Multi-Task Learning for Intrusion Detection on web logs

In this paper, we aim to detect malicious network activities based on the analysis of web logs. Despite recent advances, classifying all malicious activities into specific types as well as identifying novel attacks are still serious issues. Various kinds of attacks have different representations. In traditional approaches, detecting each kind of attack is usually considered as an independent task. However, it is observed that different types share some common features in URL, which can be formulated as a multi-task problem. Inspired by this observation, we propose a novel Multi-Task Learning Intrusion Detection (MTLID) approach to share these common features across all types, which improves the performance of classification. Moreover, in order to detect the false negatives introduced by multi-task classification, we adopt Gaussian Mixture Model (GMM) to build the profile of normal activities, and thereby novel attacks could be further identified. We obtain a real-world dataset of web logs from different websites to demonstrate the effectiveness of MTLID. Experiment results illustrate that our proposed approach outperforms existing methods in both detection rate and false alarm rate.

[1]  Keke Gai,et al.  Intrusion detection techniques for mobile cloud computing in heterogeneous 5G , 2016, Secur. Commun. Networks.

[2]  Keke Gai,et al.  Phase-Change Memory Optimization for Green Cloud with Genetic Algorithm , 2015, IEEE Transactions on Computers.

[3]  Jun Zhang,et al.  Network Traffic Classification Using Correlation Information , 2013, IEEE Transactions on Parallel and Distributed Systems.

[4]  Douglas A. Reynolds,et al.  Gaussian Mixture Models , 2018, Encyclopedia of Biometrics.

[5]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Philip S. Yu,et al.  RS-Forest: A Rapid Density Estimator for Streaming Anomaly Detection , 2014, 2014 IEEE International Conference on Data Mining.

[7]  Meikang Qiu,et al.  Privacy Protection for Preventing Data Over-Collection in Smart City , 2016, IEEE Transactions on Computers.

[8]  Luca Salgarelli,et al.  Support Vector Machines for TCP traffic classification , 2009, Comput. Networks.

[9]  Randy L. Ekl,et al.  Security Technology for Smart Grid Networks , 2010, IEEE Transactions on Smart Grid.

[10]  Wei Hu,et al.  Network-based intrusion detection using Adaboost algorithm , 2005, The 2005 IEEE/WIC/ACM International Conference on Web Intelligence (WI'05).

[11]  Rahul Khanna,et al.  System approach to intrusion detection using hidden Markov model , 2006, IWCMC '06.

[12]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[13]  Somnuk Phon-Amnuaisuk,et al.  A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection , 2010, Applied Intelligence.

[14]  Md. Al Mehedi Hasan,et al.  Support Vector Machine and Random Forest Modeling for Intrusion Detection System (IDS) , 2014 .

[15]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[16]  Tieniu Tan,et al.  l2, 1 Regularized correntropy for robust feature selection , 2012, 2012 IEEE Conference on Computer Vision and Pattern Recognition.

[17]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[18]  Zhi Chen,et al.  Energy-Aware Data Allocation With Hybrid Memory for Mobile Cloud Systems , 2017, IEEE Systems Journal.

[19]  Mila Nikolova,et al.  Analysis of Half-Quadratic Minimization Methods for Signal and Image Recovery , 2005, SIAM J. Sci. Comput..

[20]  Gonzalo Álvarez,et al.  Combining expert knowledge with automatic feature extraction for reliable web attack detection , 2015, Secur. Commun. Networks.

[21]  Luming Zhang,et al.  Interest Inference via Structure-Constrained Multi-Source Multi-Task Learning , 2015, IJCAI.

[22]  Jun Zhang,et al.  Robust network traffic identification with unknown applications , 2013, ASIA CCS '13.

[23]  Keke Gai,et al.  Intercrossed Access Controls for Secure Financial Services on Multimedia Big Data in Cloud Systems , 2016, ACM Trans. Multim. Comput. Commun. Appl..

[24]  Junfei Qiao,et al.  Passive robust fault detection using RBF neural modeling based on set membership identification , 2014, Eng. Appl. Artif. Intell..

[25]  Christopher Krügel,et al.  A multi-model approach to the detection of web-based attacks , 2005, Comput. Networks.

[26]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[27]  Jieping Ye,et al.  Multi-Task Learning for Spatio-Temporal Event Forecasting , 2015, KDD.

[28]  Keke Gai,et al.  Privacy-Preserving Data Encryption Strategy for Big Data in Mobile Cloud Computing , 2017, IEEE Transactions on Big Data.

[29]  T. Revathi,et al.  Minimal complexity attack classification intrusion detection system , 2013, Appl. Soft Comput..

[30]  Anmol Bhasin,et al.  Transfer Learning for Bilingual Content Classification , 2015, KDD.

[31]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[32]  Swagatam Das,et al.  Stability and chaos analysis of a novel swarm dynamics with applications to multi-agent systems , 2014, Eng. Appl. Artif. Intell..

[33]  Keke Gai,et al.  Spoofing-Jamming Attack Strategy Using Optimal Power Distributions in Wireless Smart Grid Networks , 2017, IEEE Transactions on Smart Grid.

[34]  Stefan Winkler,et al.  Inferring Painting Style with Multi-Task Dictionary Learning , 2015, IJCAI.

[35]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[36]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[37]  Xiangliang Zhang,et al.  Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks , 2014, Knowl. Based Syst..

[38]  Yun Wang,et al.  A multinomial logistic regression modeling approach for anomaly intrusion detection , 2005, Comput. Secur..

[39]  Carl K. Chang,et al.  Bayesian Model Averaging of Bayesian Network Classifiers for Intrusion Detection , 2014, 2014 IEEE 38th International Computer Software and Applications Conference Workshops.

[40]  Jie Wu,et al.  Robust Network Traffic Classification , 2015, IEEE/ACM Transactions on Networking.

[41]  Christopher Krügel,et al.  Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , 2006, NDSS.

[42]  Thanunchai Threepak,et al.  Web attack detection using entropy-based analysis , 2014, The International Conference on Information Networking 2014 (ICOIN2014).

[43]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[44]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[45]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[46]  Amjad Rehman,et al.  Evaluation of artificial intelligent techniques to secure information in enterprises , 2012, Artificial Intelligence Review.

[47]  Hamid Parvin,et al.  Proposing a classifier ensemble framework based on classifier selection and decision tree , 2015, Eng. Appl. Artif. Intell..

[48]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.