4.6 Article

Host-Based Intrusion Detection Model Using Siamese Network

IEEE ACCESS (2021)

Get Full Text
Add to Collection

Journal

IEEE ACCESS
Volume 9, Issue -, Pages 76614-76623

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2021.3082160

Keywords

Intrusion detection; Deep learning; Data models; Computer crime; Malware; Machine learning algorithms; Convolutional neural networks; Machine learning; LID-DS; few-shot learning; siamese network; HIDS

Categories

Computer Science, Information Systems Engineering, Electrical & Electronic Telecommunications

Funding

  1. Defense Acquisition Program Administration
  2. Agency for Defense Development Institute [UD200014ED]

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

As cyberattacks evolve, traditional intrusion detection systems face challenges in detecting advanced attacks. A deep learning-based model, Siamese-CNN, has shown improved performance in identifying attack patterns, outperforming Vanilla-CNN by achieving approximately 6% higher recall rate.
As cyberattacks become more intelligent, the difficulty increases for traditional intrusion detection systems to detect advanced attacks that deviate from previously stored patterns. To solve this problem, a deep learning-based intrusion detection system model has emerged that analyzes intelligent attack patterns through data learning. However, deep learning models have the disadvantage of having to re-learn each time a new cyberattack method emerges. The time required to learn a large amount of data is not efficient. In this paper, an experiment was conducted using the Leipzig Intrusion Detection Data Set (LID-DS), which is a host-based intrusion detection data set released in 2018. In addition, in order to evaluate and improve the performance of the system, a host-based intrusion detection model consisting of pre-processing, vector-to-image processing, training and testing steps is proposed. In the training and testing steps, a Siamese Convolutional Neural Network (Siamese-CNN) is constructed using the few-shot learning method, which shows excellent performance by learning a small amount of data. Siamese-CNN determines whether the attack type is the same based on the similarity score of each cyberattack sample converted to an image. The accuracy was calculated using the few-shot learning technique. The performance of the Vanilla Convolutional Neural Network (Vanilla-CNN) and Siamese-CNN are compared to confirm the performance of Siamese-CNN. As a result of measuring the accuracy, precision, recall, and F1-score indicators, it was confirmed that the recall of the Siamese-CNN model proposed in this study increased by about 6% compared to the Vanilla-CNN model.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.