Abstract
The number of connected devices to Internet is growing every year, making almost everything in touch. However, this scenario increase the probability of systems and communications of suffering security attacks since the attack surface increases proportionally. To counteract against security attacks and threats Network Intrusion Detection Systems (NIDSs) are one of the most used security defenses nowadays. They rely on the use of predefined dataset’s for their training and evaluation. However, datasets inner characteristics directly affect the robustness, reliability and performance of NIDSs. In this work, we propose the use of a Variational Autoencoder (VAE) to accurately generate network topologies. For that, we consider the IP addresses as a categorical information to generate them. Previous works avoid to use IPs to generate synthetic network samples thus losing relevant contextual information for NIDSs. Results show the feasibility of the proposed system to mimic the Neris Botnet behavior and characterizing its node roles.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015)
Alshammari, R., Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput. Netw. 55(6), 1326–1350 (2011)
Bakker, B.: Reinforcement learning with long short-term memory. In: Dietterich, T., Becker, S., Ghahramani, Z. (eds.) Advances in Neural Information Processing Systems, vol. 14. MIT Press (2001)
Barua, S., Islam, M.M., Yao, X., Murase, K.: MWMOTE-majority weighted minority oversampling technique for imbalanced data set learning. IEEE Trans. Knowl. Data Eng. 26(2), 405–425 (2014)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
Cisco: Cisco Annual Internet Report (2018–2023) White Paper (2020). https://bit.ly/3jpAgNx
Dablain, D., Krawczyk, B., Chawla, N.V.: DeepSMOTE: fusing deep learning and smote for imbalanced data. IEEE Trans. Neural Netw. Learn. Syst. 1–15 (2022)
Engelmann, J., Lessmann, S.: Conditional Wasserstein GAN-based oversampling of tabular data for imbalanced learning. Expert Syst. Appl. 174, 114582 (2021)
ENISA: ENISA Threat Landscape (2020) White Paper (2020). https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020
Fajardo, V.A., et al.: On oversampling imbalanced data with deep conditional generative models. Expert Syst. Appl. 169, 114463 (2021)
He, H., Bai, Y., Garcia, E.A., Li, S.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322–1328 (2008)
Kingma, D.P., Welling, M.: Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013)
Lab, S.: CTU-13 Dataset. Capture 42. Neris botnet (2011)
Lim, S.K., Loo, Y., Tran, N.T., Cheung, N.M., Roig, G., Elovici, Y.: Doping: generative data augmentation for unsupervised anomaly detection with GAN. In: 2018 IEEE International Conference on Data Mining (ICDM), pp. 1122–1127 (2018)
Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: UGR’16: a new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018). https://doi.org/10.1016/j.cose.2017.11.004
Magán-Carrión, R., Urda, D., Diaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10(5) (2020)
Medina, A., Lakhina, A., Matta, I., Byers, J.: Brite: an approach to universal topology generation. In: Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, MASCOTS 2001, pp. 346–353. IEEE (2001)
Sterbenz, J.P., Çetinkaya, E.K., Hameed, M.A., Jabbar, A., Qian, S., Rohrer, J.P.: Evaluation of network resilience, survivability, and disruption tolerance: analysis, topology generation, simulation, and experimentation. Telecommun. Syst. 52(2), 705–736 (2013)
Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, vol. 30 (2017)
Vu, L., Bui, C.T., Nguyen, Q.U.: A deep learning based method for handling imbalanced problem in network traffic classification. In: Proceedings of the Eighth International Symposium on Information and Communication Technology, SoICT 2017, pp. 333–339. Association for Computing Machinery, New York (2017)
Xiong, P., Buffett, S., Iqbal, S., Lamontagne, P., Mamun, M., Molyneaux, H.: Towards a robust and trustworthy machine learning system development: an engineering perspective. J. Inf. Secur. Appl. 65, 103121 (2022)
Acknowledgments
This work has been partially funded by the SICRAC project (PID2020-114495RB-I00) of the Ministerio de Ciencia, Innovación y Universidades, as well as the projects PID2020-113462RB-I00 (ANIMALICOS), funded by the Ministerio de Economía y Competitividad, P18-RT-4830 and A-TIC-608-UGR20 funded by Junta de Andalucía, and the project B-TIC-402-UGR18 (FEDER and Junta de Andalucía).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Álvarez-Terribas, F., Magán-Carrión, R., Maciá-Fernández, G., Mora García, A.M. (2023). A Deep Learning-Based Approach for Mimicking Network Topologies: The Neris Botnet as a Case of Study. In: García Bringas, P., et al. International Joint Conference 15th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2022) 13th International Conference on EUropean Transnational Education (ICEUTE 2022). CISIS ICEUTE 2022 2022. Lecture Notes in Networks and Systems, vol 532. Springer, Cham. https://doi.org/10.1007/978-3-031-18409-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-18409-3_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18408-6
Online ISBN: 978-3-031-18409-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)