Deep Learning CNN Framework for Detection and Classification of Internet Worms

J. Interconnect. Networks Pub Date : 2022-02-14 DOI:10.1142/s0219265921440242

M. V. Rao, Divya Midhunchakkaravarthy, Sujatha Dandu

{"title":"Deep Learning CNN Framework for Detection and Classification of Internet Worms","authors":"M. V. Rao, Divya Midhunchakkaravarthy, Sujatha Dandu","doi":"10.1142/s0219265921440242","DOIUrl":null,"url":null,"abstract":"A worm is a standalone program, which is self-replicating malware that distributes itself to other computers and networks. An Internet worm can spread across the network and infect millions of computers in truly little time and the damages caused from such attacks are considered extremely high. In addition, these worms also affect the network packet and its performance, where the packets are analyzed by the signature-based intrusion detection system (IDS) and the network performance is analyzed by the NetFlow based IDS. Hence, this article proposes a joint detection of both the signature based and NetFlow based Internet worms using deep learning convolution neural network (DLCNN) with respect to various attacks and it can also prevent the suspicious actions of attackers (cyber-criminals). Additionally, it provides the security for users’ data maintenance, countermeasures, and controls the spreading of the internet worms. The effectiveness of proposed DLCNN model is evaluated using both packet capture (PCAP) and KDD-CUP-99 datasets. Finally, various quality metrics are employed to disclose the superiority of proposed DLCNN model as compared existing machine learning, and back propagated neural network models.","PeriodicalId":153590,"journal":{"name":"J. Interconnect. Networks","volume":"38 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Interconnect. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1142/s0219265921440242","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

A worm is a standalone program, which is self-replicating malware that distributes itself to other computers and networks. An Internet worm can spread across the network and infect millions of computers in truly little time and the damages caused from such attacks are considered extremely high. In addition, these worms also affect the network packet and its performance, where the packets are analyzed by the signature-based intrusion detection system (IDS) and the network performance is analyzed by the NetFlow based IDS. Hence, this article proposes a joint detection of both the signature based and NetFlow based Internet worms using deep learning convolution neural network (DLCNN) with respect to various attacks and it can also prevent the suspicious actions of attackers (cyber-criminals). Additionally, it provides the security for users’ data maintenance, countermeasures, and controls the spreading of the internet worms. The effectiveness of proposed DLCNN model is evaluated using both packet capture (PCAP) and KDD-CUP-99 datasets. Finally, various quality metrics are employed to disclose the superiority of proposed DLCNN model as compared existing machine learning, and back propagated neural network models.

查看原文本刊更多论文

网络蠕虫检测与分类的深度学习CNN框架

蠕虫是一种独立的程序，它是一种自我复制的恶意软件，可以将自己传播到其他计算机和网络上。互联网蠕虫可以在很短的时间内传播到整个网络并感染数百万台计算机，这种攻击造成的损害被认为是非常高的。此外，这些蠕虫还会影响网络数据包及其性能，其中基于签名的入侵检测系统(IDS)对数据包进行分析，基于NetFlow的入侵检测系统(IDS)对网络性能进行分析。因此，本文提出了一种基于签名和基于NetFlow的互联网蠕虫的联合检测方法，该方法使用深度学习卷积神经网络(DLCNN)对各种攻击进行联合检测，并且还可以防止攻击者(网络犯罪分子)的可疑行为。为用户的数据维护、防范提供安全保障，控制互联网蠕虫的传播。使用数据包捕获(PCAP)和KDD-CUP-99数据集评估了所提出的DLCNN模型的有效性。最后，采用各种质量指标来揭示所提出的DLCNN模型与现有机器学习和反向传播神经网络模型相比的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

J. Interconnect. Networks

自引率

0.00%

发文量