Packet-Based Intrusion Detection Using Bayesian Topic Models in Mobile Edge Computing

In this paper, a network intrusion detection system is proposed using Bayesian topic model latent Dirichlet allocation (LDA) for mobile edge computing (MEC). The method employs tcpdump packets and extracts multiple features from the packet headers. The tcpdump packets are transferred into documents based on the features. A topic model is trained using only attack-free traffic in order to learn the behavior patterns of normal traffic. Then, the test traffic is analyzed against the learned behavior patterns to measure the extent to which the test traffic resembles the normal traffic. A threshold is defined in the training phase as the minimum likelihood of a host. In the test phase, when a host’s test traffic has a likelihood lower than the host’s threshold, the traffic is labeled as an intrusion. The intrusion detection system is validated using DARPA 1999 dataset. Experiment shows that our method is suitable to protect the security of MEC.

[1]  Pierre-Francois Marteau,et al.  Sequence Covering for Efficient Host-Based Intrusion Detection , 2017, IEEE Transactions on Information Forensics and Security.

[2]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[3]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[4]  Inyoung Kim,et al.  A latent class modeling approach to detect network intrusion , 2006, Comput. Commun..

[5]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[6]  Tarik Taleb,et al.  On Multi-Access Edge Computing: A Survey of the Emerging 5G Network Edge Cloud Architecture and Orchestration , 2017, IEEE Communications Surveys & Tutorials.

[7]  Stefano Zanero,et al.  Detecting Intrusions through System Call Sequence and Argument Analysis , 2010, IEEE Transactions on Dependable and Secure Computing.

[8]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[9]  Ahmed I. Saleh,et al.  A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers , 2017, Artificial Intelligence Review.

[10]  Aiko Pras,et al.  Autonomic Parameter Tuning of Anomaly-Based IDSs: an SSH Case Study , 2012, IEEE Transactions on Network and Service Management.

[11]  Zhou Di,et al.  Feature representation and selection in malicious code detection methods based on static system calls , 2011 .

[12]  Alexander Karlsson,et al.  Topic modeling for anomaly detection in telecommunication networks , 2019, Journal of Ambient Intelligence and Humanized Computing.

[13]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[14]  Yun Wang,et al.  A multinomial logistic regression modeling approach for anomaly intrusion detection , 2005, Comput. Secur..

[15]  Xing Zhang,et al.  Adaptive Computation Offloading With Edge for 5G-Envisioned Internet of Connected Vehicles , 2020, IEEE Transactions on Intelligent Transportation Systems.

[16]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..

[17]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[18]  Raouf Boutaba,et al.  Effective Acquaintance Management based on Bayesian Learning for Distributed Intrusion Detection Networks , 2012, IEEE Transactions on Network and Service Management.

[19]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[20]  Mark Steyvers,et al.  Finding scientific topics , 2004, Proceedings of the National Academy of Sciences of the United States of America.

[21]  Azzam Mourad,et al.  A Novel Ad-Hoc Mobile Edge Cloud Offering Security Services Through Intelligent Resource-Aware Offloading , 2019, IEEE Transactions on Network and Service Management.

[22]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[23]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[24]  Taeshik Shon,et al.  Applying genetic algorithm for classifying anomalous TCP/IP packets , 2006, Neurocomputing.

[25]  Huaming Wu,et al.  Edge Server Quantification and Placement for Offloading Social Media Services in Industrial Cognitive IoV , 2021, IEEE Transactions on Industrial Informatics.

[26]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[27]  Sungho Kim,et al.  LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation , 2018, IEEE Transactions on Dependable and Secure Computing.

[28]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..