Cyberattack detection model using deep learning in a network log system with data visualization

Network log data is significant for network administrators, since it contains information on every event that occurs in a network, including system errors, alerts, and packets sending statuses. Effectively analyzing large volumes of diverse log data brings opportunities to identify issues before they become problems and to prevent future cyberattacks; however, processing of the diverse NetFlow data poses challenges such as volume, velocity, and veracity of log data. In this study, by means of Elasticsearch, Logstash, and Kibana, i.e., the ELK Stack, we construct an analysis and management system for network log data, which provides functions to filter, analyze, and display network log data for further applications and creates data visualization on a Web browser. In addition, an advanced cyberattack detection model is facilitated using deep neural network (DNN), recurrent neural networks (RNN), and long short-term memory (LSTM) approaches. By knowing cyberattack behaviors and cross-validating with the log analysis system, one can learn from this model the characteristics of a variety of cyberattacks. Finally, we also implement Grafana to perform metrics monitoring.

[1]  Mariam Kiran,et al.  Understanding flows in high-speed scientific networks: A Netflow data study , 2019, Future Gener. Comput. Syst..

[2]  Jung-Chun Liu,et al.  NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph , 2020, IEEE Access.

[3]  Sung-Bae Cho,et al.  Web traffic anomaly detection using C-LSTM neural networks , 2018, Expert Syst. Appl..

[4]  Michal Choras,et al.  A scalable distributed machine learning approach for attack detection in edge computing environments , 2018, J. Parallel Distributed Comput..

[5]  Banu Diri,et al.  Machine learning based phishing detection from URLs , 2019, Expert Syst. Appl..

[6]  Mooi Choo Chuah,et al.  New attacks on RNN based healthcare learning system and their detections , 2018 .

[7]  Kangfeng Zheng,et al.  Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network , 2019, Sensors.

[8]  Chao-Tung Yang,et al.  On Construction of Sensors, Edge, and Cloud (iSEC) Framework for Smart System Integration and Applications , 2020, IEEE Internet of Things Journal.

[9]  James H. Adams,et al.  Using the ELK Stack for CASTOR Application Logging at RAL , 2016 .

[10]  Julian M. Kunkel,et al.  Real-Time I/O-Monitoring of HPC Applications with SIOX, Elasticsearch, Grafana and FUSE , 2017, ISC Workshops.

[11]  K. P. Soman,et al.  Deep Learning Approach for Intelligent Intrusion Detection System , 2019, IEEE Access.

[12]  Bibhudatta Sahoo,et al.  Toward secure software-defined networks against distributed denial of service attack , 2019, The Journal of Supercomputing.

[13]  Adrian Taylor,et al.  Probing the Limits of Anomaly Detectors for Automobiles with a Cyberattack Framework , 2018, IEEE Intelligent Systems.

[14]  Albert Cabellos-Aparicio,et al.  Analysis of the impact of sampling on NetFlow traffic classification , 2011, Comput. Networks.

[15]  Zhihui Lu,et al.  Bigdata logs analysis based on seq2seq networks for cognitive Internet of Things , 2019, Future Gener. Comput. Syst..

[16]  Chao-Tung Yang,et al.  On construction of a network log management system using ELK Stack with Ceph , 2019, The Journal of Supercomputing.

[17]  Jun-Ho Huh,et al.  An effective security measures for nuclear power plant using big data analysis approach , 2018, The Journal of Supercomputing.

[18]  Jung-Chun Liu,et al.  The Implementation of a Network Log System Using RNN on Cyberattack Detection with Data Visualization , 2019 .

[19]  Christopher Sweet,et al.  Differentiating and Predicting Cyberattack Behaviors Using LSTM , 2018, 2018 IEEE Conference on Dependable and Secure Computing (DSC).

[20]  Pierre Parrend,et al.  A systematic survey on multi-step attack detection , 2018, Comput. Secur..

[21]  Rajiv Ranjan,et al.  Implementation of a real-time network traffic monitoring service with network functions virtualization , 2019, Future Gener. Comput. Syst..

[22]  Melody Moh,et al.  Detecting Web Attacks Using Multi-stage Log Analysis , 2016, 2016 IEEE 6th International Conference on Advanced Computing (IACC).

[23]  Meir Kalech,et al.  Cyber-attack detection in SCADA systems using temporal pattern recognition techniques , 2019, Comput. Secur..

[24]  Widyawan,et al.  An evaluation of Twitter river and Logstash performances as elasticsearch inputs for social media analysis of Twitter , 2015, 2015 International Conference on Information & Communication Technology and Systems (ICTS).

[25]  Chao-Tung Yang,et al.  A Heterogeneous Cloud Storage Platform With Uniform Data Distribution by Software-Defined Storage Technologies , 2019, IEEE Access.

[26]  Chao-Tung Yang,et al.  An Implementation of Scalable High Throughput Data Platform for Logging Semiconductor Testing Results , 2019, IEEE Access.

[27]  Ankit Singh,et al.  Design and development of generic web based framework for log analysis , 2016, 2016 IEEE Region 10 Conference (TENCON).

[28]  Misha Kakkar,et al.  Geo-identification of web users through logs using ELK stack , 2016, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence).

[29]  Uthman A. Baroudi,et al.  Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges , 2019, Neurocomputing.

[30]  Rafal Kozik Distributing extreme learning machines with Apache Spark for NetFlow-based malware activity detection , 2018, Pattern Recognit. Lett..

[31]  Chun-Yu Wang,et al.  BotCluster: A session-based P2P botnet clustering system on NetFlow , 2018, Comput. Networks.

[32]  Hongyu Liu,et al.  CNN and RNN based payload classification methods for attack detection , 2019, Knowl. Based Syst..