当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
RNNIDS: Enhancing Network Intrusion Detection Systems through Deep Learning
Computers & Security ( IF 4.8 ) Pub Date : 2021-03-01 , DOI: 10.1016/j.cose.2020.102151 Soroush M. Sohi , Jean-Pierre Seifert , Fatemeh Ganji
Computers & Security ( IF 4.8 ) Pub Date : 2021-03-01 , DOI: 10.1016/j.cose.2020.102151 Soroush M. Sohi , Jean-Pierre Seifert , Fatemeh Ganji
Abstract Security of information passing through the Internet is threatened by today’s most advanced malware ranging from orchestrated botnets to simpler polymorphic worms. These threats, as examples of zero-day attacks, are able to change their behavior several times in the early phases of their existence to bypass the network intrusion detection systems (NIDS). In fact, even well-designed, and frequently-updated signature-based NIDS cannot detect the zero-day treats due to the lack of an adequate signature database, adaptive to intelligent attacks on the Internet. More importantly, having an NIDS, it should be tested on malicious traffic dataset that not only represents known attacks, but also can to some extent reflect the characteristics of unknown, zero-day attacks. Generating such traffic is identified in the literature as one of the main obstacles for evaluating the effectiveness of NIDS. To address these issues, we introduce RNNIDS that applies Recurrent Neural Networks (RNNs) to find complex patterns in attacks and generate similar ones. In this regard, for the first time, we demonstrate that RNNs are helpful to generate new, unseen mutants of attacks as well as synthetic signatures from the most advanced malware to improve the intrusion detection rate. Besides, to further enhance the design of an NIDS, RNNs can be employed to generate malicious datasets containing, e.g., unseen mutants of a malware. To evaluate the feasibility of our approaches, we conduct extensive experiments by incorporating publicly available datasets, where we show a considerable improvement in the detection rate of an off-the-shelf NIDS (up to 16.67%).
中文翻译:
RNNIDS:通过深度学习增强网络入侵检测系统
摘要 通过互联网传输的信息安全受到当今最先进的恶意软件的威胁,从精心策划的僵尸网络到更简单的多态蠕虫。作为零日攻击的例子,这些威胁能够在其存在的早期阶段多次改变其行为以绕过网络入侵检测系统 (NIDS)。事实上,即使是设计良好、经常更新的基于签名的 NIDS 也无法检测到零日攻击,因为缺乏足够的签名数据库,适应互联网上的智能攻击。更重要的是,有了NIDS,它应该在恶意流量数据集上进行测试,不仅可以代表已知攻击,而且可以在一定程度上反映未知、零日攻击的特征。产生这种流量在文献中被认为是评估 NIDS 有效性的主要障碍之一。为了解决这些问题,我们引入了 RNNIDS,它应用循环神经网络 (RNN) 来发现攻击中的复杂模式并生成类似的模式。在这方面,我们首次证明 RNN 有助于生成新的、看不见的攻击突变体以及来自最先进恶意软件的合成签名,以提高入侵检测率。此外,为了进一步增强 NIDS 的设计,可以使用 RNN 来生成恶意数据集,其中包含例如未知的恶意软件突变体。为了评估我们方法的可行性,我们通过合并公开可用的数据集进行了广泛的实验,
更新日期:2021-03-01
中文翻译:
RNNIDS:通过深度学习增强网络入侵检测系统
摘要 通过互联网传输的信息安全受到当今最先进的恶意软件的威胁,从精心策划的僵尸网络到更简单的多态蠕虫。作为零日攻击的例子,这些威胁能够在其存在的早期阶段多次改变其行为以绕过网络入侵检测系统 (NIDS)。事实上,即使是设计良好、经常更新的基于签名的 NIDS 也无法检测到零日攻击,因为缺乏足够的签名数据库,适应互联网上的智能攻击。更重要的是,有了NIDS,它应该在恶意流量数据集上进行测试,不仅可以代表已知攻击,而且可以在一定程度上反映未知、零日攻击的特征。产生这种流量在文献中被认为是评估 NIDS 有效性的主要障碍之一。为了解决这些问题,我们引入了 RNNIDS,它应用循环神经网络 (RNN) 来发现攻击中的复杂模式并生成类似的模式。在这方面,我们首次证明 RNN 有助于生成新的、看不见的攻击突变体以及来自最先进恶意软件的合成签名,以提高入侵检测率。此外,为了进一步增强 NIDS 的设计,可以使用 RNN 来生成恶意数据集,其中包含例如未知的恶意软件突变体。为了评估我们方法的可行性,我们通过合并公开可用的数据集进行了广泛的实验,
京公网安备 11010802027423号