Early Detection of Network Attacks Using Deep Learning

TL;DR

This paper presents an early intrusion detection system using deep neural networks that identifies network attacks before they cause damage, improving response time and system security.

Contribution

It introduces a deep learning-based early detection approach with a new earliness metric, trained on raw traffic data, for proactive network security.

Findings

Achieved 0.803 balanced accuracy on CICIDS2017 dataset

Demonstrated effectiveness of deep neural networks for early attack detection

Proposed a novel metric for measuring detection timeliness

Abstract

The Internet has become a prime subject to security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption or theft. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. State-of-the-art intrusion detection systems are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. We employ a deep neural network-based classifier for attack identification. The network is trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we introduce a new metric, called earliness, to evaluate how early our proposed approach detects attacks. We have empirically evaluated our approach on the CICIDS2017 dataset. The results show that our approach performed well and attained an overall 0.803 balanced accuracy.