Research Article


DOI :10.26650/acin.1142806   IUP :10.26650/acin.1142806    Full Text (PDF)

Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method

Yalçın Özkan

The effects of attacks on network systems and the extent of damages caused by them tend to increase every day. Solutions based on machine learning algorithms have started to be developed in order to develop appropriate defense systems by detecting attacks in a timely and effective manner. This study focuses on detecting abnormal traffic on networks through deep learning algorithms, and a deep autoencoder model architecture that can be used to detect attacks is recommended. To this end, an autoencoder model is first obtained by training the normal dataset without class labels in an unsupervised manner with an autoencoder, and a threshold value is obtained by running this model with small size test data with normal attack observations. The threshold value is calculated as a value that will optimize the model performance. It is observed that supervised learning methods lead to difficulties and cost increases in the detection of cyber-attacks and the labeling process. The threshold value is calculated using only small test data without resorting to labeling in order to overcome these costs and save time, and the incoming up-to-date network traffic information is classified based on this threshold value.

DOI :10.26650/acin.1142806   IUP :10.26650/acin.1142806    Full Text (PDF)

Otokodlayıcı Tabanlı Denetimsiz Öğrenme Yöntemi ile Ağ Trafiğindeki Saldırıların Algılanması

Yalçın Özkan

Ağ sistemlerine yapılan saldırıların etkisi ve oluşturduğu hasarların boyutu gün geçtikçe artış eğilimi göstermektedir. Saldırıları zamanında ve etkin biçimde tespit ederek uygun savunma sistemleri geliştirmek üzere makine öğrenmesi algoritmalarına dayalı çözümler geliştirilmeye başlanmıştır. Bu çalışma, ağlara yönelik anormal trafiğin derin öğrenme algoritmaları yardımıyla belirlenmesi üzerine odaklanmakta ve saldırıların tespit edilmesinde kullanılabilecek bir derin otokodlayıcı model mimarisi önerilmektedir. Bu amaçla önce otokodlayıcı ile sınıf etiketleri olmayan normal veri kümesi denetimsiz biçimde eğitilerek bir otokodlayıcı model elde edilmekte, bu model normal saldırı gözlemlerine sahip küçük boyutlu bir test verisiyle birlikte çalıştırılarak bir eşik değer elde edilmektedir. Eşik değer, model performansını optimum kılacak bir değer olarak hesaplanmaktadır. Denetimli öğrenme yöntemlerinin, siber saldırıların tespit edilmesinde, etiketleme işleminin zorluklara ve maliyet artışlarına neden olduğu gözlemlenmektedir. Bu maliyetleri aşmak ve zaman kazanmak için etiketlendirme işlemine başvurmadan sadece küçük bir test verisini kullanarak eşik değer hesaplanmakta ve yeni gelen bir güncel ağ trafik bilgisi bu eşik değere göre sınıflandırılmaktadır.


