Deep Learning Approaches for Predictive Masquerade Detection

In computer security, masquerade detection is a special type of intrusion detection problem. Effective and early intrusion detection is a crucial factor for computer security. Although considerable work has been focused on masquerade detection for more than a decade, achieving a high level of accuracy and a comparatively low false alarm rate is still a big challenge. In this paper, we present a comprehensive empirical study in the area of anomaly-based masquerade detection using three deep learning models, namely, Deep Neural Networks (DNN), Long Short-Term Memory Recurrent Neural Networks (LSTM-RNN), and Convolutional Neural Networks (CNN). In order to surpass previous studies on this subject, we used three UNIX command line-based datasets, with six variant data configurations implemented from them. Furthermore, static and dynamic masquerade detection approaches were utilized in this study. In a static approach, DNN and LSTM-RNN models are used along with a Particle Swarm Optimization-based algorithm for their hyperparameters selection. On the other hand, a CNN model is employed in a dynamic approach. Moreover, twelve well-known evaluation metrics are used to assess model performance in each of the data configurations. Finally, intensive quantitative and ROC curves analyses of results are provided at the end of this paper. The results not only show that deep learning models outperform all traditional machine learning methods in the literature but also prove their ability to enhance masquerade detection on the used datasets significantly.

[1]  Yoon Kim,et al.  Convolutional Neural Networks for Sentence Classification , 2014, EMNLP.

[2]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[3]  R. Erbacher,et al.  Intrusion Detection : Detecting Masquerade Attacks Using UNIX Command Lines , 2007 .

[4]  Jakub Nalepa,et al.  Convergence Analysis of PSO for Hyper-Parameter Selection in Deep Neural Networks , 2017, 3PGCIC.

[5]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[6]  J. Kennedy,et al.  Population structure and particle swarm performance , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[7]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[8]  Shahid Ali,et al.  Evolving deep neural networks: A new prospect , 2016, 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD).

[9]  Donald E. Brown,et al.  HDLTex: Hierarchical Deep Learning for Text Classification , 2017, 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA).

[10]  Russell C. Eberhart,et al.  A new optimizer using particle swarm theory , 1995, MHS'95. Proceedings of the Sixth International Symposium on Micro Machine and Human Science.

[11]  Salvatore J. Stolfo,et al.  One-Class Training for Masquerade Detection , 2003 .

[12]  Jun Zhao,et al.  Recurrent Convolutional Neural Networks for Text Classification , 2015, AAAI.

[13]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[14]  Yoshua Bengio,et al.  Algorithms for Hyper-Parameter Optimization , 2011, NIPS.

[15]  Hugo Jair Escalante,et al.  Particle Swarm Model Selection , 2009, J. Mach. Learn. Res..

[16]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[17]  Xiang Zhang,et al.  Text Understanding from Scratch , 2015, ArXiv.

[18]  Yoshua Bengio,et al.  Random Search for Hyper-Parameter Optimization , 2012, J. Mach. Learn. Res..

[19]  Janez Demsar,et al.  Statistical Comparisons of Classifiers over Multiple Data Sets , 2006, J. Mach. Learn. Res..

[20]  Kwong H. Yung,et al.  Using Feedback to Improve Masquerade Detection , 2003, ACNS.

[21]  Russell C. Eberhart,et al.  Parameter Selection in Particle Swarm Optimization , 1998, Evolutionary Programming.

[22]  Jasper Snoek,et al.  Practical Bayesian Optimization of Machine Learning Algorithms , 2012, NIPS.

[23]  José Ranilla,et al.  Particle swarm optimization for hyper-parameter selection in deep neural networks , 2017, GECCO.

[24]  Sung Deok Cha,et al.  Empirical evaluation of SVM-based masquerade detection using UNIX commands , 2005, Comput. Secur..

[25]  Lei Liu,et al.  FPGA-based Acceleration of Deep Neural Networks Using High Level Method , 2015, 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC).

[26]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[27]  Min Yang,et al.  Masquerade Detection Using String Kernels , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[28]  Masayoshi Aritsugi,et al.  An SVM-Based Masquerade Detection Method with Online Update Using Co-occurrence Matrix , 2006, DIMVA.

[29]  Ji Gao,et al.  Improving SVM Classification with Imbalance Data Set , 2009, ICONIP.

