Papers
Topics
Authors
Recent
Search
2000 character limit reached

ByteStack-ID: Integrated Stacked Model Leveraging Payload Byte Frequency for Grayscale Image-based Network Intrusion Detection

Published 6 Oct 2023 in cs.CR, cs.AI, and cs.LG | (2310.09298v3)

Abstract: In the ever-evolving realm of network security, the swift and accurate identification of diverse attack classes within network traffic is of paramount importance. This paper introduces "ByteStack-ID," a pioneering approach tailored for packet-level intrusion detection. At its core, ByteStack-ID leverages grayscale images generated from the frequency distributions of payload data, a groundbreaking technique that greatly enhances the model's ability to discern intricate data patterns. Notably, our approach is exclusively grounded in packet-level information, a departure from conventional Network Intrusion Detection Systems (NIDS) that predominantly rely on flow-based data. While building upon the fundamental concept of stacking methodology, ByteStack-ID diverges from traditional stacking approaches. It seamlessly integrates additional meta learner layers into the concatenated base learners, creating a highly optimized, unified model. Empirical results unequivocally confirm the outstanding effectiveness of the ByteStack-ID framework, consistently outperforming baseline models and state-of-the-art approaches across pivotal performance metrics, including precision, recall, and F1-score. Impressively, our proposed approach achieves an exceptional 81\% macro F1-score in multiclass classification tasks. In a landscape marked by the continuous evolution of network threats, ByteStack-ID emerges as a robust and versatile security solution, relying solely on packet-level information extracted from network traffic data.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. Y. A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Detecting unknown attacks in iot environments: An open set classifier for enhanced network intrusion detection,” in MILCOM 2023 - 2023 IEEE Military Communications Conference (MILCOM), 2023, pp. 121–126.
  2. F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, “Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8182–8201, 2019.
  3. S. Wali, Y. Farrukh, and I. Khan, “Covert penetrations: Analyzing and defending scada systems from stealth and hijacking attacks,” 2024.
  4. M. Hatton, “The iot in 2030: Which applications account for the biggest chunk of the 1.5 trillion opportunity?” 2020.
  5. S. Wali and I. Khan, “Explainable ai and random forest based reliable intrusion detection system,” 2021.
  6. Y. Y. Ghadi, M. S. Iqbal, M. Adnan, K. Amjad, I. Ahmad, and U. Farooq, “An improved artificial neural network-based approach for total harmonic distortion reduction in cascaded h-bridge multilevel inverters,” IEEE Access, vol. 11, pp. 127 348–127 363, 2023.
  7. J. C. Jensen, “The first workshop on cyber-physical systems education.” [Online]. Available: https://cps-vo.org/node/7266
  8. Y. A. Farrukh, Z. Ahmad, I. Khan, and R. M. Elavarasan, “A sequential supervised machine learning approach for cyber attack detection in a smart grid system,” in 2021 North American Power Symposium (NAPS).   IEEE, 2021, pp. 1–6.
  9. I. Khan, S. Wali, and Y. A. Farrukh, “Radiant: Reactive autoencoder defense for industrial adversarial network threats,” Available at SSRN 4572172.
  10. D. Gupta and R. Rani, “Improving malware detection using big data and ensemble learning,” Computers & Electrical Engineering, vol. 86, p. 106729, 2020.
  11. R. R. Mehdi, M. Kumar, E. A. Mendiola, S. Sadayappan, and R. Avazmohammadi, “Machine learning-based classification of cardiac relaxation impairment using sarcomere length and intracellular calcium transients,” Computers in Biology and Medicine, p. 107134, 2023.
  12. I. Syarif, E. Zaluska, A. Prugel-Bennett, and G. Wills, “Application of bagging, boosting and stacking to intrusion detection,” in Machine Learning and Data Mining in Pattern Recognition: 8th International Conference, MLDM 2012, Berlin, Germany, July 13-20, 2012. Proceedings 8.   Springer, 2012, pp. 593–602.
  13. W. Lee, S. J. Stolfo, P. K. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, and J. Zhang, “Real time data mining-based intrusion detection,” Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1, pp. 89–100, 2001.
  14. Y. A. Farrukh, S. Wali, I. Khan, and N. Bastian, “Ais-nids: An intelligent and self-sustaining network intrusion detection system,” Available at SSRN 4635437.
  15. W. Wang, Y. Sheng, J. Wang, X. Zeng, X. Ye, Y. Huang, and M. Zhu, “Hast-ids: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection,” IEEE access, vol. 6, pp. 1792–1806, 2017.
  16. X. Zhang, J. Chen, Y. Zhou, L. Han, and J. Lin, “A multiple-layer representation learning model for network-based attack detection,” IEEE Access, vol. 7, pp. 91 992–92 008, 2019.
  17. B. A. Pratomo, P. Burnap, and G. Theodorakopoulos, “Unsupervised approach for detecting low rate attacks on network traffic with autoencoder,” in 2018 international conference on cyber security and protection of digital services (Cyber Security).   IEEE, 2018, pp. 1–8.
  18. H. Liu, B. Lang, M. Liu, and H. Yan, “Cnn and rnn based payload classification methods for attack detection,” Knowledge-Based Systems, vol. 163, pp. 332–341, 2019.
  19. E. L. Goodman, C. Zimmerman, and C. Hudson, “Packet2vec: Utilizing word2vec for feature extraction in packet data,” arXiv preprint arXiv:2004.14477, 2020.
  20. M. Hassan, M. E. Haque, M. E. Tozal, V. Raghavan, and R. Agrawal, “Intrusion Detection Using Payload Embeddings,” IEEE Access, vol. 10, pp. 4015–4030, 2022.
  21. J. M. Vidal, M. A. S. Monge, and S. M. M. Monterrubio, “Espada: Enhanced payload analyzer for malware detection robust against adversarial threats,” Future Generation Computer Systems, vol. 104, pp. 159–173, 2020.
  22. I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” 2018.
  23. Y. Farrukh, I. Khan, S. Wali, D. A. Bierbrauer, J. Pavlik, and N. D. Bastian, “Payload-byte: A tool for extracting and labeling packet capture files of modern network intrusion detection datasets,” 2022.
  24. D. A. Bierbrauer, A. Chang, W. Kritzer, and N. D. Bastian, “Cybersecurity anomaly detection in adversarial environments,” arXiv preprint arXiv:2105.06742, 2021.
  25. R. Odegua, “An empirical study of ensemble techniques (bagging, boosting and stacking),” in Proc. Conf.: Deep Learn. IndabaXAt, 2019.
  26. R. Polikar, “Ensemble based systems in decision making,” IEEE Circuits and systems magazine, vol. 6, no. 3, pp. 21–45, 2006.
  27. Y. A. Farrukh, S. Wali, I. Khan, and N. D. Bastian, “Senet-i: An approach for detecting network intrusions through serialized network traffic images,” Available at SSRN 4370422.

Summary

No one has generated a summary of this paper yet.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Continue Learning

We haven't generated follow-up questions for this paper yet.

Collections

Sign up for free to add this paper to one or more collections.