Skip to main content
SpringerLink
Log in

Automated and Improved Detection of Cyber Attacks via an Industrial IDS Probe

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 679))

Abstract

Network flow classification allows to distinguish normal flows from deviant behaviors. However, given the diversity of the approaches proposed for intrusion detection via IDS probes, an adequate fundamental solution is required. Indeed, most of existing solutions address a specific context which does not allow to assess the efficiency of the proposed models on a different context. Therefore, we propose in this paper an approach for malicious flow detection based on One Dimensional Convolutional Neural Networks (1D-CNN). Our solution extracts features based on the definition of network flows. Thus, it can be common to any network flow classification model. This feature engineering phase is coupled to CNN’s feature detector in order to provide an efficient classification approach. To evaluate its performance, our solution has been evaluated on two different datasets (a recent dataset extracted from a real IBM industrial context and the NSL-KDD dataset that is widely used in the literature). Moreover, a comparison with existing solutions has been provided to NSL-KDD dataset. Attacks in both datasets have been defined using the globally-accessible knowledge base of adversary tactics and techniques MITRE framework. The evaluation results have shown that our proposed solution allows an efficient and accurate classification in both datasets (with an accuracy rate of 94% at least). Moreover, it outperforms existing solutions in terms of classification metrics and execution time as well.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lin, P., et al.: A novel multimodal deep learning framework for encrypted traffic classification. IEEE/ACM Trans. Network. 31, 1369–1384 (2022)

    Article  Google Scholar 

  2. Zhu, X., et al.: Machine-learning-assisted traffic classification of user activities at programmable data plane. In: 23rd Asia-Pacific Network Operations and Management Symposium (APNOMS) (2022)

    Google Scholar 

  3. Xin, S.: Research of intrusion detection system. In: International Conference on Computational and Information Sciences, pp. 1460–1462 (2013)

    Google Scholar 

  4. Yin, C., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)

    Article  Google Scholar 

  5. Kılıc̨, H., et al.: Evasion techniques efficiency over the IPS/IDS technology. In: 4th International Conference on Computer Science and Engineering (UBMK), pp. 542–547 (2019)

    Google Scholar 

  6. Salman, O., et al.: A review on machine learning-based approaches for Internet traffic classification. Ann. Telecommun. 75(11), 673–710 (2020)

    Article  Google Scholar 

  7. Jabbar, M.A., et al.: Intelligent network intrusion detection using alternating decision trees. In: International Conference on Circuits, Controls, Communications and Computing (I4C) (2016)

    Google Scholar 

  8. Sharmila, B.S., et al.: Intrusion detection system using naive bayes algorithm. In: IEEE International WIE Conference on Electrical and Computer Engineering (WIECON-ECE) (2019)

    Google Scholar 

  9. Meena, G., et al.: A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA. In: International Conference on Computer, Communications and Electronics (Comptelix), pp. 553–558 (2017)

    Google Scholar 

  10. Koc, L., et al.: Network intrusion detection using a HNB binary classifier. In: 17th UKSim-AMSS International Conference on Modelling and Simulation (UKSim), pp. 81–85 (2015). https://doi.org/10.1109/UKSim.2015.37

  11. Varanasi, V., et al.: Network intrusion detection using machine learning, deep learning - a review. In: 4th International Conference on Smart Systems and Inventive Technology (ICSSIT), pp. 1618–1624 (2022)

    Google Scholar 

  12. Vinayakumar, R., et al.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)

    Article  Google Scholar 

  13. Sivamohan, S., et al.: An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory. In: International Conference on Intelligent Technologies (CONIT) (2021)

    Google Scholar 

  14. Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2018)

    Article  Google Scholar 

  15. Azizjon, M., et al.: 1D CNN based network intrusion detection with normalization on imbalanced data. In: International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp. 218–224 (2020)

    Google Scholar 

  16. Atefi, K., et al.: A hybrid anomaly classification with deep learning (DL) and binary algorithms (BA) as optimizer in the intrusion detection system (IDS). In: 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), pp. 29–34 (2020)

    Google Scholar 

  17. Rajesh, P., et al.: Analysis of cyber threat detection and emulation using MITRE attack framework. In: International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pp. 4–12 (2022)

    Google Scholar 

  18. Zheng, W.-F.: Intrusion detection based on convolutional neural network. In: International Conference on Computer Engineering and Application (ICCEA), pp. 273–277 (2020)

    Google Scholar 

  19. Sekharan, S.S., et al.: Profiling SIEM tools and correlation engines for security analytics. In: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 717–721 (2017)

    Google Scholar 

  20. MITRE ATTA &CK. https://attack.mitre.org/

  21. Tavallaee, M., et al.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009)

    Google Scholar 

  22. Shah, B., et al.: Reducing features of KDD cup 1999 dataset for anomaly detection using back propagation neural network. In: 2015 Fifth International Conference on Advanced Computing & Communication Technologies, pp. 247–251 (2015)

    Google Scholar 

  23. Zhang, C., et al.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45 (2019)

    Google Scholar 

  24. Liu, L., et al.: Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access 9, 7550–7563 (2021)

    Article  Google Scholar 

  25. Tauscher, Z., et al.: Learning to detect: a data-driven approach for network intrusion detection. In: 2021 IEEE International Performance, Computing, and Communications Conference (IPCCC), pp. 1–6 (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ. Polytechnique Hauts-de-France, INSA Hauts-de-France, LAMIH, CNRS, UMR 8201, 59313, Valenciennes, France

    Almamy Touré, Youcef Imine, Thierry Delot & Antoine Gallais

  2. IBM Security, Paris, France

    Almamy Touré, Alexis Semnont & Robin Giraudo

Authors
  1. Almamy Touré
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youcef Imine
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thierry Delot
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antoine Gallais
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alexis Semnont
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Robin Giraudo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Almamy Touré .

Editor information

Editors and Affiliations

  1. Poznan Supercomputing and Networking Center, Poznań, Poland

    Norbert Meyer

  2. Poznań University of Technology, Poznań, Poland

    Anna Grocholewska-Czuryło

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Touré, A., Imine, Y., Delot, T., Gallais, A., Semnont, A., Giraudo, R. (2024). Automated and Improved Detection of Cyber Attacks via an Industrial IDS Probe. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56326-3_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56325-6

  • Online ISBN: 978-3-031-56326-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation