Evrişimli Sinir Ağına Dayalı Ağ Saldırı Tespit Yaklaşımı

Yıl 2021, Sayı: 26 - Ejosat Özel Sayı 2021 (HORA), 22 - 29, 31.07.2021

Hakan Can Altunay Zafer Albayrak

https://doi.org/10.31590/ejosat.954966

Cited By: 4

Öz

İnternet kullanımının yaygınlaşması ve ağa bağlı cihaz sayısının artması ile siber saldırılarla karşılaşma olasılığı artmaktadır. Siber saldırıların verdiği zararları, engellemek için saldırı tespit sistemleri kullanılmaktadır. Bu çalışmada siber saldırıların engellenmesi için, evrişimli sinir ağı kullanılarak özellik seçimine dayalı saldırı tespit uygulaması gerçekleştirilmiştir. Eğitim ve test işlemlerinde CSE-CIC-IDS2018 veri seti kullanılmıştır. Veri setindeki öznitelikler, ön işlem katmanı, sınıflandırma katmanı ve iki katmanlı evrişimli sinir ağı üzerinde eğitilmiştir. Uygulamanın performansı accuracy, precision ve recall ölçütleri ile değerlendirilmiştir. Ağın aşırı öğrenme sorununu gidermek için yeniden eğitim aşaması gerçekleştirilmiştir. Veri seti içerisinde sentetik veri üretimi gerçekleştirilerek izinsiz giriş tespiti yapılmıştır. Sentetik veri üretimi için SMOTE (Synthetic Minority Over Sampling Technique) yöntemi kullanılmıştır. Çalışmada tehdit türleri olarak Brute Force, Sql Injection, Botnet ve DoS saldırıları seçilmiştir. Saldırı tespit sistemine ait saldırı algılama doğruluğu %98.32 ve yeniden eğitim sonrası elde edilen algılama doğruluğu ise %98.8 olarak tespit edilmiştir. Veri setine eklenen sentetik veriler ile gerçekleştirilen eğitim sonunda sinir ağı, verilerin ikili sınıflandırma işlemini gerçekleştirmiştir. Verilerin tehdit olarak algılanıp sınıflandırılmasındaki başarımı, Brute Force için %98.7, DoS için %98.5, Botnet için %98.9 ve SQL Injection için %99.1 olarak bulunmuştur.

Anahtar Kelimeler

Saldırı Tespit Sistemleri, Evrişimli Sinir Ağı, SMOTE, Derin Öğrenme, Siber Güvenlik.

Network Intrusion Detection Approach Based on Convolutional Neural Network

Öz

The probability of encountering cyber-attacks increases with the proliferation of internet usage and the increase in the number of network devices. Intrusion detection systems are used in order to prevent the damages caused by cyber-attacks. In this study, an intrusion detection implementation based on feature selection was performed by using a convolutional neural network in order to prevent cyber-attacks. CSE-CIC-IDS2018 dataset was used during the training and testing stages. Attributes of the dataset were trained on the preprocessing layer, classification layer, and two-layer convolutional neural network. The implementation performance was assessed through accuracy, precision, and recall metrics. A retraining stage was performed in order to resolve the over-learning problem of the network. Intrusion detection was performed through synthetic data generation within the dataset. SMOTE (Synthetic Minority Over Sampling Technique) was used for synthetic data generation. In the study, Brute Force, SQL Injection, Botnet, and DoS attacks were selected as the types of threat. Attack detection accuracy of the intrusion detection system was found 98.32% and the detection accuracy obtained after retraining was found 98.8%. Following the training performed with synthetic data added into the dataset, the neural network carried out a binary classification of the data. The performance rate of detection and classification of the data as a threat was determined as 98.7% for Brute Force, 98.5% for DoS, 98.9% for Botnet, and 99.1% for SQL Injection.

Anahtar Kelimeler

Intrusion Detection Systems, Convolutional Neural Network, SMOTE, Deep Learning, Cyber Security.

