraction. Therefore, by streamlining the classification task on multi-class labeled traffic, we can obtain a feature representation with highly enhanced data discrimination abilities. Simultaneously, we perform variance minimization in the feature space, even on regular traffic, to further improve the model’s ability to discriminate between normal and abnormal traffic. The DOC-IDS is a single deep learning model that can automatically perform feature extraction and anomaly detection. This paper also reports experiments for evaluating the anomaly detection performance of the DOC-IDS. The results suggest that the DOC-IDS offers higher anomaly detection performance while reducing the load resulting from the design and extraction of feature values. MDPI 2022-06-10 /pmc/articles/PMC9227447/ /pubmed/35746191 http://dx.doi.org/10.3390/s22124405 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Yoshimura, Naoto Kuzuno, Hiroki Shiraishi, Yoshiaki Morii, Masakatu DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title | DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title_full | DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title_fullStr | DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title_full_unstemmed | DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title_short | DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic |
title_sort | doc-ids: a deep learning-based method for feature extraction and anomaly detection in network traffic |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9227447/ https://www.ncbi.nlm.nih.gov/pubmed/35746191 http://dx.doi.org/10.3390/s22124405 |
work_keys_str_mv | AT yoshimuranaoto docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic AT kuzunohiroki docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic AT shiraishiyoshiaki docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic AT moriimasakatu docidsadeeplearningbasedmethodforfeatureextractionandanomalydetectioninnetworktraffic |