정보처리학회논문지:소프트웨어 및 데이터공학 (KIPS Transactions on Software and Data Engineering)

  • 제8권12호
  • /
  • Pages.483-490
  • /
  • 2019
  • /
  • 2287-5905(pISSN)
  • /
  • 2734-0503(eISSN)
한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

IOT 환경에서의 오토인코더 기반 특징 추출을 이용한 네트워크 침입탐지 시스템

Network Intrusion Detection System Using Feature Extraction Based on AutoEncoder in IOT environment

  • 투고 : 2019.04.22
  • 심사 : 2019.07.30
  • 발행 : 2019.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

네트워크 침입 탐지 시스템(NIDS)에서 분류의 기능은 상당히 중요하며 탐지 성능은 다양한 특징에 따라 달라진다. 최근 딥러닝에 대한 연구가 많이 이루어지고 있으나 네트워크 침입탐지 시스템에서는 많은 수의 트래픽과 고차원의 특징으로 인하여 속도가 느려지는 문제점이 있다. 따라서 딥러닝을 분류에 사용하는 것이 아니라 특징 추출을 위한 전처리 과정으로 사용하며 추출한 특징을 기반으로 분류하는 연구 방법을 제안한다. 딥러닝의 대표적인 비지도 학습인 Stacked AutoEncoder를 사용하여 특징을 추출하고 Random Forest 분류 알고리즘을 사용하여 분류한 결과 분류 성능과 탐지 속도의 향상을 확인하였다. IOT 환경에서 수집한 데이터를 이용하여 정상 및 공격트래픽을 멀티클래스로 분류하였을 때 99% 이상의 성능을 보였으며, AE-RF, Single-RF와 같은 다른 모델과 비교하였을 때도 성능 및 탐지속도가 우수한 것으로 나타났다.

In the Network Intrusion Detection System (NIDS), the function of classification is very important, and detection performance depends on various features. Recently, a lot of research has been carried out on deep learning, but network intrusion detection system experience slowing down problems due to the large volume of traffic and a high dimensional features. Therefore, we do not use deep learning as a classification, but as a preprocessing process for feature extraction and propose a research method from which classifications can be made based on extracted features. A stacked AutoEncoder, which is a representative unsupervised learning of deep learning, is used to extract features and classifications using the Random Forest classification algorithm. Using the data collected in the IOT environment, the performance was more than 99% when normal and attack traffic are classified into multiclass, and the performance and detection rate were superior even when compared with other models such as AE-RF and Single-RF.

