Abstrakti
In previous work, we proposed an end-to-end early intrusion detection system to identify network attacks in real-time before they complete and could cause more damage to the system under attack. To implement the approach, we have trained a Convolution Neural Network (CNN) model with an attention mechanism in a supervised manner to extract relevant features from raw network traffic in order to classify network flows into different types of attacks. In this preliminary work, we discuss and compare the results of using the Recurrent Neural Network (RNN) model with an attention mechanism to detect the attacks earlier. Furthermore, the model not only classifies the given flow but also ranks the packets in the flow with respect to their importance for prediction. This ranking can be used for further investigation of the detected network attacks. We empirically evaluate our approach on the CICIDS2017 dataset. Preliminary results show that the RNN model with an attention mechanism can achieve better classification performance than our previous work with the CNN model.
| Alkuperäiskieli | Englanti |
|---|---|
| Otsikko | Proceedings - 2024 IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2024 |
| Kustantaja | IEEE |
| Sivut | 161-167 |
| ISBN (elektroninen) | 979-8-3503-4479-0 |
| ISBN (painettu) | 979-8-3503-4479-0 |
| DOI - pysyväislinkit | |
| Tila | Julkaistu - 2024 |
| OKM-julkaisutyyppi | A4 Artikkeli konferenssijulkaisuussa |
| Tapahtuma | IEEE International Conference on Software Testing Verification and Validation Workshop - Kesto: 27 toukok. 2024 → … |
Julkaisusarja
| Nimi | Proceedings - 2024 IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2024 |
|---|
Konferenssi
| Konferenssi | IEEE International Conference on Software Testing Verification and Validation Workshop |
|---|---|
| Lyhennettä | ICSTW |
| Ajanjakso | 27/05/24 → … |
Rahoitus
This work was made possible with funding from the European Union's Horizon 2020 research and innovation programme, under grant agreements No. 957212 (VeriDevOps) and from ECSEL Joint Undertaking (JU) under grant agreement No. 101007350 (AIDOaRT). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.
Sormenjälki
Sukella tutkimusaiheisiin 'Early Detection with Explainability of Network Attacks Using Deep Learning'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.-
VST: Virtual Sea Trial
Truscan, D. (Vastuullinen tutkija), Hellström, M. (Vastuullinen tutkija), Porres Paltor, I. (CoPI), Ahmad, T. (CoI), Chariyarupadannayil Sudheerbabu, G. (Projektityöntekijä), Yaseen, A. (Projektityöntekijä), Khan, S. (Projektityöntekijä) & Mughees, A. (Projektityöntekijä)
01/01/24 → 31/12/26
Projekti: Industry/Business Finland
-
AIDOaRT
Porres Paltor, I. (Vastuullinen tutkija), Truscan, D. (CoPI), Nybom, K. (CoI), Logacheva, E. (CoI), Winsten, J. (CoI) & Peltomäki, J. (CoI)
01/04/21 → 30/09/24
Projekti: EU
-
VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D. (Vastuullinen tutkija), Porres Paltor, I. (CoPI), Ashraf, A. (Vastuullinen tutkija), Ahmad, T. (CoI), Chariyarupadannayil Sudheerbabu, G. (CoI) & Chapagain, S. (Vastuullinen tutkija)
01/10/20 → 31/01/24
Projekti: EU
Palkinnot
-
Best Paper Award
Ahmad, T. (Vastaanottaja) & Truscan, D. (Vastaanottaja), 2024
Palkinto: Palkinto tai huomionosoitus tuotoksesta
Viittausmuodot
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver