Towards Representation Learning for Robust Network Intrusion Detection Systems

Files
Thesis.pdf (1.3 MB)
If you need an accessible version of this item, please submit a remediation request.
Date
2024-05
Authors
Hosler, Ryan
Language
American English
Embargo Lift Date
Department
Committee Chair
Zou, Xukai
Committee Members
Tsechpenakis, Gavriil
Durresi, Arjan
Hu, Qin
Degree
Ph.D.
Degree Year
2024
Department
Computer and Information Science
Grantor
Purdue University
Journal Title
Journal ISSN
Volume Title
Found At
Abstract

The most cost-effective method for cybersecurity defense is prevention. Ideally, before a malicious actor steals information or affects the functionality of a network, a Network Intrusion Detection System (NIDS) will identify and allow for a complete prevention of an attack. For this reason, there are commercial availabilities for rule-based NIDS which will use a packet sniffer to monitor all incoming network traffic for potential intrusions. However, such a NIDS will only work on known intrusions, therefore, researchers have devised sophisticated Deep Learning methods for detecting malicious network activity. By using statistical features from network flows, such as packet count, connection duration, flow bytes per second, etc., a Machine Learning or Deep Learning NIDS may identify an advanced attack that would otherwise bypass a rule-based NIDS.

For this research, the presented work will develop novel applications of Deep Learning for NIDS development. Specifically, an image embedding algorithms will be adapted to this domain. Moreover, novel methods for representing network traffic as a graph and applying Deep Graph Representation Learning algorithms for an NIDS will be considered. When compared to the existing state-of-the-art methods within NIDS literature, the methods developed in the research manage to outperform them on numerous Network Traffic Datasets. Furthermore, an NIDS was deployed and successfully configured to a live network environment.

Another domain in which this research is applied to is Android Malware Detection. By analyzing network traffic produced by either a benign or malicious Android Application, current research has failed to accurately detect Android Malware. Instead, they rely on features which are extracted from the APK file itself. Therefore, this research presents a NIDS inspired Graph-Based model which demonstrably distinguishes benign and malicious applications through analysis of network traffic alone, which outperforms existing sophisticated malware detection frameworks.

Description
IUPUI
Keywords
Graph Representation Model, Image Embedding, Network Intrusion Detection Framework, Android Malware Analysis and Detection, Autoencoder Neural Networks, Wasserstein Generative Adversarial Network, Bidirectional Generative Adversarial Network, Deep Graph Convolutional Neural Networks, Network Flow Modelling
item.page.description.tableofcontents
item.page.relation.haspart
Cite As
ISSN
Publisher
Series/Report
Sponsorship
Major
Extent
Identifier
Relation
Journal
Rights
CC0 1.0 Universal Creative Commons publicdomain
Source
Alternative Title
Type
Thesis
Number
Volume
Conference Dates
Conference Host
Conference Location
Conference Name
Conference Panel
Conference Secretariat Location
Permanent Link
https://hdl.handle.net/1805/41153
Version
Full Text Available at
This item is under embargo {{howLong}}
Collections
Computer & Information Science Department Theses and Dissertations