Abstract
Given the significant increase in cyberattacks and attempts to gain unauthorized access to systems and information, Network Intrusion Detection Systems (NIDS) have become essential tools for their detection. Anomaly-based systems apply machine learning techniques with the goal of being able to distinguish between normal and abnormal traffic. To this end, they use training datasets that have been previously labeled, which allow them to learn how to detect anomalies in future data. This work tests Kitsune, one of the state-of-the-art NIDS based on an ensemble of Autoencoders. To do so, four experimental scenarios have been implemented using the UGR’16 dataset. The results obtained not only validate Kitsune as a reliable reference anomaly detector although is very sensitive to poisoned data, but also reveal new and potential anomalous behaviors that have not been identified until to date.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
KitNET link: https://github.com/ymirsky/KitNET-py.
References
De la Hoz, E., De la Hoz, E.M., Ortiz, A., Ortega, J.: Modelo de detección de intrusiones en sistemas de red, realizando selección de características con FDR y entrenamiento y clasificación con SOM. Revista INGE CUC 8, 85–116 (2012)
Othman, S.M., Alsohybe, N.T., Ba-Alwi, F.M., Zahary, A.T.: Survey on intrusion detection system types. Int. J. Cyber-Secur. Digital Forensics 7(4), 444–463 (2018)
Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Network Comput. Appl. 36(1), 16–24 (2013)
Thottan, M., Liu, G., Ji, C.: Anomaly detection approaches for communication networks. Algorithms for Next Generation Networks, pp. 239–261 (2010)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Fernandes, G., Rodrigues, J.J.P.C., Carvalho, L.F., Al-Muhtadi, J.F., Proença, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2019)
Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Network Comput. Appl. 60, 19–31 (2016)
Shyu, M.-L., Chen, S.-C., Sarinnapakorn, K., Chang, L.: A novel anomaly detection scheme based on principal component classifier. In: Proceedings of International Conference on Data Mining (2003)
Swarnkar, M., Hubballi, N.: OCPAD: One class Naive Bayes classifier for payload based anomaly detection. Expert Syst. Appl. 64, 330–339 (2016)
Wang, H., Gu, J., Wang, S.: An effective intrusion detection framework based on SVM with feature augmentation. Knowl.-Based Syst. 136, 130–139 (2017)
Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 22(1), 949–961 (2019)
Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M., Han, K.: Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48 231–248 (2018). 246, 2018, conference Name: IEEE Access
Aygun, R.C., Yavuz, A.G.: Network anomaly detection with stochastically improved autoencoder based models. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 193–198, June 2017
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Network and Distributed System Security Symposium (2018)
Yilmaz, I., Masum, R.: Expansion of cyber attack data from unbalanced datasets using generative techniques. arXiv preprint arXiv:1912.04549 (2019)
Yasin, S.M.A.: Anomaly-based network intrusion detection system using deep neural networks (anids-dnn), Ph.D. dissertation, Al-Quds University (2023)
Yilmaz, I., Masum, R., Siraj, A.: Addressing imbalanced data problem with generative adversarial network for intrusion detection. In: 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), pp. 25–30. IEEE (2020)
Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: Ugr ‘16: a new dataset for the evaluation of cyclostationarity-based network idss. Comput. Secur. 73, 411–424 (2018)
García Fuentes, M.N.: Multivariate Statistical Network Monitoring for Network Security based on Principal Component Analysis. Universidad de Granada, 2021, accepted: 2021–04-14T08:40:39Z. [Online]. https://digibug.ugr.es/handle/10481/67941
Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10(5), 1775 (2020)
Camacho, J., Maciá-Fernández, G., Díaz-Verdejo, J., García-Teodoro: Tackling the big data 4 vs for anomaly detection. In: 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 500–505 (2014)
Camacho, J.: “FCParser.” https://github.com/josecamachop/FCParser (2017)
Powers, D.M.: Evaluation: from precision, recall and f-measure to roc, informedness, markedness and correlation (2020). arXiv preprint arXiv:2010.16061
Acknowledgments
This work has been partially funded by the SICRAC (PID2020-114495RB-I00) and ANIMaLICoS (PID2020-113462RB-I00) projects of the Spanish Ministry of Science, Innovation and Universities and the PPJIA2022-51 and PPJIA2022-52 projects from the University of Granada’s own funding plan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Medina-Arco, J.G., Magán-Carrión, R., Rodríguez-Gómez, R.A. (2023). Exploring Hidden Anomalies in UGR’16 Network Dataset with Kitsune. In: Larsen, H.L., Martin-Bautista, M.J., Ruiz, M.D., Andreasen, T., Bordogna, G., De Tré, G. (eds) Flexible Query Answering Systems. FQAS 2023. Lecture Notes in Computer Science(), vol 14113. Springer, Cham. https://doi.org/10.1007/978-3-031-42935-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-42935-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42934-7
Online ISBN: 978-3-031-42935-4
eBook Packages: Computer ScienceComputer Science (R0)