An Efficient Hyperparameter Control Method for a Network Intrusion Detection System Based on Proximal Policy Optimization

The complexity of network intrusion detection systems (IDSs) is increasing due to the continuous increases in network traffic, various attacks and the ever-changing network environment. In addition, network traffic is asymmetric with few attack data, but the attack data are so complex that it is difficult to detect one. Many studies on improving intrusion detection performance using feature engineering have been conducted. These studies work well in the dataset environment; however, it is challenging to cope with a changing network environment. This paper proposes an intrusion detection hyperparameter control system (IDHCS) that controls and trains a deep neural network (DNN) feature extractor and k-means clustering module as a reinforcement learning model based on proximal policy optimization (PPO). An IDHCS controls the DNN feature extractor to extract the most valuable features in the network environment, and identifies intrusion through k-means clustering. Through iterative learning using the PPO-based reinforcement learning model, the system is optimized to improve performance automatically according to the network environment, where the IDHCS is used. Experiments were conducted to evaluate the system performance using the CICIDS2017 and UNSW-NB15 datasets. In CICIDS2017, an F1-score of 0.96552 was achieved and UNSW-NB15 achieved an F1-score of 0.94268. An experiment was conducted by merging the two datasets to build a more extensive and complex test environment. By merging datasets, the attack types in the experiment became more diverse and their patterns became more complex. An F1-score of 0.93567 was achieved in the merged dataset, indicating 97% to 99% performance compared with CICIDS2017 and UNSW-NB15. The results reveal that the proposed IDHCS improved the performance of the IDS by automating learning new types of attacks by managing intrusion detection features regardless of the network environment changes through continuous learning.

Modeling and Profiling of Aggregated Industrial Network Traffic

The industrial network infrastructures are transforming to a horizontal architecture to enable data availability for advanced applications and enhance flexibility for integrating new technologies. The uninterrupted operation of the legacy systems needs to be ensured by safeguarding their requirements in network configuration and resource management. Network traffic modeling is essential in understanding the ongoing communication for resource estimation and configuration management. The presented work proposes a two-step approach for modeling aggregated traffic classes of brownfield installation. It first detects the repeated work-cycles and then aims to identify the operational states to profile their characteristics. The performance and influence of the approach are evaluated and validated in two experimental setups with data collected from an industrial plant in operation. The comparative results show that the proposed method successfully captures the temporal and spatial dynamics of the network traffic for characterization of various communication states in the operational work-cycles.

Detection of IoT based DDoS Attacks by Network Traffic Analysis using Feedforward Neural Networks

In this paper an optimized feedforward neural network model is proposed for detection of IoT based DDoS attacks by network traffic analysis aimed towards a specific target which could be constantly monitored by a tap. The proposed model is applicable for DoS and DDoS attacks which consist of TCP, UDP and HTTP flood and also against keylogging, data exfiltration, OS fingerprint and service scan activities. It simply differentiates such kind of network traffic from normal network flows. The neural network uses Adam optimization as a solver and the hyperbolic tangent activation function in all neurons from a single hidden layer. The number of hidden neurons could be varied, depending on targeted accuracy and processing speed. Testing over the Bot IoT dataset reveals that developed models are applicable using 8 or 10 features and achieved discrimination error of 4.91.10-3%.

Intelligent Network Traffic Control Based on Deep Reinforcement Learning

This paper studies the problems of load balancing and flow control in data center network, and analyzes several common flow control schemes in data center intelligent network and their existing problems. On this basis, the network traffic control problem is modeled with the goal of deep reinforcement learning strategy optimization, and an intelligent network traffic control method based on deep reinforcement learning is proposed. At the same time, for the flow control order problem in deep reinforcement learning algorithm, a flow scheduling priority algorithm is proposed innovatively. According to the decision output, the corresponding flow control and control are carried out, so as to realize the load balance of the network. Finally, experiments show, the network traffic bandwidth loss rate of the proposed intelligent network traffic control method is low. Under the condition of random 60 traffic density, the average bisection bandwidth obtained by the proposed intelligent network traffic control method is 4.0mbps and the control error rate is 2.25%. The intelligent network traffic control method based on deep reinforcement learning has high practicability in the practical application process, and fully meets the research requirements.

Network intrusion detection using oversampling technique and machine learning algorithms

The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.