Projects per year
Abstract
The Internet has become a prime subject of security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption, theft, etc. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing network traffic. State-of-the-art IDSs are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we extend our early-detection IDS proposed in our previous work. The tool can detect network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. In this work, we employ different deep neural network architectures for attack identification and compare their performances. The deep neural networks are trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we empirically evaluate our tool on two datasets from different domains: CICIDS2017 from the web application domain and the MQTT-IDS-2020 dataset from the IoT domain. The results show that our approach performed well and attained a high overall balanced accuracy.
Original language | English |
---|---|
Title of host publication | CyberSecurity in a DevOps Environment |
Subtitle of host publication | From Requirements to Monitoring |
Editors | Andrey Sadovykh, Dragos Truscan, Wissam Mallouli, Ana Rosa Cavalli, Cristina Seceleanu, Alessandra Bagnato |
Publisher | Springer |
Chapter | 8 |
Pages | 225-251 |
ISBN (Electronic) | 978-3-031-42212-6 |
ISBN (Print) | 978-3-031-42211-9 |
DOIs | |
Publication status | Published - Dec 2023 |
MoE publication type | A3 Part of a book or another research book |
Keywords
- Convolution Neural Network (CNN)
- Gated Recurrent Net- work (GRU)
- Intrusion Detection System (IDS)
- Early detection
Fingerprint
Dive into the research topics of 'EARLY: A Tool for Real-Time Security Attack Detection'. Together they form a unique fingerprint.Projects
- 1 Finished
-
VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D. (Principal Investigator), Porres Paltor, I. (Co-Principal Investigator), Ashraf, A. (Principal Investigator), Ahmad, T. (Co-Investigator), Chariyarupadannayil Sudheerbabu, G. (Co-Investigator) & Chapagain, S. (Principal Investigator)
01/10/20 → 31/01/24
Project: EU