Cyber intrusion attacks that compromise the users' critical and sensitive data are escalating in volume and intensity, especially with the growing connections between our daily life and the Internet. The large volume and high complexity of such intrusion attacks have impeded the effectiveness of most traditional defence techniques. While at the same time, the remarkable performance of the machine learning methods, especially deep learning, in computer vision, had garnered research interests from the cyber security community to further enhance and automate intrusion detections. However, the expensive data labeling and limitation of anomalous data make it challenging to train an intrusion detector in a fully supervised manner. Therefore, intrusion detection based on unsupervised anomaly detection is an important feature too. In this paper, we propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.
翻译:破坏用户关键和敏感数据的网络入侵攻击在数量和强度上都在增加,特别是随着我们日常生活和互联网之间联系的日益加强。这种入侵攻击的数量巨大和高度复杂,妨碍了大多数传统防御技术的效力。与此同时,机器学习方法的出色表现,特别是计算机视觉方面的深层学习,同时也从网络安全界获得了研究兴趣,以进一步加强和自动化入侵探测。然而,异常数据昂贵的数据标签和限制,使得以充分监督的方式训练入侵探测器成为挑战。因此,基于未受监督异常探测的入侵探测也是一个重要的特征。在本文件中,我们提议采用基于网络入侵探测的三阶段深层学习异常探测框架。该框架包括未经监督的(K-手段集成)、半监视(GANomaly)和监督的学习算法。我们随后评估和展示了我们在三个基准数据集(NSL-KDD、CIC-IDS-2018和TON_IOT)上实施的框架的绩效。
相关内容
微信扫码咨询专知VIP会员