Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning

Tanwir Ahmad; Dragos Truscan

doi:10.1109/csr57506.2023.10224923

Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning

Tanwir Ahmad, Dragos Truscan

Information Technology

Research output: Chapter in Book/Conference proceeding › Conference contribution › Scientific › peer-review

1 Citation (Scopus)

44 Downloads (Pure)

Abstract

We present a deep-learning (DL) anomaly-based Intrusion Detection System (IDS) for networked systems, which is able to detect in realtime anomalous network traffic corresponding to security attacks while they are ongoing. Compared to similar approaches, our IDS does not require a fixed number of network packets to analyze in order to make a decision on the type of traffic and it utilizes a more compact neural network which improves its realtime performance. As shown in the experiments using the CICIDS2017 and USTC-TFC-2016 datasets, the approach is able to detect anomalous traffic with high precision and recall. In addition, the approach is able to classify the network traffic by using only a very small portion of the network flows.

Original language	English
Title of host publication	2023 IEEE International Conference on Cyber Security and Resilience (CSR)
Publisher	IEEE
ISBN (Print)	979-8-3503-1171-6
DOIs	https://doi.org/10.1109/csr57506.2023.10224923
Publication status	Published - Aug 2023
MoE publication type	A4 Article in a conference publication
Event	IEEE International Conference on Cyber Security and Resilience - Duration: 31 Jul 2023 → …

Conference

Conference	IEEE International Conference on Cyber Security and Resilience
Abbreviated title	CSR
Period	31/07/23 → …

Keywords

Deep Learning
Anomaly detection
early detection
Intrusion Detection

Access to Document

10.1109/csr57506.2023.10224923

early anomaly detectionAccepted author manuscript, 559 KBLicence: Publisher rights policy

https://urn.fi/URN:NBN:fi-fe20230918129575

Cite this

@inproceedings{8e8bfe09955542938fe5450d7a157e25,

title = "Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning",

abstract = "We present a deep-learning (DL) anomaly-based Intrusion Detection System (IDS) for networked systems, which is able to detect in realtime anomalous network traffic corresponding to security attacks while they are ongoing. Compared to similar approaches, our IDS does not require a fixed number of network packets to analyze in order to make a decision on the type of traffic and it utilizes a more compact neural network which improves its realtime performance. As shown in the experiments using the CICIDS2017 and USTC-TFC-2016 datasets, the approach is able to detect anomalous traffic with high precision and recall. In addition, the approach is able to classify the network traffic by using only a very small portion of the network flows.",

keywords = "Deep Learning, Anomaly detection, early detection, Intrusion Detection",

author = "Tanwir Ahmad and Dragos Truscan",

year = "2023",

month = aug,

doi = "10.1109/csr57506.2023.10224923",

language = "English",

isbn = "979-8-3503-1171-6",

booktitle = "2023 IEEE International Conference on Cyber Security and Resilience (CSR)",

publisher = "IEEE",

address = "United States",

note = "IEEE International Conference on Cyber Security and Resilience, CSR ; Conference date: 31-07-2023",

}

TY - GEN

T1 - Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning

AU - Ahmad, Tanwir

AU - Truscan, Dragos

PY - 2023/8

Y1 - 2023/8

N2 - We present a deep-learning (DL) anomaly-based Intrusion Detection System (IDS) for networked systems, which is able to detect in realtime anomalous network traffic corresponding to security attacks while they are ongoing. Compared to similar approaches, our IDS does not require a fixed number of network packets to analyze in order to make a decision on the type of traffic and it utilizes a more compact neural network which improves its realtime performance. As shown in the experiments using the CICIDS2017 and USTC-TFC-2016 datasets, the approach is able to detect anomalous traffic with high precision and recall. In addition, the approach is able to classify the network traffic by using only a very small portion of the network flows.

AB - We present a deep-learning (DL) anomaly-based Intrusion Detection System (IDS) for networked systems, which is able to detect in realtime anomalous network traffic corresponding to security attacks while they are ongoing. Compared to similar approaches, our IDS does not require a fixed number of network packets to analyze in order to make a decision on the type of traffic and it utilizes a more compact neural network which improves its realtime performance. As shown in the experiments using the CICIDS2017 and USTC-TFC-2016 datasets, the approach is able to detect anomalous traffic with high precision and recall. In addition, the approach is able to classify the network traffic by using only a very small portion of the network flows.

KW - Deep Learning

KW - Anomaly detection

KW - early detection

KW - Intrusion Detection

U2 - 10.1109/csr57506.2023.10224923

DO - 10.1109/csr57506.2023.10224923

M3 - Conference contribution

SN - 979-8-3503-1171-6

BT - 2023 IEEE International Conference on Cyber Security and Resilience (CSR)

PB - IEEE

T2 - IEEE International Conference on Cyber Security and Resilience

Y2 - 31 July 2023

ER -

Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this