키워드

참고문헌

  1. I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, M. Zohdy and H. Ming, "AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning," 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp.305-310, 2019.
  2. Yu Su, Kaiyue Qi, Chong Di, Yinghua Ma, and Shenghong Li, "Learning Automata based Feature Selection for Network Traffic Intrusion Detection," 2018 IEEE Third International Conference on Data Science in Cyberspace, pp.622-627, 2018.
  3. Marzieh Bitaab and Sattar Hashemi, "Hybrid Intrusion Detection: Combining Decision Tree and Gaussian Mixture Model," 2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp.8-12, 2017.
  4. Saeid Soheily-Khah, Pierre-Francois Marteau and Nicolas Bechet, "Intrusion Detection in Network Systems Through Hybrid Supervised and Unsupervised Machine Learning Process: A Case Study on the ISCX Dataset," International Conference on Data Intelligence and Security, pp.219-226, 2018.
  5. Xiaoming Ye, Xingshu Chen, Dunhu Liu, Wenxian Wang, Li Yang, Gang Liang and Guolin Shao, "Efficient Feature Extraction using Apache Spark for Network Behavior Anomaly Detection," Tsinghua Science and Technology, Vol.23, No.5, pp.561-573, 2018. https://doi.org/10.26599/TST.2018.9010021
  6. Ahmad I., Basheri M., Iqbal MJ. and Rahim A., "Performance Comparison of Support Vector Machine, Random Forest, and Extreme Learning Machine for Intrusion Detection," IEEE Access, Vol.6, pp.33789-33795, 2018. https://doi.org/10.1109/ACCESS.2018.2841987
  7. K. Park, Y. Song and Y. Cheong, "Classification of Attack Types for Intrusion Detection Systems Using a Machine Learning Algorithm," Proc. of 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), pp.282-286, 2018.
  8. INGHAO YAN and GUODONG HAN, "Effective Feature Extraction via Stacked Sparse Autoencoder to Improve Intrusion Detection System," IEEE Access, Vol.6, pp.41238- 41248, 2018. https://doi.org/10.1109/ACCESS.2018.2858277
  9. Mehdi Mohammadi, Ala Al-Fuqaha, Mohsen Guizani and Jun-Seok Oh, "Semisupervised Deep Reinforcement Learning in Support of IoT and Smart City Services," IEEE Internet of Things Journal, Vol.5, No.2, pp.624-635, 2018. https://doi.org/10.1109/JIOT.2017.2712560
  10. Monika Roopak, Gui Yun Tian and Jonathon Chambers, "Deep Learning Models for Cyber Security in IoT Networks," 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp.452-457, 2019.
  11. Imtiaz Ullah and Qusay H. Mahmoud, "A Two-Level Hybrid Model for Anomalous Activity Detection in IoT Networks," 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp.1-6, 2019.
  12. Machine Learning Repository [Internet], https://archive.ics.uci.edu/ml/datasets/detection_of_IoT_botnet _attacks_N_BaIoT
  13. Igor Kotenko, Igor Sanko and Alexander Branitskiy, "Framework for Mobile Internet of Things Security Monitoring Based on Big Data Processing and Machine Learning," IEEE ACCESS, Vol.6, pp.72714-72723, 2018. https://doi.org/10.1109/ACCESS.2018.2881998
  14. H. Chae and S. H. Choi, "Feature Selection for efficient Intrusion Detection using Attribute Ratio," International Journal of Computers and Communications, Vol.8, pp. 134-139, 2014.
  15. R. Datti and S. Lakhina, "Performance Comparison of Features Reduction Techniques for Intrusion Detection System," International Journal of Computer Science And Technology, Vol.3, No.1, pp.332-335, 2012.
  16. Al-Qatf MAjjed, Lasheng Yu, Al-Habib Mohammed, and Al-Sabahi Kamal, "Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection," IEEE Access, Vol.6, pp.52843-52856, 2018. https://doi.org/10.1109/ACCESS.2018.2869577
  17. Zhaomin Chen, Chai Kiat Yeo, Bu Sung Lee and Chiew Tong Lau, "Autoencoder-based Network Anomaly Detection," 2018 Wireless Telecommunications Symposium (WTS), pp.1-5, 2018.
  18. S. Squartini, A. Hussain and F. Piazza, "Preprocessing Based Solution for the Vanishing Gradient Problem in Recurrent Neural Networks," Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03. pp.713-716, 2003.
  19. Tie Luo and Sai G. Nagarajan, "Distributed Anomaly Detection using Autoencoder Neural Networks in WSN for IoT," 2018 IEEE International Conference on Communications (ICC), pp.1-6, 2018
  20. Imanol Bilbao and Javier Bilbao, "Overfitting Problem and the Over-training in the Era of Data: Particularly for Artificial Neural Networks," 2017 Eighth International Conference on Intelligent Computing and Information Systems (ICICIS), pp.173-177, 2017.
  21. Telmo Amaral, Luis M. Silva, Luis A. Alexandre, Chetak Kandaswamy, Jorge M. Santos and Chetak Kandaswamy, "Using Different Cost Functions to Train Stacked Auto-Encoders," 2013 12th Mexican International Conference on Artificial Intelligence, pp.114-120, 2013.
  22. J. Zhang and M. Zulkernine, "A Hybrid Network Intrusion Detection Technique using Random Forests," First International Conference on Availability, Reliability and Security (ARES'06), pp.262-269, 2006.
  23. Marcin Mizianty, Lukasz Kurgan and Marek Ogiela, "Comparative Analysis of the Impact of Discretization on the Classification with Naive Bayes and Semi-Naïve Bayes Classifiers," 2008 Seventh International Conference on Machine Learning and Applications, pp.823-828, 2008.
  24. Jianxin Wu and Hao Yang, "Linear Regression-Based Efficient SVM Learning for Large-Scale Classification," IEEE Transactions on Neural Networks and Learning Systems, Vol.26, No.10, pp.2357-2369, 2015. https://doi.org/10.1109/TNNLS.2014.2382123
  25. Iman Sharafaldin, Arash Habibi Lashkari and Ali A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pp.108-116, 2018.