Evaluating shallow and deep networks for secure shell (ssh)traffic analysis

The family of recurrent neural network (RNN) mechanisms are largely used for the various tasks in natural language processing, speech recognition, image processing and many others due to they established as a powerful mechanism to capture dynamic temporal behaviors in arbitrary length of large-scale sequence data. This paper attempts to know the effectiveness of various RNN mechanisms on the traffic classification specifically for Secure Shell (SSH) protocol by modeling the feature sets of statistical flows as time-series obtained from various public and private traces. These traces are from NIMS (Network Information Management and Security Group), DARPA (Defense Advanced Research Projects Agency) 1999 Week1, DARPA 1999 Week3, MAWI (Measurement and Analysis on the WIDE Internet), and NLANR (National Laboratory for Applied Network Research) Active Measurement Project (AMP). A various configurations of network topologies, network parameters and network structures are used for family of RNN architectures to identify an optimal architecture. The experiments are run up to 1000 epochs with learning rate in the range [0.01-05] on both the binary and multiclass classification settings. RNN mechanisms have performed well in comparison to the other classical machine learning algorithms. Moreover, long short-term memory (LSTM) mechanism is a modified RNN, as achieved highest accuracy in cross-validation and testing of binary and multi-class classification cases. The background reason to that is, RNN mechanisms have capability to capture the dynamic temporal dependencies by storing information and updating them, when it is necessary across time-steps.

[1]  A. Anou,et al.  RETRACTED: A Bayesian Networks in Intrusion Detection Systems , 2007 .

[2]  Dit-Yan Yeung,et al.  Parzen-window network intrusion detectors , 2002, Object recognition supported by user interaction for service robots.

[3]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[4]  Ramesh C. Agarwal,et al.  PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) , 2001, SDM.

[5]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[6]  Amaury Lendasse,et al.  High-Performance Extreme Learning Machines: A Complete Toolbox for Big Data Applications , 2015, IEEE Access.

[7]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[8]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[9]  Ralf C. Staudemeyer,et al.  Extracting salient features for network intrusion detection using machine learning methods , 2014, South Afr. Comput. J..

[10]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[11]  R. C. Staudemeyer Feature Set Reduction for Automatic Network Intrusion Detection with Machine Learning Algorithms , 2009 .

[12]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[13]  Vipin Kumar,et al.  Finding Clusters of Different Sizes, Shapes, and Densities in Noisy, High Dimensional Data , 2003, SDM.

[14]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[15]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[16]  Byung-Joo Kim,et al.  Kernel based intrusion detection system , 2005, Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05).

[17]  Zied Elouedi,et al.  Naive Bayesian Networks in Intrusion Detection Systems , 2003 .

[18]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[19]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[20]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[21]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[22]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[23]  Ling Gao,et al.  An Intrusion Detection Model Based on Deep Belief Networks , 2014 .

[24]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[25]  Fabio Roli,et al.  Ensemble learning for Intrusion Detection in Computer Networks , 2002 .

[26]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[27]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[28]  Robert C. Atkinson,et al.  Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey , 2017, ArXiv.