当前位置:
X-MOL 学术
›
J. Big Data
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Anomaly detection optimization using big data and deep learning to reduce false-positive
Journal of Big Data ( IF 8.6 ) Pub Date : 2020-08-31 , DOI: 10.1186/s40537-020-00346-1 Khloud Al Jallad , Mohamad Aljnidi , Mohammad Said Desouki
Journal of Big Data ( IF 8.6 ) Pub Date : 2020-08-31 , DOI: 10.1186/s40537-020-00346-1 Khloud Al Jallad , Mohamad Aljnidi , Mohammad Said Desouki
Anomaly-based Intrusion Detection System (IDS) has been a hot research topic because of its ability to detect new threats rather than only memorized signatures threats of signature-based IDS. Especially after the availability of advanced technologies that increase the number of hacking tools and increase the risk impact of an attack. The problem of any anomaly-based model is its high false-positive rate. The high false-positive rate is the reason why anomaly IDS is not commonly applied in practice. Because anomaly-based models classify an unseen pattern as a threat where it may be normal but not included in the training dataset. This type of problem is called overfitting where the model is not able to generalize. Optimizing Anomaly-based models by having a big training dataset that includes all possible normal cases may be an optimal solution but could not be applied in practice. Although we can increase the number of training samples to include much more normal cases, still we need a model that has more ability to generalize. In this research paper, we propose applying deep model instead of traditional models because it has more ability to generalize. Thus, we will obtain less false-positive by using big data and deep model. We made a comparison between machine learning and deep learning algorithms in the optimization of anomaly-based IDS by decreasing the false-positive rate. We did an experiment on the NSL-KDD benchmark and compared our results with one of the best used classifiers in traditional learning in IDS optimization. The experiment shows 10% lower false-positive by using deep learning instead of traditional learning.
中文翻译:
利用大数据和深度学习进行异常检测优化以减少假阳性
基于异常的入侵检测系统(IDS)一直是研究的热点,因为它具有检测新威胁的能力,而不仅是基于签名的IDS的存储签名威胁。尤其是在获得先进技术之后,这些技术增加了黑客工具的数量并增加了攻击的风险影响。任何基于异常的模型的问题是其假阳性率高。高假阳性率是异常IDS在实践中不常用的原因。因为基于异常的模型将看不见的模式归类为威胁,因此它可能是正常的,但没有包含在训练数据集中。这种类型的问题称为模型无法泛化的过度拟合。通过拥有包含所有可能的正常情况的大型训练数据集来优化基于异常的模型可能是一种最佳解决方案,但在实践中无法应用。尽管我们可以增加训练样本的数量以包含更多正常情况,但是我们仍然需要一个具有更强泛化能力的模型。在这篇研究论文中,我们建议应用深度模型代替传统模型,因为它具有更强的泛化能力。因此,我们将通过使用大数据和深度模型来减少假阳性。我们通过降低假阳性率在基于异常的IDS优化中对机器学习和深度学习算法进行了比较。我们在NSL-KDD基准上进行了一项实验,并将我们的结果与IDS优化中传统学习中最常用的分类器之一进行了比较。
更新日期:2020-08-31
中文翻译:
利用大数据和深度学习进行异常检测优化以减少假阳性
基于异常的入侵检测系统(IDS)一直是研究的热点,因为它具有检测新威胁的能力,而不仅是基于签名的IDS的存储签名威胁。尤其是在获得先进技术之后,这些技术增加了黑客工具的数量并增加了攻击的风险影响。任何基于异常的模型的问题是其假阳性率高。高假阳性率是异常IDS在实践中不常用的原因。因为基于异常的模型将看不见的模式归类为威胁,因此它可能是正常的,但没有包含在训练数据集中。这种类型的问题称为模型无法泛化的过度拟合。通过拥有包含所有可能的正常情况的大型训练数据集来优化基于异常的模型可能是一种最佳解决方案,但在实践中无法应用。尽管我们可以增加训练样本的数量以包含更多正常情况,但是我们仍然需要一个具有更强泛化能力的模型。在这篇研究论文中,我们建议应用深度模型代替传统模型,因为它具有更强的泛化能力。因此,我们将通过使用大数据和深度模型来减少假阳性。我们通过降低假阳性率在基于异常的IDS优化中对机器学习和深度学习算法进行了比较。我们在NSL-KDD基准上进行了一项实验,并将我们的结果与IDS优化中传统学习中最常用的分类器之一进行了比较。
京公网安备 11010802027423号