Early Detection with Explainability of Network Attacks Using Deep Learning
In previous work, we proposed an end-to-end early intrusion detection system to identify network attacks in real-time before they complete and could cause any more damage to the system under attack. To implement the approach, we have trained a Convolution Neural Network (CNN) model with attention mechanism in a supervised manner to extract relevant features from raw network traffic in order to classify network flows into different types of attacks. In this preliminary work, we discuss and compare the results of using the Recurrent Neural Network (RNN) model with an attention mechanism to detect the attacks earlier. Furthermore, the model not only classifies the given flow, but it also ranks the packets in the flow with respect to their importance for prediction. This ranking can be used for further investigation of the detected network attacks. We empirically evaluate our approach on the CICIDS2017 dataset. Preliminary results show that the RNN model with an attention mechanism can achieve better classification performance than our previous work with CNN model.
Mon 27 MayDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | |||
11:00 30mFull-paper | Automated SQA Framework with Predictive Machine Learning in Airfield Software ITEQS Ridwan Hossain , Akramul Azim Ontario Tech University, Linda Cato Team Eagle, Bruce Wilkins Team Eagle | ||
11:30 30mFull-paper | Early Detection with Explainability of Network Attacks Using Deep Learning ITEQS | ||
12:00 30mFull-paper | Testing cyber-physical systems with explicit output coverage ITEQS Jarkko Peltomäki Åbo Akademi University, Jesper Winsten , Maxime Methais , Ivan Porres Åbo Akademi University | ||