EARLY: A Tool for Real-Time Security Attack Detection

Forskningsoutput: Kapitel i bok/konferenshandlingKapitelVetenskapligPeer review

30 Nedladdningar (Pure)


The Internet has become a prime subject of security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption, theft, etc. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing network traffic. State-of-the-art IDSs are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we extend our early-detection IDS proposed in our previous work. The tool can detect network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. In this work, we employ different deep neural network architectures for attack identification and compare their performances. The deep neural networks are trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we empirically evaluate our tool on two datasets from different domains: CICIDS2017 from the web application domain and the MQTT-IDS-2020 dataset from the IoT domain. The results show that our approach performed well and attained a high overall balanced accuracy.
Titel på värdpublikationCyberSecurity in a DevOps Environment
Undertitel på värdpublikationFrom Requirements to Monitoring
RedaktörerAndrey Sadovykh, Dragos Truscan, Wissam Mallouli, Ana Rosa Cavalli, Cristina Seceleanu, Alessandra Bagnato
ISBN (elektroniskt)978-3-031-42212-6
ISBN (tryckt)978-3-031-42211-9
StatusPublicerad - dec. 2023
MoE-publikationstypA3 Del av bok eller annan forskningsbok


Fördjupa i forskningsämnen för ”EARLY: A Tool for Real-Time Security Attack Detection”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här