Kaynakça

• Deng, R., Zhuang, P., & Liang, H. (2017). CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart Grid. IEEE Transactions on Smart Grid, 2420–2430.
• Li, Z., Batta, P., & Trajkovic, L. (2018). Comparison of machine learning algorithms for detection of network intrusions. In 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 4248–4253.
• Kevric, J., Jukic, S., & Subasi, A. (2017). An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 1051–1058.
• Sharafaldin, I., Arash, H. L., & Ali, A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. 4th International Conference on Information Systems Security and Privacy (ICISSP). Portekiz.
• Alazab, A., Hobbs, M., Abawajy, J., & Alazab, M. (2014). Using response action with intelligent intrusion detection and prevention system against web application malware. Information Management and Computer Security.
• Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., & Alazab, A. (2020). Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics.
• Alabadi, M., & Albayrak, Z. (2020). Q Learning for Securing Cyber-Physical Systems: A survey. (2020). International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), 1-13.
• Baykara, M., & Daş, R. (2019). Saldırı Tespit Ve Engelleme Araçlarının İncelenmesi. Dümf Mühendislik Dergisi, 57-75.
• Priyadarshini, R., & Barik, R.K. (2019). A Deep Learning Based Intelligent Framework to Mitigate DDoS Attack in Fog Environment. Journal of King Saud University - Computer and Information Sciences.
• Behera, S., Pradhan, A., & Dash, R. (2018). Deep neural network architecture for anomaly based intrusion detection system. In 5th International conference on Signal Processing and Integrated Networks, 270-274.
• Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho A. (2019). A Survey of Network-based Intrusion Detection Data Sets. Cryptography and Security.
• Kanimozhi, V., & PremJacob, T. (2019). Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing. ICT, 211-214.
• Zhou, Q., & Pezaro, D., (2019). Evaluation of machine learning classifiers for zero-day intrusion detection, an analysis on CIC-AWS- 2018 dataset. arXiv abs/190.03685v1.
• Yin, C., Zhu, Y., Fei, J., He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 21954-21961.
• Ferrag, M.A., & Maglaras, L. (2019). Deliverycoin: An ids blockchain-based framework for drone-delivered services. Computers, 58.
• Filho, F., Frederico, A., Silveira, F., Junior, A., & Silveira, G. (2019). Smart detection: An online approach for DoS/DDoS Attack detection using machine learning. Security and Communication Networks.
• Lin, P., Ye, K., & Xu, C.Z. (2019). Dynamic Network Anomaly Detection System by Using Deep Learning Techniques. In: Da Silva, D., Wang, Q., Zhang, LJ. (eds) Cloud Computing – CLOUD 2019. CLOUD 2019. Lecture Notes in Computer Science, vol 11513. Springer, Cham.
• Abdulhammed, R., Faezipour, M., Abuzneid, A., & Abumallouh, A. (2018). Deep and machine learning approaches for anomaly- based intrusion detection of imbalanced network traffic. IEEE Sensors Letters, 1-4.
• Atay, R., Odabaş, D. E., & Pehlivanoğlu, M. K. (2019). İki Seviyeli Hibrit Makine Öğrenmesi Yöntemi İle Saldırı Tespiti. Dergipark, 258-272.
• Karaman, M., Turan, M., & Aydın M. A. (2020). Yapay sinir ağları kullanılarak anomali tabanlı saldırı tespit modeli uygulaması. European Journal of Science and Technology Special Issue, 17-25.
• Sun, P., Liu, P., Li, Q., Lu, X., Hao, R., & Chen, J. (2020). DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system. Security and Communication Networks.
• Alazzam, H., Sharieh, A., & Sabri, K. E. (2020). A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Security and Communication Networks Expert Systems with Applications, 148, 113249.
• Femi, E. A., Sakinat, O. F., Adebayo, A. A., Adebola, O. A., & Joseph, B. A. (2020). Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection. Information Security Journal.
• Jiyeon, K., Jiwan, K., Hyunjung, K., Minsun, S., & Eunjung, C. (2020). CNN-Based network intrusion detection against denial-of- service attacks. Electronics.
• Einy, S., Öz, C., & Navaei, N. V. (2021). The Anomaly- and Signature-Based IDS for Network Security Using Hybrid Inference Systems. Mathematical Problems in Engineering.
• Tuptuk, N., & Hailes, S. (2018). Security of smart manufacturing systems. ELSEVIER.
• Karataş, G., Demir, Ö., & Şahingöz, Ö. K. (2019). A deep learning based intrusion detection system on GPU's. International Conference 11th Edition Electronics computer and Artificial Intelligence.
• Akashdee, P., Manzoor, I., & Kumar, N. (2017). A feature reduced intrusion detection system using ANN classifier. ELSEVİER.
• Chandra, A., Khatri, S., & Simon, R. (2019). Filter-based attribute selection approach for intrusion detection usin k-means clustering and sequential minimal optimization technique. Amity International conference on Artificial Intelligence, 740-745.
• Yavaş, M., Güran, A., Uysal, M., Manzoor, l., & Kumar, N. (2020). Covid 19 veri kümesinin SMOTE tabanlı örnekleme yöntemi uygulanarak sınıflandırılması. European Journal of Science and Technology.
• Yang, H., Cheng, L., Chuah, M. C. (2019). Deep learning based network intrusion detection for SCADA systems. IEEE Conference on Communications and Network Security: Workshops: CPS: International Workshop On Cyber-Physical Systems Security.