Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model

The rapid growth of network-related services in the last decade has produced a huge amount of sensitive data on the internet. But networks are very much prone to intrusions where unauthorized users attempt to access sensitive information and even disrupt the system. Building a competent network intr...

Full description

Saved in:
Bibliographic Details
Published in:Computers & electrical engineering Vol. 91; p. 107044
Main Authors: Thakur, Soumyadeep, Chakraborty, Anuran, De, Rajonya, Kumar, Neeraj, Sarkar, Ram
Format: Journal Article
Language:English
Published: Amsterdam Elsevier Ltd 01.05.2021
Elsevier BV
Subjects:
Algorithms
Autoencoder
CICIDS2017 dataset
Class imbalance
Classification
Cyber-physical systems
Data points
Datasets
Deep learning
Feature extraction
Intrusion detection
Intrusion detection systems
Machine learning
Network intrusion
Source code
Deep learning
CICIDS2017 dataset
Autoencoder
Class imbalance
Network intrusion
Intrusion detection
ISSN:0045-7906, 1879-0755
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The rapid growth of network-related services in the last decade has produced a huge amount of sensitive data on the internet. But networks are very much prone to intrusions where unauthorized users attempt to access sensitive information and even disrupt the system. Building a competent network intrusion detection system (IDS) is necessary to prevent such attacks. IDSs generally use machine learning algorithms for classifying the attacks. But the features used for classification are not always suitable or sufficient. Besides, the number of intrusions is much less than the number of non-intrusions. Hence naive approaches may fail to provide acceptable performance due to this class imbalance. To counter this problem, in this paper, we propose a model that extracts useful features from the given features and then uses a deep learning algorithm to classify the intrusions. It is to be noted that underlying data points cannot be thought of as sampled from the same distribution, rather from two different distributions - one generic to all network intrusions, and the other specific to the domain. Keeping this fact in mind, we propose a unique Generic-Specific autoencoder architecture where the generic one learns the features that are common across all forms of network intrusions, and the specific ones learn features that are pertaining only to that domain. The model has been evaluated on the CICIDS2017 dataset, which is the largest dataset of this type available online, and we have set new benchmark results on this dataset. Source code of this work is available at: https://github.com/SoumyadeepThakur/Intrusion-AE
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2021.107044