Towards Representation Learning for Robust Network Intrusion Detection Systems
| dc.contributor.advisor | Zou, Xukai | |
| dc.contributor.advisor | Li, Feng | |
| dc.contributor.author | Hosler, Ryan | |
| dc.contributor.other | Tsechpenakis, Gavriil | |
| dc.contributor.other | Durresi, Arjan | |
| dc.contributor.other | Hu, Qin | |
| dc.date.accessioned | 2024-06-04T08:19:19Z | |
| dc.date.available | 2024-06-04T08:19:19Z | |
| dc.date.issued | 2024-05 | |
| dc.degree.date | 2024 | |
| dc.degree.discipline | Computer and Information Science | |
| dc.degree.grantor | Purdue University | |
| dc.degree.level | Ph.D. | |
| dc.description | IUPUI | |
| dc.description.abstract | The most cost-effective method for cybersecurity defense is prevention. Ideally, before a malicious actor steals information or affects the functionality of a network, a Network Intrusion Detection System (NIDS) will identify and allow for a complete prevention of an attack. For this reason, there are commercial availabilities for rule-based NIDS which will use a packet sniffer to monitor all incoming network traffic for potential intrusions. However, such a NIDS will only work on known intrusions, therefore, researchers have devised sophisticated Deep Learning methods for detecting malicious network activity. By using statistical features from network flows, such as packet count, connection duration, flow bytes per second, etc., a Machine Learning or Deep Learning NIDS may identify an advanced attack that would otherwise bypass a rule-based NIDS. For this research, the presented work will develop novel applications of Deep Learning for NIDS development. Specifically, an image embedding algorithms will be adapted to this domain. Moreover, novel methods for representing network traffic as a graph and applying Deep Graph Representation Learning algorithms for an NIDS will be considered. When compared to the existing state-of-the-art methods within NIDS literature, the methods developed in the research manage to outperform them on numerous Network Traffic Datasets. Furthermore, an NIDS was deployed and successfully configured to a live network environment. Another domain in which this research is applied to is Android Malware Detection. By analyzing network traffic produced by either a benign or malicious Android Application, current research has failed to accurately detect Android Malware. Instead, they rely on features which are extracted from the APK file itself. Therefore, this research presents a NIDS inspired Graph-Based model which demonstrably distinguishes benign and malicious applications through analysis of network traffic alone, which outperforms existing sophisticated malware detection frameworks. | |
| dc.identifier.uri | https://hdl.handle.net/1805/41153 | |
| dc.language.iso | en_US | |
| dc.rights | CC0 1.0 Universal | en |
| dc.rights.uri | https://creativecommons.org/publicdomain/zero/1.0 | |
| dc.subject | Graph Representation Model | |
| dc.subject | Image Embedding | |
| dc.subject | Network Intrusion Detection Framework | |
| dc.subject | Android Malware Analysis and Detection | |
| dc.subject | Autoencoder Neural Networks | |
| dc.subject | Wasserstein Generative Adversarial Network | |
| dc.subject | Bidirectional Generative Adversarial Network | |
| dc.subject | Deep Graph Convolutional Neural Networks | |
| dc.subject | Network Flow Modelling | |
| dc.title | Towards Representation Learning for Robust Network Intrusion Detection Systems | |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer & Information Science | en |