PDF View

References

  • Abadi, M., Agarval, A., Barham, P., Brevdo., Chen, A., Citro, C. ... Corrado, G.S. (2015), TensorFlow: Large-scale machine learning on heterogeneous systems, Software available from tensorflow.org, DOI: 10.5281/zenodo.4724125 google scholar
  • Aygun, R. C., & Yavuz, A. G. (2017, June). Network anomaly detection with stochastically improved autoencoder based models. In 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 193-198). IEEE. google scholar
  • Chollet, F., & others. (2015). Keras. GitHub. Retrieved from https://github.com/fchollet/keras google scholar
  • Chollet, F., (2019). Python ile Derin Öğrenme [Deep Learning with Python]. (Aksoy, B.A. Trans.). İstanbul, Turkey: Buzdağı yayınevi. google scholar
  • CICIDS2017. (2017), Intrusion Detection Systems Datasets, Retrieved from https://www.unb.ca/cic/datasets/ids-2017.html google scholar
  • Dutta,V., Pawlicki,M., Kozik,R. & Choras, M. (2022). Unsupervised network traffic anomaly detection with deep autoencoders, Logic Journal of the IGPL, jzac002. google scholar
  • Gao M, Ma L , Liu H, Zhang Z, Ning Z & Xu, J. (2020). Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis. Sensors.; 20(5):1452. https://doi.org/10.3390/s20051452 google scholar
  • He, M., Wang, X., Zhou, J., Xi, Y., Jin, L., & Wang, X. (2021). Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection. Security and Communication Networks, 2021. https://doi.org/10.1155/2021/6659022 google scholar
  • Hunter, J. D. (2007), Matplotlib: A 2D graphics environment, Computing in Science \& Engineering, Volume 9, Number 3, Pages 90-95. google scholar
  • Khraisat, A., Gondal, I., Vamplew, P. & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2, 20 (2019). https://doi.org/10.1186/s42400-019-0038-7 google scholar
  • Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A. & Kitsune. (2018). An Ensemble of Autoencoders for Online Network Intrusion Detection, Proceedings of the 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, CA, USA. 18-21 February 2018. google scholar
  • Özkan, Y., (2021). Uygulamalı Derin Öğrenme. Papatya Bilim Yayınevi. google scholar
  • Öztemel, E., (2020). Yapay Sinir Ağları. (4th ed.) [Neural networks], İstanbul, Turkey: Papatya Bilim yayınevi, ISBN: 978- 975-6797-39-6. google scholar
  • Roshan, K. & Zafar, A. (2021). An Optimized Auto-Encoder based Approach for Detecting Zero-Day Cyber-Attacks in Computer Network. 5th International Conference on Information Systems and Computer Networks (ISCON), 2021, pp. 1-6, doi: 10.1109/ISCON52037.2021.9702437. google scholar
  • Rossum, G., & Drake Jr, F. L. (1995). Python reference manual. Centrum voor Wiskunde en Informatica Amsterdam. google scholar
  • Sharafaldin,I., Habibi Lashkari, A.H., & Ghorbani, A.A., (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018 google scholar
  • Song, Y., Hyun, S., & Cheong, Y. G. (2021). Analysis of Autoencoders for Network Intrusion Detection. Sensors (Basel, Switzerland), 21(13), 4294, https:// doi.org/10.3390/s21134294 google scholar
  • Yang, L., Song, Y., Gao, S., Xiao, B., & Hu, A. (2020). Griffin: An Ensemble of AutoEncoders for Anomaly Traffic Detection in SDN, GLOBECOM 2020 - 2020 IEEE Global Communications Conference, 2020, pp. 1-6, doi: 10.1109/GLOBECOM42002.2020.9322187. google scholar

Citations

Copy and paste a formatted citation or use one of the options to export in your chosen format


EXPORT



APA

Özkan, Y. (2022). Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica, 6(2), 199-207. https://doi.org/10.26650/acin.1142806


AMA

Özkan Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica. 2022;6(2):199-207. https://doi.org/10.26650/acin.1142806


ABNT

Özkan, Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica, [Publisher Location], v. 6, n. 2, p. 199-207, 2022.


Chicago: Author-Date Style

Özkan, Yalçın,. 2022. “Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method.” Acta Infologica 6, no. 2: 199-207. https://doi.org/10.26650/acin.1142806


Chicago: Humanities Style

Özkan, Yalçın,. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method.” Acta Infologica 6, no. 2 (Feb. 2023): 199-207. https://doi.org/10.26650/acin.1142806


Harvard: Australian Style

Özkan, Y 2022, 'Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method', Acta Infologica, vol. 6, no. 2, pp. 199-207, viewed 1 Feb. 2023, https://doi.org/10.26650/acin.1142806


Harvard: Author-Date Style

Özkan, Y. (2022) ‘Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method’, Acta Infologica, 6(2), pp. 199-207. https://doi.org/10.26650/acin.1142806 (1 Feb. 2023).


MLA

Özkan, Yalçın,. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method.” Acta Infologica, vol. 6, no. 2, 2022, pp. 199-207. [Database Container], https://doi.org/10.26650/acin.1142806


Vancouver

Özkan Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica [Internet]. 1 Feb. 2023 [cited 1 Feb. 2023];6(2):199-207. Available from: https://doi.org/10.26650/acin.1142806 doi: 10.26650/acin.1142806


ISNAD

Özkan, Yalçın. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method”. Acta Infologica 6/2 (Feb. 2023): 199-207. https://doi.org/10.26650/acin.1142806



TIMELINE


Submitted09.07.2022
Accepted14.10.2022
Published Online18.11.2022

LICENCE


Attribution-NonCommercial (CC BY-NC)

This license lets others remix, tweak, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.


SHARE




Istanbul University Press aims to contribute to the dissemination of ever growing scientific knowledge through publication of high quality scientific journals and books in accordance with the international publishing standards and ethics. Istanbul University Press follows an open access, non-commercial, scholarly publishing.