[30]  Charu C. Aggarwal,et al.  A Survey of Text Classification Algorithms , 2012, Mining Text Data.

[31]  Iddo Greental,et al.  Genetic algorithms for evolving deep neural networks , 2014, GECCO.

[32]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[33]  Raymond K. Wong,et al.  Intrusion Detection via Analysis and Modelling of User Commands , 2005, DaWaK.

[34]  B. Matthews Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[35]  Fei Ye,et al.  Particle swarm optimization-based automatic parameter selection for deep neural networks and its applications in large-scale and high-dimensional data , 2017, PloS one.

[36]  Kwong H. Yung,et al.  Using Self-Consistent Naive-Bayes to Detect Masquerades , 2004, PAKDD.

[37]  Shuo Wang,et al.  Overview of deep learning , 2016, 2016 31st Youth Academic Annual Conference of Chinese Association of Automation (YAC).

[38]  Romain Hérault,et al.  Deep multi-task learning with evolving weights , 2016, ESANN.

[39]  Takeshi Okamoto,et al.  Towards an immunity-based system for detecting masqueraders , 2009, Int. J. Knowl. Based Intell. Eng. Syst..

[40]  Valery Naranjo,et al.  Evolving Deep Neural Networks architectures for Android malware classification , 2017, 2017 IEEE Congress on Evolutionary Computation (CEC).

[41]  R. Eberhart,et al.  Empirical study of particle swarm optimization , 1999, Proceedings of the 1999 Congress on Evolutionary Computation-CEC99 (Cat. No. 99TH8406).

[42]  Ye Zhang,et al.  A Sensitivity Analysis of (and Practitioners’ Guide to) Convolutional Neural Networks for Sentence Classification , 2015, IJCNLP.

[43]  Stan Matwin,et al.  Addressing the Curse of Imbalanced Training Sets: One-Sided Selection , 1997, ICML.

[44]  Diyi Yang,et al.  Hierarchical Attention Networks for Document Classification , 2016, NAACL.

[45]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[46]  Sabri Boughorbel,et al.  Optimal classifier for imbalanced data using Matthews Correlation Coefficient metric , 2017, PloS one.

[47]  José Ranilla,et al.  Hyper-parameter selection in deep neural networks using parallel particle swarm optimization , 2017, GECCO.

[48]  P. I. Fierens,et al.  A Survey on Masquerader Detection Approaches , 2009 .

[49]  David Sheskin The Friedman Two-Way Analysis of Variance by Ranks , 2003 .

[50]  K. Reddy,et al.  CONDITIONAL NAIVE-BAYES TO DETECT MASQUERADES , 2014 .

[51]  Li Deng,et al.  A tutorial survey of architectures, algorithms, and applications for deep learning , 2014, APSIPA Transactions on Signal and Information Processing.

[52]  F. Wilcoxon Individual Comparisons by Ranking Methods , 1945 .

[53]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[54]  Maurice Clerc,et al.  The particle swarm - explosion, stability, and convergence in a multidimensional complex space , 2002, IEEE Trans. Evol. Comput..

[55]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[56]  Bin Liu,et al.  Masquerade Detection System Based on Correlation Eigen Matrix and Support Vector Machine , 2006, 2006 International Conference on Computational Intelligence and Security.

[57]  Tong Zhang,et al.  Effective Use of Word Order for Text Categorization with Convolutional Neural Networks , 2014, NAACL.

[58]  Yoshua Bengio,et al.  Learning long-term dependencies with gradient descent is difficult , 1994, IEEE Trans. Neural Networks.

[59]  Roy A. Maxion,et al.  Masquerade detection using enriched command lines , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[60]  Ausif Mahmood,et al.  A Framework for Designing the Architectures of Deep Convolutional Neural Networks , 2017, Entropy.

[61]  Saul Greenberg,et al.  USING UNIX: COLLECTED TRACES OF 168 USERS , 1988 .

[62]  Taghi M. Khoshgoftaar,et al.  Improving deep neural network design with new text data representations , 2017, Journal of Big Data.

[63]  Abdelrahman Osman Elfaki,et al.  Optimizing the Multilayer Feed-Forward Artificial Neural Networks Architecture and Training Parameters using Genetic Algorithm , 2014 .