Towards Real-Time Network Intrusion Detection With Image-Based Sequential Packets Representation

IF 7.5 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Big Data Pub Date : 2024-03-20 DOI:10.1109/TBDATA.2024.3403394

Jalal Ghadermazi;Ankit Shah;Nathaniel D. Bastian

{"title":"Towards Real-Time Network Intrusion Detection With Image-Based Sequential Packets Representation","authors":"Jalal Ghadermazi;Ankit Shah;Nathaniel D. Bastian","doi":"10.1109/TBDATA.2024.3403394","DOIUrl":null,"url":null,"abstract":"Machine learning (ML) and deep learning (DL) advancements have greatly enhanced anomaly detection of network intrusion detection systems (NIDS) by empowering them to analyze Big Data and extract patterns. ML/DL-based NIDS are trained using either flow-based or packet-based features. Flow-based NIDS are suitable for offline traffic analysis, while packet-based NIDS can analyze traffic and detect attacks in real-time. Current packet-based approaches analyze packets independently, overlooking the sequential nature of network communication. This results in biased models that exhibit increased false negatives and positives. Additionally, most literature-proposed packet-based NIDS capture only payload data, neglecting crucial information from packet headers. This oversight can impair the ability to identify header-level attacks, such as denial-of-service attacks. To address these limitations, we propose a novel artificial intelligence-enabled methodological framework for packet-based NIDS that effectively analyzes header and payload data and considers temporal connections among packets. Our framework transforms sequential packets into two-dimensional images. It then develops a convolutional neural network-based intrusion detection model to process these images and detect malicious activities. Through experiments using publicly available big datasets, we demonstrate that our framework is able to achieve high detection rates of 97.7% to 99% across different attack types and displays promising resilience against adversarial examples.","PeriodicalId":13106,"journal":{"name":"IEEE Transactions on Big Data","volume":"11 1","pages":"157-173"},"PeriodicalIF":7.5000,"publicationDate":"2024-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10535236","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Big Data","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10535236/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Machine learning (ML) and deep learning (DL) advancements have greatly enhanced anomaly detection of network intrusion detection systems (NIDS) by empowering them to analyze Big Data and extract patterns. ML/DL-based NIDS are trained using either flow-based or packet-based features. Flow-based NIDS are suitable for offline traffic analysis, while packet-based NIDS can analyze traffic and detect attacks in real-time. Current packet-based approaches analyze packets independently, overlooking the sequential nature of network communication. This results in biased models that exhibit increased false negatives and positives. Additionally, most literature-proposed packet-based NIDS capture only payload data, neglecting crucial information from packet headers. This oversight can impair the ability to identify header-level attacks, such as denial-of-service attacks. To address these limitations, we propose a novel artificial intelligence-enabled methodological framework for packet-based NIDS that effectively analyzes header and payload data and considers temporal connections among packets. Our framework transforms sequential packets into two-dimensional images. It then develops a convolutional neural network-based intrusion detection model to process these images and detect malicious activities. Through experiments using publicly available big datasets, we demonstrate that our framework is able to achieve high detection rates of 97.7% to 99% across different attack types and displays promising resilience against adversarial examples.

查看原文本刊更多论文

基于图像序列数据包表示的实时网络入侵检测

机器学习（ML）和深度学习（DL）的进步极大地增强了网络入侵检测系统（NIDS）的异常检测能力，使它们能够分析大数据并提取模式。基于ML/ dl的NIDS使用基于流或基于包的特征进行训练。基于流量的入侵检测适合于离线的流量分析，而基于报文的入侵检测可以实时分析流量和检测攻击。当前基于数据包的方法独立分析数据包，忽略了网络通信的顺序性。这导致有偏见的模型，表现出更多的假阴性和假阳性。此外，大多数文献提出的基于包的NIDS仅捕获有效负载数据，而忽略了包头中的关键信息。这种疏忽会损害识别报头级攻击的能力，例如拒绝服务攻击。为了解决这些限制，我们为基于数据包的NIDS提出了一种新的支持人工智能的方法框架，该框架可以有效地分析报头和有效载荷数据，并考虑数据包之间的时间连接。我们的框架将顺序数据包转换为二维图像。然后开发了一个基于卷积神经网络的入侵检测模型来处理这些图像并检测恶意活动。通过使用公开可用的大数据集的实验，我们证明了我们的框架能够在不同的攻击类型中实现97.7%到99%的高检测率，并且对对抗性示例显示出有希望的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Big Data Multiple-

CiteScore

11.80

自引率

2.80%

发文量

114

期刊介绍： The IEEE Transactions on Big Data publishes peer-reviewed articles focusing on big data. These articles present innovative research ideas and application results across disciplines, including novel theories, algorithms, and applications. Research areas cover a wide range, such as big data analytics, visualization, curation, management, semantics, infrastructure, standards, performance analysis, intelligence extraction, scientific discovery, security, privacy, and legal issues specific to big data. The journal also prioritizes applications of big data in fields generating massive datasets.