Araştırma Makalesi
BibTex RIS Kaynak Göster

Otokodlayıcı Tabanlı Denetimsiz Öğrenme Yöntemi ile Ağ Trafiğindeki Saldırıların Algılanması

Yıl 2022, , 199 - 207, 31.12.2022
https://doi.org/10.26650/acin.1142806

Öz

Ağ sistemlerine yapılan saldırıların etkisi ve oluşturduğu hasarların boyutu gün geçtikçe artış eğilimi göstermektedir. Saldırıları zamanında ve etkin biçimde tespit ederek uygun savunma sistemleri geliştirmek üzere makine öğrenmesi algoritmalarına dayalı çözümler geliştirilmeye başlanmıştır. Bu çalışma, ağlara yönelik anormal trafiğin derin öğrenme algoritmaları yardımıyla belirlenmesi üzerine odaklanmakta ve saldırıların tespit edilmesinde kullanılabilecek bir derin otokodlayıcı model mimarisi önerilmektedir. Bu amaçla önce otokodlayıcı ile sınıf etiketleri olmayan normal veri kümesi denetimsiz biçimde eğitilerek bir otokodlayıcı model elde edilmekte, bu model normal saldırı gözlemlerine sahip küçük boyutlu bir test verisiyle birlikte çalıştırılarak bir eşik değer elde edilmektedir. Eşik değer, model performansını optimum kılacak bir değer olarak hesaplanmaktadır. Denetimli öğrenme yöntemlerinin, siber saldırıların tespit edilmesinde, etiketleme işleminin zorluklara ve maliyet artışlarına neden olduğu gözlemlenmektedir. Bu maliyetleri aşmak ve zaman kazanmak için etiketlendirme işlemine başvurmadan sadece küçük bir test verisini kullanarak eşik değer hesaplanmakta ve yeni gelen bir güncel ağ trafik bilgisi bu eşik değere göre sınıflandırılmaktadır.

Kaynakça

  • Abadi, M., Agarval, A., Barham, P., Brevdo., Chen, A., Citro, C. ... Corrado, G.S. (2015), TensorFlow: Large-scale machine learning on heterogeneous systems, Software available from tensorflow.org, DOI: 10.5281/zenodo.4724125 google scholar
  • Aygun, R. C., & Yavuz, A. G. (2017, June). Network anomaly detection with stochastically improved autoencoder based models. In 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 193-198). IEEE. google scholar
  • Chollet, F., & others. (2015). Keras. GitHub. Retrieved from https://github.com/fchollet/keras google scholar
  • Chollet, F., (2019). Python ile Derin Öğrenme [Deep Learning with Python]. (Aksoy, B.A. Trans.). İstanbul, Turkey: Buzdağı yayınevi. google scholar
  • CICIDS2017. (2017), Intrusion Detection Systems Datasets, Retrieved from https://www.unb.ca/cic/datasets/ids-2017.html google scholar
  • Dutta,V., Pawlicki,M., Kozik,R. & Choras, M. (2022). Unsupervised network traffic anomaly detection with deep autoencoders, Logic Journal of the IGPL, jzac002. google scholar
  • Gao M, Ma L , Liu H, Zhang Z, Ning Z & Xu, J. (2020). Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis. Sensors.; 20(5):1452. https://doi.org/10.3390/s20051452 google scholar
  • He, M., Wang, X., Zhou, J., Xi, Y., Jin, L., & Wang, X. (2021). Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection. Security and Communication Networks, 2021. https://doi.org/10.1155/2021/6659022 google scholar
  • Hunter, J. D. (2007), Matplotlib: A 2D graphics environment, Computing in Science \& Engineering, Volume 9, Number 3, Pages 90-95. google scholar
  • Khraisat, A., Gondal, I., Vamplew, P. & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2, 20 (2019). https://doi.org/10.1186/s42400-019-0038-7 google scholar
  • Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A. & Kitsune. (2018). An Ensemble of Autoencoders for Online Network Intrusion Detection, Proceedings of the 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, CA, USA. 18-21 February 2018. google scholar
  • Özkan, Y., (2021). Uygulamalı Derin Öğrenme. Papatya Bilim Yayınevi. google scholar
  • Öztemel, E., (2020). Yapay Sinir Ağları. (4th ed.) [Neural networks], İstanbul, Turkey: Papatya Bilim yayınevi, ISBN: 978- 975-6797-39-6. google scholar
  • Roshan, K. & Zafar, A. (2021). An Optimized Auto-Encoder based Approach for Detecting Zero-Day Cyber-Attacks in Computer Network. 5th International Conference on Information Systems and Computer Networks (ISCON), 2021, pp. 1-6, doi: 10.1109/ISCON52037.2021.9702437. google scholar
  • Rossum, G., & Drake Jr, F. L. (1995). Python reference manual. Centrum voor Wiskunde en Informatica Amsterdam. google scholar
  • Sharafaldin,I., Habibi Lashkari, A.H., & Ghorbani, A.A., (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018 google scholar
  • Song, Y., Hyun, S., & Cheong, Y. G. (2021). Analysis of Autoencoders for Network Intrusion Detection. Sensors (Basel, Switzerland), 21(13), 4294, https:// doi.org/10.3390/s21134294 google scholar
  • Yang, L., Song, Y., Gao, S., Xiao, B., & Hu, A. (2020). Griffin: An Ensemble of AutoEncoders for Anomaly Traffic Detection in SDN, GLOBECOM 2020 - 2020 IEEE Global Communications Conference, 2020, pp. 1-6, doi: 10.1109/GLOBECOM42002.2020.9322187. google scholar

Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method

Yıl 2022, , 199 - 207, 31.12.2022
https://doi.org/10.26650/acin.1142806

Öz

The effects of attacks on network systems and the extent of damages caused by them tend to increase every day. Solutions based on machine learning algorithms have started to be developed in order to develop appropriate defense systems by detecting attacks in a timely and effective manner. This study focuses on detecting abnormal traffic on networks through deep learning algorithms, and a deep autoencoder model architecture that can be used to detect attacks is recommended. To this end, an autoencoder model is first obtained by training the normal dataset without class labels in an unsupervised manner with an autoencoder, and a threshold value is obtained by running this model with small size test data with normal attack observations. The threshold value is calculated as a value that will optimize the model performance. It is observed that supervised learning methods lead to difficulties and cost increases in the detection of cyber-attacks and the labeling process. The threshold value is calculated using only small test data without resorting to labeling in order to overcome these costs and save time, and the incoming up-to-date network traffic information is classified based on this threshold value. 

Kaynakça

  • Abadi, M., Agarval, A., Barham, P., Brevdo., Chen, A., Citro, C. ... Corrado, G.S. (2015), TensorFlow: Large-scale machine learning on heterogeneous systems, Software available from tensorflow.org, DOI: 10.5281/zenodo.4724125 google scholar
  • Aygun, R. C., & Yavuz, A. G. (2017, June). Network anomaly detection with stochastically improved autoencoder based models. In 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 193-198). IEEE. google scholar
  • Chollet, F., & others. (2015). Keras. GitHub. Retrieved from https://github.com/fchollet/keras google scholar
  • Chollet, F., (2019). Python ile Derin Öğrenme [Deep Learning with Python]. (Aksoy, B.A. Trans.). İstanbul, Turkey: Buzdağı yayınevi. google scholar
  • CICIDS2017. (2017), Intrusion Detection Systems Datasets, Retrieved from https://www.unb.ca/cic/datasets/ids-2017.html google scholar
  • Dutta,V., Pawlicki,M., Kozik,R. & Choras, M. (2022). Unsupervised network traffic anomaly detection with deep autoencoders, Logic Journal of the IGPL, jzac002. google scholar
  • Gao M, Ma L , Liu H, Zhang Z, Ning Z & Xu, J. (2020). Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis. Sensors.; 20(5):1452. https://doi.org/10.3390/s20051452 google scholar
  • He, M., Wang, X., Zhou, J., Xi, Y., Jin, L., & Wang, X. (2021). Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection. Security and Communication Networks, 2021. https://doi.org/10.1155/2021/6659022 google scholar
  • Hunter, J. D. (2007), Matplotlib: A 2D graphics environment, Computing in Science \& Engineering, Volume 9, Number 3, Pages 90-95. google scholar
  • Khraisat, A., Gondal, I., Vamplew, P. & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2, 20 (2019). https://doi.org/10.1186/s42400-019-0038-7 google scholar
  • Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A. & Kitsune. (2018). An Ensemble of Autoencoders for Online Network Intrusion Detection, Proceedings of the 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, CA, USA. 18-21 February 2018. google scholar
  • Özkan, Y., (2021). Uygulamalı Derin Öğrenme. Papatya Bilim Yayınevi. google scholar
  • Öztemel, E., (2020). Yapay Sinir Ağları. (4th ed.) [Neural networks], İstanbul, Turkey: Papatya Bilim yayınevi, ISBN: 978- 975-6797-39-6. google scholar
  • Roshan, K. & Zafar, A. (2021). An Optimized Auto-Encoder based Approach for Detecting Zero-Day Cyber-Attacks in Computer Network. 5th International Conference on Information Systems and Computer Networks (ISCON), 2021, pp. 1-6, doi: 10.1109/ISCON52037.2021.9702437. google scholar
  • Rossum, G., & Drake Jr, F. L. (1995). Python reference manual. Centrum voor Wiskunde en Informatica Amsterdam. google scholar
  • Sharafaldin,I., Habibi Lashkari, A.H., & Ghorbani, A.A., (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018 google scholar
  • Song, Y., Hyun, S., & Cheong, Y. G. (2021). Analysis of Autoencoders for Network Intrusion Detection. Sensors (Basel, Switzerland), 21(13), 4294, https:// doi.org/10.3390/s21134294 google scholar
  • Yang, L., Song, Y., Gao, S., Xiao, B., & Hu, A. (2020). Griffin: An Ensemble of AutoEncoders for Anomaly Traffic Detection in SDN, GLOBECOM 2020 - 2020 IEEE Global Communications Conference, 2020, pp. 1-6, doi: 10.1109/GLOBECOM42002.2020.9322187. google scholar
Toplam 18 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Konular Bilgisayar Yazılımı
Bölüm Araştırma Makalesi
Yazarlar

Yalçın Özkan 0000-0002-3551-7021

Yayımlanma Tarihi 31 Aralık 2022
Gönderilme Tarihi 9 Temmuz 2022
Yayımlandığı Sayı Yıl 2022

Kaynak Göster

APA Özkan, Y. (2022). Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica, 6(2), 199-207. https://doi.org/10.26650/acin.1142806
AMA Özkan Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. ACIN. Aralık 2022;6(2):199-207. doi:10.26650/acin.1142806
Chicago Özkan, Yalçın. “Detection of Attacks in Network Traffic With the Autoencoder-Based Unsupervised Learning Method”. Acta Infologica 6, sy. 2 (Aralık 2022): 199-207. https://doi.org/10.26650/acin.1142806.
EndNote Özkan Y (01 Aralık 2022) Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. Acta Infologica 6 2 199–207.
IEEE Y. Özkan, “Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method”, ACIN, c. 6, sy. 2, ss. 199–207, 2022, doi: 10.26650/acin.1142806.
ISNAD Özkan, Yalçın. “Detection of Attacks in Network Traffic With the Autoencoder-Based Unsupervised Learning Method”. Acta Infologica 6/2 (Aralık 2022), 199-207. https://doi.org/10.26650/acin.1142806.
JAMA Özkan Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. ACIN. 2022;6:199–207.
MLA Özkan, Yalçın. “Detection of Attacks in Network Traffic With the Autoencoder-Based Unsupervised Learning Method”. Acta Infologica, c. 6, sy. 2, 2022, ss. 199-07, doi:10.26650/acin.1142806.
Vancouver Özkan Y. Detection of Attacks in Network Traffic with the Autoencoder-Based Unsupervised Learning Method. ACIN. 2022;6(2):199-207.