Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model

The rapid growth of network-related services in the last decade has produced a huge amount of sensitive data on the internet. But networks are very much prone to intrusions where unauthorized users attempt to access sensitive information and even disrupt the system. Building a competent network intr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & electrical engineering Jg. 91; S. 107044
Hauptverfasser: Thakur, Soumyadeep, Chakraborty, Anuran, De, Rajonya, Kumar, Neeraj, Sarkar, Ram
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Amsterdam Elsevier Ltd 01.05.2021
Elsevier BV
Schlagworte:
Algorithms
Autoencoder
CICIDS2017 dataset
Class imbalance
Classification
Cyber-physical systems
Data points
Datasets
Deep learning
Feature extraction
Intrusion detection
Intrusion detection systems
Machine learning
Network intrusion
Source code
Deep learning
CICIDS2017 dataset
Autoencoder
Class imbalance
Network intrusion
Intrusion detection
ISSN:0045-7906, 1879-0755
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The rapid growth of network-related services in the last decade has produced a huge amount of sensitive data on the internet. But networks are very much prone to intrusions where unauthorized users attempt to access sensitive information and even disrupt the system. Building a competent network intrusion detection system (IDS) is necessary to prevent such attacks. IDSs generally use machine learning algorithms for classifying the attacks. But the features used for classification are not always suitable or sufficient. Besides, the number of intrusions is much less than the number of non-intrusions. Hence naive approaches may fail to provide acceptable performance due to this class imbalance. To counter this problem, in this paper, we propose a model that extracts useful features from the given features and then uses a deep learning algorithm to classify the intrusions. It is to be noted that underlying data points cannot be thought of as sampled from the same distribution, rather from two different distributions - one generic to all network intrusions, and the other specific to the domain. Keeping this fact in mind, we propose a unique Generic-Specific autoencoder architecture where the generic one learns the features that are common across all forms of network intrusions, and the specific ones learn features that are pertaining only to that domain. The model has been evaluated on the CICIDS2017 dataset, which is the largest dataset of this type available online, and we have set new benchmark results on this dataset. Source code of this work is available at: https://github.com/SoumyadeepThakur/Intrusion-AE
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2021.107044