Project Report

Date: 29-08-2017

Name: Ramagiri Pranava

Roll No: CS16M1005

Area of the project: Deep learning, Networking

Title: Network Intrusion Detection System using deep learning for security

Abstract:

A Network Intrusion Detection System (NIDS) helps system administrators to detect

network security breaches in organization. However, many challenges arise while developing
a flexible and effective NIDS for unforeseen and unpredictable attacks. In this work, we
propose a deep learning based approach to implement such an effective and flexible NIDS.
We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD a
benchmark dataset for network intrusion [1]. Deep learning solves central problem in
representation learning by introducing representations that are expressed in terms of other,
simpler representations. Deep learning allows the computer to build complex concepts out of
simpler concepts.

Introduction:

INTRUSION DETECTION SYSTEMS:

Intrusion Detection Systems (IDSs) are security tools used to detect anomalous or
malicious activities from inside and outside intruders. Such intrusive activities violate the
security policies of the system and are considered anomalous. An alert should be raised by
the IDS when detecting these. An intrusion can be an attack from the Internet, attempts from
authorized users of the system to gain more privileges, or an authorized user who
misuse their privileges.
IDS have three basic functions:

1. Monitoring information sources: Monitor activities concerning sources such as computers

or networks for unauthorized access activities.

2. Analysis: Detect unauthorized activities using events and data collected in the monitoring
process. Misuse and anomaly detection analysis approaches are the most common.

3. Response: Which is a set of actions the system takes when an intrusion is being detected.

Following three main categories

1. Network-Based Intrusion Detection System (NIDS): NIDS captures and monitors

incoming packets against a database of known attacks content strings. If matched, it alerts the
user based on the action specified in the rule. Examples of NIDS include SNORT, BRO,
CISCO NIDS, and NETPROWLER.

2. Host-Based Intrusion Detection System (HIDS): HIDS monitor and analyze the internals
of a computing system rather than the network packets on its external interfaces. It monitors
and consults several log files or audit trails determining if an intrusion has occurred and
warns the system administrator of the possible intrusions taking place. Examples of HIDS
include OSSEC, CISCO HIDS, and TRIPWIRE.

3. Distributed Intrusion Detection System (DIDS): In a DIDS, the individual sensors that
inspect intrusions can be NIDS, HIDS, or a combination of both. All the distributed sensors
across the network report to a centralized management system. If any of the sensors detects
an intrusion, the DIDS managing console updates signatures on all the sensors, thus
immediately securing the whole network.

IDS can be classified into two categories based on detection techniques.

Signature Based Intrusion Detection System: A signature based IDS will monitor network
traffic packets on the network and matches them against a database of signatures or rules of
known malicious threats.

Anomaly Based Intrusion Detection System: An anomaly based IDS will monitor network
traffic and compare it against an established normal traffic. Any deviation from normal traffic
alerts the administrator or user, indicating anomalous behavior. The rate of
false positives is high as not all anomalies are intrusions. These IDSs require system
administrators to identify real attacks versus false positives since incoming traffic packets and
trained pattern might have several deviations [3].

DEEP LEARNING:

The term deep learning comes from the advancements of neural network. In deep learning,
various methods have applied in order to overcome the limitations of the hidden layer.
Basically, those methods employ consecutive hidden layers which hierarchically structured.
Since a lot of methods belong to deep learning method, the classification of each deep
learning method is essential. There are many deep learning methods such as Deep Belief
Network (DBN), Boltzman Machine (BM), Restricted Boltzman Machine (RBM),
Deep Boltzman Machine (DBM), Deep Neural Network (DNN), Auto Encoder,
Deep / stacked Auto Encoder, Stacked denoising Auto Encoder, Distributed representation
and Convolutional Neural Network (CNN).Deep learning divided into three sub-groups,
generative, discriminative and hybrid. The classification is based on the intention of
architectures and techniques, e.g., synthesis/generation or recognition/classification [4].

Literature Survey:

1) Title: A Deep Learning Approach for Network Intrusion Detection System

Description: In this work, we propose a deep learning based approach to implement such an
effective and flexible NIDS. We use Self-taught Learning (STL), a deep learning based
technique, on NSL-KDD - a benchmark dataset for network intrusion [5].

2) Title: Deep Learning Approach for Network Intrusion Detection in Software Defined
Networking

Description: In this paper apply a deep learning approach for flow-based anomaly detection
in an SDN environment. This build a Deep Neural Network (DNN) model for
an intrusion detection system and train the model with the NSLKDD Dataset. This paper uses
six basic features of NSL-KDD Dataset. Through experiments, we confirm that the deep
learning approach shows strong potential to be used for flow-based anomaly detection in
SDN environments [6].

3) Title: Malware Detection with Deep Neural Network Using Process Behaviour
Description: This paper propose the malware process detection method for discovering
possible infected terminal. The proposal applies DNN in 2 stages. The first stage extracts
process activities by RNN and concludes them to feature vectors. The feature vectors is
treated as an image and classified with CNN based image classification [7].

4) Title: Network Intrusion Detection for Cyber Security on Neuromorphic Computing

System

Description: This paper experiments on the advancement in intrusion detection technology

named True Cyber Security along with important considerations of deep learning
approaches on conventional von-Neumann computing system as well as a new non-von-
Neumann neuromorphic cognitive system [8].

5) Title: Intrusion Detection System Using Deep Neural Network for In-Vehicle Network
Security.

Description: This paper proposed an efficient intrusion detection system (IDS) based on a
deep neural network (DNN) for the security of in-vehicular network. The DNN provides the
probability of each class to discriminate normal and hacking packets, and, thus the system
can identify any malicious attack to the vehicle as a result.This paper also proposed a novel
feature vector comprising the mode information and the value information extracted from the
network packets, and they are efficiently used in the training and the testing [9].

Work to be done:

To learn python language for coding.

To learn about tools of IDS.
To learn about IDS attacks and Deep learning methods briefly.
References:

[1] Quamar Niyaz, Weiqing Sun, Ahmad Y Javaid, and Mansoor Alam :A Deep Learning
Approach for Network Intrusion Detection System.

[2] Glenn M. Lambert II :Security Analytics: Using Deep Learning to Detect Cyber Attacks.

[3] Zahangir Alom, Venkata Ramesh Bontupalli, Tarek M. Taha :Intrusion detection using
deep belief network and extreme learning machine.

[4] Muhamad Erza Aminantoa, Kwangjo Kimb, Deep Learning in Intrusion Detection
System: An Overview.

[5] Tuan A Tang, Lotfi Mhamdi, Des McLernon, Syed Ali Raza Zaidi and Mounir
Ghogho:Deep Learning Approach for Network Intrusion Detection in Software Defined
Networking.

[6] Muhamad Erza Aminanto and Kwangjo Kim : Deep Learning-based Feature Selection for
Intrusion Detection System in Transport Layer.

[7] Shun Tobiyama, Yukiko Yamaguchi, Hajime Shimada, Tomonori Ikuse and Takeshi
Yagi: Malware Detection with Deep Neural Network Using Process Behavior.

[8] Md Zahangir Alom and Tarek M. Taha : Network Intrusion Detection for Cyber Security
on Neuromorphic Computing System, 2017 IEEE.

[9] Min-Joo Kang, Je-Won Kang: Intrusion Detection System Using Deep Neural Network
for In-Vehicle Network Security.