Skip to main content
SpringerLink
Log in

Beta-Hebbian Learning for Visualizing Intrusions in Flows

  • Conference paper
  • First Online:
13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) (CISIS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1267))

Abstract

The present research work focuses on Intrusion Detection (ID), identifying “anomalous” patterns that may be related to an attack to a system or a network. In order to detect such anomalies, this present paper proposes the visualization of network flows for ID by applying a novel neural method called Beta Hebbian Learning (BHL). Four real-life traffic segments from the University of Twente datasets have been analysed by means of the BHL. Such datasets were gathered from a honeypot directly connected to the Internet so it is guaranteed that it contains real-attack data. Results obtained by BHL provide clear evidence of the ID System clearly separating the different types of attacks present in each dataset and outperforming other well-known projection algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Berro, A., Larabi Marie-Sainte, S., Ruiz-Gazen, A.: Genetic algorithms and particle swarm optimization for exploratory projection pursuit. Ann. Math. Artif. Intell. 60, 153–178 (2010)

    Article  MathSciNet  Google Scholar 

  2. Casteleiro-Roca, J.L., Gómez-González, J.F., Calvo-Rolle, J.L., Jove, E., Quintián, H., Gonzalez Diaz, B., Mendez Perez, J.A.: Short-term energy demand forecast in hotels using hybrid intelligent modeling. Sensors 19(11), 2485 (2019)

    Google Scholar 

  3. Casteleiro-Roca, J.L., Jove, E., Sánchez-Lasheras, F., Méndez-Pérez, J.A., Calvo-Rolle, J.L., de Cos Juez, F.J.: Power cell SOC modelling for intelligent virtual sensor implementation. J. Sens. 2017 (2017)

    Google Scholar 

  4. Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. IJPRAI 17, 1447–1466 (2003)

    Google Scholar 

  5. Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11(2), 2042–2056 (2011). https://doi.org/10.1016/j.asoc.2010.07.002

    Article  Google Scholar 

  6. Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inform. Secur. Appl. 50, 102419 (2020). http://www.sciencedirect.com/science/article/pii/S2214212619305046

  7. González, A., Herrero, Á., Corchado, E.: Neural visualization of android malware families. In: Proceedings of the International Joint Conference SOCO’16-CISIS’16-ICEUTE’16, pp. 574–583 (2016). https://doi.org/10.1007/978-3-319-47364-2_56

  8. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR), June 2016

    Google Scholar 

  9. Herrero, Á., Zurutuza, U., Corchado, E.: A neural-visualization IDS for honeynet data. Int. J. Neural Syst. 22(2) (2012). https://doi.org/10.1142/S0129065712500050

  10. Jove, E., Alaiz-Moretón, H., García-Rodríguez, I., Benavides-Cuellar, C., Casteleiro-Roca, J.L., Calvo-Rolle, J.L.: PID-ITS: An intelligent tutoring system for pid tuning learning process. In: Proceedings of the International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6–8, 2017, pp. 726–735. Springer (2017)

    Google Scholar 

  11. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: A fault detection system based on unsupervised techniques for industrial control loops. Exp. Syst. 36(4), e12395 (2019)

    Google Scholar 

  12. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Méndez-Pérez, J.A., Calvo-Rolle, J.L.: Anomaly detection based on intelligent techniques over a bicomponent production plant used on wind generator blades manufacturing. Revista Iberoamericana de Automática e Informática industrial (2020)

    Google Scholar 

  13. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Pérez, J.A.M., Calvo-Rolle, J.L.: A new approach for system malfunctioning over an industrial system control loop based on unsupervised techniques. In: Proceedings of the International Joint Conference SOCO’18-CISIS’18-ICEUTE’18 - San Sebastián, Spain, June 6–8, 2018, pp. 415–425 (2018). https://doi.org/10.1007/978-3-319-94120-2_40

  14. Jove, E., Casteleiro-Roca, J.L., Quintián, H., Pérez, J.A.M., Calvo-Rolle, J.L.: A fault detection system based on unsupervised techniques for industrial control loops. Exp. Syst. 36(4) (2019). https://doi.org/10.1111/exsy.12395

  15. Jove, E., Gonzalez-Cava, J.M., Casteleiro-Roca, J.L., Pérez, J.A.M., Calvo-Rolle, J.L., de Cos Juez, F.J.: An intelligent model to predict ANI in patients undergoing general anesthesia. In: Proceedings of the International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6–8, 2017, pp. 492–501. Springer (2017)

    Google Scholar 

  16. Luis Casteleiro-Roca, J., Quintián, H., Luis Calvo-Rolle, J., Méndez-Pérez, J.A., Javier Perez-Castelo, F., Corchado, E.: Lithium iron phosphate power cell fault detection system based on hybrid intelligent system. Logic J. IGPL 28(1), 71–82 (2020). https://doi.org/10.1093/jigpal/jzz072

  17. Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10(5), 1775 (2020)

    Google Scholar 

  18. Marrero, A., Méndez, J., Reboso, J., Martín, I., Calvo, J.: Adaptive fuzzy modeling of the hypnotic process in anesthesia. J. Clin. Monit. Comput. 31(2), 319–330 (2017)

