Abstract
Network Intrusion Detection Systems (NIDSes) play an important role in security operations to detect and defend against cyberattacks. As artificial intelligence (AI)-powered NIDSes are adaptive to various kinds of attacks by exploring the knowledge presented in the data, they are in high demand to treat the cyberattacks nowadays with increasing diversity and intensity. In this paper, we present a feasibility study on neural networks (NNs) -based NIDSes aiming to solve the packet classification problem – distinguishing malicious packets from benign packets while specifying a class of anomaly to which a malicious packet belongs. We employ the features defined by Kitsune – a lightweight NN-based packet anomaly detector – as inputs to our classifier. A Kitsune feature vector is composed of statistics calculated from a single packet and its predecessors using a successive algorithm. We evaluate the proposed packet classification scheme using the CSE-CIC-IDS2018 open dataset. The experimental results show that our method can achieve good performance for particular attack types so that it can meet the requirement of a practical NIDSes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hwang, R.H., Peng, M.C., Nguyen, V.L., Chang, Y.L.: An LSTM-based deep learning approach for classifying malicious traffic at the packet level. Appl. Sci. 9(16), 3414 (2019)
Iman, S., Arash, H.L., Ali, A.G.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), January 2018
Ishibashi, R., Goto, H., Han, C., Ban, T., Takahashi, T., Takeuchi, J.: Which packet did they catch? Associating NIDS alerts with their communication sessions. In: The 16th Asia Joint Conference on Information Security, August 2021
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (Dec 2014)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 2018 Network and Distributed System Security Symposium, February 2018
Online: CSE-CIC-IDS2018 on AWS. https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 31 Dec 2021
Online: A realistic cyber defense dataset (CSE-CIC-IDS2018). https://registry.opendata.aws/cse-cic-ids2018/. Accessed 31 Dec 2021
Takahashi, T., et al.: Designing comprehensive cyber threat analysis platform: can we orchestrate analysis engines? In: 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops) (2021)
ymirsky: Kitsune-py. https://github.com/ymirsky/Kitsune-py. Accessed 31 Dec 2021
Acknowledgments
This research was conducted under a contract of “MITIGATE” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254)”, which was supported by the Ministry of Internal Affairs and Communications, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Miyamoto, K. et al. (2022). Malicious Packet Classification Based on Neural Network Using Kitsune Features. In: Bennour, A., Ensari, T., Kessentini, Y., Eom, S. (eds) Intelligent Systems and Pattern Recognition. ISPR 2022. Communications in Computer and Information Science, vol 1589. Springer, Cham. https://doi.org/10.1007/978-3-031-08277-1_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-08277-1_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08276-4
Online ISBN: 978-3-031-08277-1
eBook Packages: Computer ScienceComputer Science (R0)