Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems

The intrusion detection systems (IDSs) are essential elements when it comes to the protection of an ICT infrastructure. A misuse IDS is a stable method that can achieve high attack detection rates (ADR) while keeping false alarm rates under acceptable levels. However, the misuse IDSs suffer from the lack of agility, as they are unqualified to adapt to new and “unknown” environments. That is, such an IDS puts the security administrator into an intensive engineering task for keeping the IDS up-to-date every time it faces efficiency drops. Considering the extended size of modern networks and the complexity of big network traffic data, the problem exceeds the substantial limits of human managing capabilities. In this regard, we propose a novel methodology which combines the benefits of self-taught learning and MAPE-K frameworks to deliver a scalable, self-adaptive, and autonomous misuse IDS. Our methodology enables the misuse IDS to sustain high ADR, even if it is imposed on consecutive and drastic environmental changes. Through the utilization of deep-learning based methods, the IDS is able to grasp an attack’s nature based on the generalized feature reconstructions stemming directly from the unknown environment and its unlabeled data. The experimental results reveal that our methodology can breathe new life into the IDS without the constant need for manually refreshing its training set. We evaluate our proposal under several classification metrics and demonstrate that the ADR of the IDS increases up to 73.37% in critical situations where a statically trained IDS is rendered totally ineffective.

[1]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[2]  Mary Shaw,et al.  Engineering Self-Adaptive Systems through Feedback Loops , 2009, Software Engineering for Self-Adaptive Systems.

[3]  Alberto Huertas Celdrán,et al.  Dynamic management of a deep learning-based anomaly detection system for 5G networks , 2018 .

[4]  Daniel Díaz López,et al.  Dynamic counter-measures for risk-based access control systems: An evolutive approach , 2016, Future Gener. Comput. Syst..

[5]  Jürgen Schmidhuber,et al.  Deep learning in neural networks: An overview , 2014, Neural Networks.

[6]  Rajat Raina,et al.  Self-taught learning: transfer learning from unlabeled data , 2007, ICML '07.

[7]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[8]  Georgios Kambourakis,et al.  Dendron : Genetic trees driven rule induction for network intrusion detection systems , 2018, Future Gener. Comput. Syst..

[9]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[10]  Nevil Brownlee,et al.  Traffic Flow Measurement: Architecture , 1999, RFC.

[11]  Francisco Herrera,et al.  On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems , 2015, Expert Syst. Appl..

[12]  Young B. Park,et al.  A Study of Environment-Adaptive Intrusion Detection System , 2016, CSA/CUTE.

[13]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[14]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[15]  Jason H. Moore,et al.  Learning classifier systems: a complete introduction, review, and roadmap , 2009 .

[16]  Bart De Schutter,et al.  A Comprehensive Survey of Multiagent Reinforcement Learning , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[17]  Qingfu Zhang,et al.  Multiobjective evolutionary algorithms: A survey of the state of the art , 2011, Swarm Evol. Comput..

[18]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[19]  Hassina Bensefia,et al.  Adaptive Intrusion Detection Systems: The Next Generation of IDSs , 2014 .

[20]  Rajat Raina,et al.  Efficient sparse coding algorithms , 2006, NIPS.

[21]  Bradley R. Schmerl,et al.  Software Engineering for Self-Adaptive Systems: A Second Research Roadmap , 2010, Software Engineering for Self-Adaptive Systems.

[22]  Georgios Kambourakis,et al.  Optimal Countermeasures Selection Against Cyber Attacks: A Comprehensive Survey on Reaction Frameworks , 2018, IEEE Communications Surveys & Tutorials.

[23]  Yang Yu,et al.  A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks , 2016, Sensors.

[24]  Ulrike von Luxburg,et al.  A tutorial on spectral clustering , 2007, Stat. Comput..

[25]  Georgios Kambourakis,et al.  TermID: a distributed swarm intelligence-based approach for wireless intrusion detection , 2017, International Journal of Information Security.

[26]  Yang Yu,et al.  Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders , 2017, Secur. Commun. Networks.

[27]  Georgios Kambourakis,et al.  Swarm intelligence in intrusion detection: A survey , 2011, Comput. Secur..