    Article  Google Scholar 

  19. Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Fut. Gener. Comput. Syst. 36, 122–132 (2014).https://doi.org/10.1016/j.future.2013.09.014

  20. Park, W., Lee, K., Cho, K., Ryu, W.: Analyzing and detecting method of android malware via disassembling and visualization. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 817–818 (2014). https://doi.org/10.1109/ICTC.2014.6983300

  21. Paturi, A., Cherukuri, M., Donahue, J., Mukkamala, S.: Mobile malware visual analytics and similarities of attack toolkits (malware gene analysis). In: 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 149–154 (2013). https://doi.org/10.1109/CTS.2013.6567221

  22. Quintián, H., Corchado, E.: Beta hebbian learning as a new method for exploratory projection pursuit. Int. J. Neural Syst. 27(6), 1–16 (2017). https://doi.org/10.1142/S0129065717500241

  23. Raúl Sánchez, A.H., Corchado, E.: Visualization and clustering for snmp intrusion detection. Cybern. Syst. 44(6–7), 505–532 (2013). https://doi.org/10.1080/01969722.2013.803903

  24. Sánchez, R., Herrero, A., Corchado, E.: Clustering extension of MOVICAB-IDS to distinguish intrusions in flow-based data. Logic J. IGPL 25(1), 83–102 (2016). https://doi.org/10.1093/jigpal/jzw047

  25. Somarriba, O., Zurutuza, U., Uribeetxeberria, R., Delosieres, L., Nadjm-Tehrani, S.: Detection and visualization of android malware behavior. J. Electric. Comput. Eng. (2016). https://doi.org/10.1155/2016/8034967

  26. Sperotto, A., Sadre, R., Van Vliet, F., Pras, A.: A labeled data set for flow-based intrusion detection. In: International Workshop on IP Operations and Management, pp. 39–50. Springer (2009)

    Google Scholar 

  27. Tomás-Rodríguez, M., Santos, M.: Modelling and control of floating offshore wind turbines. Revista Iberoamericana de Automática e Informática Industrial 16(4) (2019)

    Google Scholar 

  28. Vega, R.V., Chamoso, P., Briones, A.G., Casteleiro-Roca, J.L., Jove, E., Meizoso-López, M., Rodríguez-Gómez, B., Quintián, H., álvaro Herrero, Matsui, K., Corchado, E., Calvo-Rolle, J.: Intrusion detection with unsupervised techniques for network management protocols over smart grids. Appl. Sci. 10, 2276 (2020)

    Google Scholar 

  29. Vega, R.V., Quintián, H., Cambra, C., Basurto, N., Herrero, Á., Calvo-Rolle, J.L.: Delving into android malware families with a novel neural projection method. Complexity 2019, 6101697:1–6101697:10 (2019). https://doi.org/10.1155/2019/6101697

  30. Vega Vega, R., Quintián, H., Calvo-Rolle, J.L., Herrero, Á., Corchado, E.: Gaining deep knowledge of android malware families through dimensionality reduction techniques. Logic J. IGPL (2019, In press). https://doi.org/10.1093/jigpal/jzy030

  31. Vega Vega, R., Quintián, H., Calvo-Rolle, J.L., Herrero, A., Corchado, E.: Gaining deep knowledge of Android malware families through dimensionality reduction techniques. Logic J. IGPL 27(2), 160–176 (2018). https://doi.org/10.1093/jigpal/jzy030

  32. Wagner, M., Fischer, F., Luh, R., Haberson, A., Rind, A., Keim, D.A., Aigner, W.: A survey of visualization systems for malware analysis. In: Eurographics Conference on Visualization (EuroVis) - STARs (2015). https://doi.org/10.2312/eurovisstar.20151114

Download references

Author information

Authors and Affiliations

  1. CTC, Department of Industrial Engineering, University of A Coruña, CITIC, Avda. 19 de febrero s/n, 15405, Ferrol, A Coruña, Spain

    Héctor Quintián, Esteban Jove, José-Luis Casteleiro-Roca & José Luis Calvo-Rolle

  2. Departamento de Ingeniería Informática, Escuela Politécnica Superior, Grupo de Inteligencia Computacional Aplicada (GICAP), Universidad de Burgos, Av. Cantabria s/n, 09006, Burgos, Spain

    Daniel Urda, Ángel Arroyo & Álvaro Herrero

  3. Edificio Departamental, University of Salamanca, Campus Unamuno, 37007, Salamanca, Spain

    Emilio Corchado

Authors
  1. Héctor Quintián
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Esteban Jove
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José-Luis Casteleiro-Roca
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Urda
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ángel Arroyo
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. José Luis Calvo-Rolle
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Héctor Quintián .

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Álvaro Herrero

  2. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Carlos Cambra

  3. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Daniel Urda

  4. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  5. Department of Industrial Engineering, University of A Coruña, La Coruña, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Quintián, H. et al. (2021). Beta-Hebbian Learning for Visualizing Intrusions in Flows. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_42

Download citation

Publish with us

Policies and ethics

Search

Navigation