aalto1 untyped-item.component.html

Machine Learning Techniques to Detect Known and Novel Cyber-attacks

Thumbnail Image

Files

isbn9789526411750.pdf (5.7 MB)

URL

Journal Title

Journal ISSN

Volume Title

School of Electrical Engineering | Doctoral thesis (article-based) | Defence date: 2023-05-22
Electronic archive copy is available via Aalto Thesis Database.
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2023

Department

Tietoliikenne- ja tietoverkkotekniikan laitos
Department of Communications and Networking

Major/Subject

Mcode

Degree programme

Language

en

Pages

92 + app. 94

Series

Aalto University publication series DOCTORAL THESES, 31/2023

Abstract

Intrusion detection systems are considered well-known tools for monitoring and detecting malicious traffic in communication networks. However, traditional intrusion detection systems rely on known signatures and lack the ability to detect novel attacks. Therefore, machine learning techniques are introduced to complement intrusion detection and to dynamically identify the relevant data of interest and intelligently find out the security threats. However, in order to train algorithms in machine learning based intrusion detection systems, obtaining reliable datasets with appropriate characteristics is a major challenge. Due to the lack of labelled datasets, machine learning based intrusion detection systems suffer from overfitting problem which makes them inefficient for real time intrusion detection. Furthermore, in real-life scenarios, considerable amount of incoming data does not belong to any known category; and for unknown traffic, dividing data into the classes without having information on the nature of the traffic is challenging. In addition, annotating a large dataset is very costly and hence in practice we can label only a few examples manually. On the other hand, the 5G+ and 6G networks are expected to deliver massive connectivity to numerous IoT/IoE devices, where a huge amount of data needs to be analyzed by artificial intelligence enabled mechanisms. Consequently, a mature and scalable architecture must be considered as a mandatory objective in machine learning based intrusion detection systems.This thesis explores machine learning techniques to handle mentioned issues in the cyber-security domain. The thesis proposes an intelligent, modular, robust and scalable security solution to dynamically detect known and unknown cyber-attacks targeting mobile networks. This project takes the intrusion detection to the next level with a hybrid machine learning based mechanism namely Hybrid Anomaly Detection Model that employs a protocol analyzer and various supervised and unsupervised techniques to filter network traffic and identify malicious activities in high load communication networks. The protocol analyzer classifies and filters vulnerable protocols to avoid unnecessary computation load, the classifiers detect known cyber-attacks, while clustering algorithms use these attributes and features to detect novel attacks.

Description

The author has not given permission for Aaltodoc -publishing.

Supervising professor

Kantola, Raimo, Prof., Aalto University, Department of Communications and Networking, Finland

Thesis advisor

Yan, Zheng, Prof., Xi'dian University, China

Keywords

machine learning, intrusion detection, overfitting, cyber-security, cyber-attack

Other note

Parts

  • [Publication 1]: M. Monshizadeh, V. Khatri and R. Kantola, “An adaptive detection and prevention architecture for unsafe traffic in SDN enabled mobile networks”, in 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 883-884, 2017,
    DOI: 10.23919/INM.2017.7987395 View at publisher
  • [Publication 2]: M. Monshizadeh, V. Khatri, R. Kantola and Z. Yan, “An Orchestrated Security Platform for Internet of Robots”, in Green, Pervasive, and Cloud Computing (GPC), pp. 298-312, 2017.
    DOI: 10.1007/978-3-319-57186-7_23 View at publisher
  • [Publication 3]: M. Monshizadeh, V. Khatri, B. G. Atli and R. Kantola, “An Intelligent Defense and Filtration Platform for Network Traffic”, in Wired/Wireless Internet Communications (WWIC), pp. 107-118, 2018,
    DOI: 10.1007/978-3-030-02931-9_9 View at publisher
  • [Publication 4]: M. Monshizadeh, V. Khatri, B. G. Atli, R. Kantola and Z. Yan, “Performance Evaluation of a Combined Anomaly Detection Platform”, in IEEE Access, vol. 7, pp. 100964-100978, 2019.
    Full text in Acris/Aaltodoc: http://urn.fi/URN:NBN:fi:aalto-201909035189
    DOI: 10.1109/ACCESS.2019.2930832 View at publisher
  • [Publication 5]: M. Monshizadeh, V. Khatri, M. Gamdou, R. Kantola and Z. Yan, “Improving Data Generalization With Variational Autoencoders for Network Traffic Anomaly Detection”, in IEEE Access, vol. 9, pp. 56893-56907, 2021. http://urn.fi/URN:NBN:fi:aalto-202104286382.
    DOI: 10.1109/ACCESS.2021.3072126 View at publisher
  • [Publication 6]: M. Monshizadeh, V. Khatri, R. Kantola and Z. Yan, “A Deep Density Based and Self-determining Clustering Approach to Label Unknown Traffic”, in Journal of Network and Computer Applications, vol. 207, 2022.
    Full text in Acris/Aaltodoc: http://urn.fi/URN:NBN:fi:aalto-202210195981
    DOI: 10.1016/j.jnca.2022.103513 View at publisher

Citation

Permanent link to this item

https://urn.fi/URN:ISBN:978-952-64-1175-0

Collections

[diss] Sähkötekniikan korkeakoulu / ELEC

Endorsement

Review

Supplemented By

Referenced By