Browse > Article
http://dx.doi.org/10.7236/JIIBC.2020.20.3.1

LSTM Model based on Session Management for Network Intrusion Detection  

Lee, Min-Wook (Dept of Information Security, Agency for Defense Development)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.20, no.3, 2020 , pp. 1-7 More about this Journal
Abstract
With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.
Keywords
Anomaly Session Inspection; IDS; Long Short-Term Mmemory; Machine Learning;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Christiaan Beek, Taylor Dunton, John Fokker, Steve Grobman, Tim Hux, Tim Polzer, Marc Rivero Lopez, Thomas Roccia, Jessica Saavedra-Morales, Raj Samani,Ryan Sherstobitof, ,McAfee Labs Thread Report 2019, Aug 2019 DOI:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf
2 Um, J.G., Kwon, H. Y., "Model Proposal for Detection Method of Cyber Attack using SIEM", The journal of the institute of internet, broadcasting and communication(JIIBC), vol. 16, no. 6, pp. 43-54, Dec. 2016. DOI: http://dx.doi.org/10.7236/JIIBC.2016.16.6.43   DOI
3 Jeon, D. J., Park, D.G., "Real-time Linux Malware Detection Using Machine Learning," The Journal of Korean Institute of Information Technology(JKIIT), vol. 17, no. 7, pp. 111-122, Jul. 2019. DOI: http://dx.doi.org/10.14801/jkiit.2019.17.7.111   DOI
4 Lim, W. G., Kwon, K. H., Kim, J. J., Lee, J. E., Cha, S. H., "Comparison and Analysis of Anomaly Detection Methods for Detecting Data Exfiltration" Journal of the Korea Academia Industrial cooperation Society(JKAIS), vol. 17, no. 9, pp. 440-446, Sep. 2016. DOI: http://dx.doi.org/10.5762/KAIS.2016.17.9.440   DOI
5 Muda, Z., Yassin, W., Sulaiman, M. N., & Udzir, N. I., A K-Means and Naive Bayesian learning approach for better intrusion detection. Information technology journal, 10(3), pp. 648-655, 2011 DOI: https://doi.org/10.3923/itj.2011   DOI
6 Liao, Yihua, and V. Rao Vemuri, Use of k-nearest neighbor classifier for intrusion detection, Computers & Security 21.5, pp.439-448, 2002. DOI : https://doi.org/10.1016/S0167-4048(02)00514-X   DOI
7 Farnaaz, N., & Jabbar, M. A. Random forest modeling for network intrusion detection system. Procedia Computer Science, 89(1), pp. 213-217. 2016. DOI: https://doi.org/10.1016/j.procs.2016.06.047
8 Yin, C., Zhu, Y., Fei, J., & He, X. A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5, pp. 21954-21961, 2017. DOI: https://doi.org/10.1109/ACCESS.2017.2762418   DOI
9 Kim, J., Kim, J., Thu, H. L. T., & Kim, H, Long Short-Term memory recurrent neural network classifier for intrusion detection. In 2016 International Conference on Platform Technology and Service (PlatCon) pp. 1-5, Feb, 2016. DOI: https://doi.org/10.1109/PlatCon.2016.7456805
10 Chan, P. K., & Mahoney, M. V. Detecting Novel Attacks by Identifying Anomalous Network Packet Headers. Florida Tech., 2001 DOI: http://hdl.handle.net/11141/87
11 Zhang, C., Ruan, F., Yin, L., Chen, X., Zhai, L., & Liu, F. A Deep Learning Approach for Network Intrusion Detection Based on NSL-KDD Dataset. In 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID) pp. 41-45. Oct, 2019. DOI: https://doi.org/10.1109/ICASID.2019.8925239
12 Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., & Lee, W. McPAD: A multiple classifier system for accurate payload-based anomaly detection. Computer networks, 53(6), pp. 864-881, 2009. DOI: https://doi.org/10.1016/j.comnet.2008.11.011   DOI
13 Liu, H., Lang, B., Liu, M., & Yan, H. CNN and RNN based payload classification methods for attack detection. Knowledge-Based Systems, 163, pp. 332-341. 2019. DOI: https://doi.org/10.1016/j.knosys.2018.08.036   DOI
14 Wang, K., & Stolfo, S. J. Anomalous payload-based network intrusion detection. In International workshop on recent advances in intrusion detection pp. 203-222. Sep, 2004. DOI: https://doi.org/10.1007/978-3-540-30143-1_11
15 Chadza, T., Kyriakopoulos, K. G., & Lambotharan, S. Contemporary Sequential Network Attacks Prediction using Hidden Markov Model. In 2019 17th International Conference on Privacy, Security and Trust (PST) pp. 1-3, Aug 2019. DOI: https://doi.org/10.1109/PST47121.2019.8949035
16 Yu, Y., Long, J., & Cai, Z. Session-based network intrusion detection using a deep learning architecture. In International Conference on Modeling Decisions for Artificial Intelligence, pp. 144-155. Oct, 2017. DOI: https://doi.org/10.1007/978-3-319-67422-3_13
17 Hochreiter, S., & Schmidhuber, J. Long short-term memory. Neural computation, 9(8), pp. 1735-1780. 1997. DOI: https://doi.org/10.1162/neco.1997.9.8.1735   DOI
18 Communications Security Establishment & Canadian Institute for Cybersecurity ,CSE-CIC-IDS2018 DATASET, https://www.unb.ca/cic/datasets/ids-2018.html
19 Sung, A. H., Mukkamala, S. The feature selection and intrusion detection problems. In Annual Asian Computing Science Conference, pp. 468-482. Dec, 2004. DOI: https://doi.org/10.1007/978-3-540-30502-6_34