A Fresh Look at Combining Logs and Network Data to Detect Anomalous Activity

Matthew Banton, Nathan Shone, William Hurst, Qi Shi

Research output: Chapter in Book/Report/Conference proceedingConference paperAcademicpeer-review

1 Citation (Scopus)

Abstract

As data rates have increased, network administrators have increasingly turned to Software Defined Networking (SDN) to increase efficiency, as well as to react quicker to changing network states. However, as SDN flows become the norm to manage network traffic, Network Intrusion Detection Systems (NIDS) still rely on processing packet data directly using techniques such as Deep Packet Inspection (DPI). SDN flows provide only a high level representation of the packets traversing the network, reducing the amount of data available to NIDS. In particular Deep Learning based NIDS may be affected. Deep Learning has been proposed as a solution to 0-day attacks, but these models typically require large volumes of training data with many data points. This paper proposes a solution to this dilemma, by providing more data points for an IDS to monitor through the abstraction of log data generated by the flows. Past papers have shown that the quality of training data can have a marked effect on performance of Deep Learning models. This paper builds on these works by showing that high quality data points can be added in a computationally inexpensive manner, and through adding these data points, accuracy on a real world dataset can be increased by upwards of 10

Original languageEnglish
Title of host publication6th International Conference on Information and Communication Technologies for Disaster Management, ICT-DM 2019
EditorsYassine Hadjadj-Aoul
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728149202
DOIs
Publication statusPublished - Dec 2019
Externally publishedYes
Event6th International Conference on Information and Communication Technologies for Disaster Management, ICT-DM 2019 - Paris, France
Duration: 18 Dec 201920 Dec 2019

Publication series

Name6th International Conference on Information and Communication Technologies for Disaster Management, ICT-DM 2019

Conference

Conference6th International Conference on Information and Communication Technologies for Disaster Management, ICT-DM 2019
CountryFrance
CityParis
Period18/12/1920/12/19

Keywords

  • Deep Learning
  • DNN
  • intrusion detection
  • log input
  • SDN

Fingerprint Dive into the research topics of 'A Fresh Look at Combining Logs and Network Data to Detect Anomalous Activity'. Together they form a unique fingerprint.

Cite this