An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection

Ren Hung Hwang, Min Chun Peng, Chien Wei Huang, Po Ching Lin, Van Linh Nguyen*

*此作品的通信作者

研究成果: Article同行評審

65 引文 斯高帕斯(Scopus)

摘要

Various attacks have emerged as the major threats to the success of a connected world like the Internet of Things (IoT), in which billions of devices interact with each other to facilitate human life. By exploiting the vulnerabilities of cheap and insecure devices such as IP cameras, an attacker can create hundreds of thousands of zombie devices and then launch massive volume attacks to take down any target. For example, in 2016, a record large-scale DDoS attack launched by millions of Mirai-injected IP cameras and smart printers blocked the accessibility of several high-profile websites. To date, the state-of-the-art defense systems against such attacks rely mostly on pre-defined features extracted from the entire flows or signatures. The feature definitions are manual, and it would be too late to block a malicious flow after extracting the flow features. In this work, we present an effective anomaly traffic detection mechanism, namely D-PACK, which consists of a Convolutional Neural Network (CNN) and an unsupervised deep learning model (e.g., Autoencoder) for auto-profiling the traffic patterns and filtering abnormal traffic. Notably, D-PACK inspects only the first few bytes of the first few packets in each flow for early detection. Our experimental results show that, by examining just the first two packets in each flow, D-PACK still performs with nearly 100% accuracy, while features an extremely low false-positive rate, e.g., 0.83%. The design can inspire the emerging efforts towards online anomaly detection systems that feature reducing the volume of processed packets and blocking malicious flows in time.

原文English
文章編號8990084
頁(從 - 到)30387-30399
頁數13
期刊IEEE Access
8
DOIs
出版狀態Published - 2020

指紋

深入研究「An Unsupervised Deep Learning Model for Early Network Traffic Anomaly Detection」主題。共同形成了獨特的指紋。

引用此