The Internet has become a prime subject to security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption or theft. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. State-of-the-art intrusion detection systems are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. We employ a deep neural network-based classifier for attack identification. The network is trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we introduce a new metric, called earliness, to evaluate how early our proposed approach detects attacks. We have empirically evaluated our approach on the CICIDS2017 dataset. The results show that our approach performed well and attained an overall 0.803 balanced accuracy.
翻译:互联网已成为攻击者安全攻击和侵入的首要目标。这些攻击可能导致系统故障、网络崩溃、数据腐败或盗窃。网络入侵探测系统(IDS)是用来通过观察网络交通查明未经授权和恶意行为的工具。最先进的入侵探测系统设计的目的是通过检查攻击的完整信息来侦测攻击。这意味着,只有对攻击系统实施攻击后,IDS才能探测到攻击,并可能对系统造成损害。在本文中,我们提议建立一个端到端的早期入侵探测系统,以防止网络袭击对系统造成更多的破坏,同时防止意外的故障和中断。我们使用一个以神经网络为基础的深层分类器进行攻击识别。对网络进行有监督的培训,以便从原始网络交通数据中提取相关特征,而不是依赖在最相关方法中使用的手工特征选择程序。此外,我们引入了一种新的指标,叫做“耳目”,以评估我们提议的方法如何及早发现攻击。我们用经验评估了对CICIS2017系统进行攻击的方法,并实现了全面准确性。结果显示,我们采用了一种平衡的方法。