ABSTRACT
We investigate light-weight techniques for detecting common SYN attacks on devices that are attached to the Internet, such as IoT devices and gateways, Fog servers or edge devices which may have low processing capacity. In particular, we examine the Random Neural Network with Deep Learning, trained with "normal" non-attack traffic, and a Long-Short-Term-Memory (LSTM) neural network. Using the same traffic traces for attack traffic, our experiments show that the Random Neural Network provides substantially better attack detection and significantly lower false alarm rates as compared to the LSTM network.
Supplemental Material
- E. Gelenbe, "Random neural networks with negative and positive signals and product form solution,"Neural Computation, 1(4), 502--510, 1989.Google ScholarDigital Library
- E. Gelenbe, "Learning in the recurrent random neural network.," Neural Computation, 5(1), 154--164, 1993Google ScholarDigital Library
- E. Gelenbe and Y. Yin, "Deep learning with random neural networks," Neural Networks (IJCNN), 2016 Int. Joint Conference on, IEEE, 1633--1638, 2016.Google Scholar
- O. Brun, Y. Yin and E. Gelenbe, "Deep Learning with Dense Random Neural Networks for detecting attacks against IoT-connected home Environments," Procedia Computer Science, 134, 458--46 2018. Google ScholarCross Ref
- X. Yuan, C. Li and X. Li, "DeepDefense: Identifying DDoS Attack via Deep Learning," 2017 IEEE International Conference on Smart Computing (SMARTCOMP), Hong Kong, 2017, pp. 1--8. Google ScholarCross Ref
- Y. Li and Y. Lu, "LSTM-BA: DDoS Detection Approach Combining LSTM and Bayes," 2019 Seventh International Conference on Advanced Cloud and Big Data (CBD), Suzhou, China, 2019, pp. 180--185. Google ScholarCross Ref
- T. Guo, Z. Xu, X. Yao, H. Chen, K. Aberer and K. Funaya, "Robust Online Time Series Prediction with Recurrent Neural Networks," 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), Montreal, QC, 2016, pp. 816--825.Google Scholar
- E. Gelenbe, "A Software Defined Self-Aware Network: The Cognitive Packet Network," 2014 IEEE 3rd Symposium on Network Cloud Computing and Applications (ncca 2014), Rome, 2014, pp. 9--14.Google Scholar
- S. Basterreich and Gerardo Rubino. "Random Neural Network Model for Supervised Learning Problems: A Tutorial," Neural Network World 25.5 (2015): 457--499. Crossref. Web.Google ScholarCross Ref
- T. Guo, Z. Xu, X. Yao, H. Chen, K. Aberer and K. Funaya, "Robust Online Time Series Prediction with Recurrent Neural Networks," 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), Montreal, QC, 2016, pp. 816--825Google Scholar
- Y. Tian and L. Pan, "Predicting Short-Term Traffic Flow by Long Short-Term Memory Recurrent Neural Network," 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), Chengdu, 2015, pp. 153--158. Google ScholarCross Ref
- K. Greff, R. K. Srivastava, J. Koutník, B. R. Steunebrink and J. Schmidhuber, "LSTM: A Search Space Odyssey," in IEEE Transactions on Neural Networks and Learning Systems, vol. 28, no. 10, pp. 2222--2232, Oct. 2017. Google ScholarCross Ref
- P. J. Werbos, "Backpropagation through time: what it does and how to do it," in Proceedings of the IEEE, vol. 78, no. 10, pp. 1550--1560, Oct. 1990. Google ScholarCross Ref
- H. Tang and J. Glass, "On Training Recurrent Networks with Truncated Backpropagation Through time in Speech Recognition," 2018 IEEE Spoken Language Technology Workshop (SLT), Athens, Greece, 2018, pp. 48--55. Google ScholarCross Ref
- S. Kakuru, "Behavior based network traffic analysis tool," 2011 IEEE 3rd International Conference on Communication Software and Networks, Xi'an, 2011, pp. 649--652. Google ScholarCross Ref
- W. Zhang et al., "LSTM-Based Analysis of Industrial IoT Equipment," in IEEE Access, vol. 6, pp. 23551--23560, 2018. Google ScholarCross Ref
- Z. Zhang, "Improved Adam Optimizer for Deep Neural Networks," 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), Banff, AB, Canada, 2018, pp. 1--2. Google ScholarCross Ref
- Lan Wang and E. Gelenbe, "Adaptive dispatching of tasks in the cloud," IEEE Transactions on Cloud Computing 6 (1), 33--45, 2018.Google ScholarCross Ref
- Understanding LSTM Networks - colah's blog. https://colah.github.io/posts/2015-08-Understanding-LSTMs/.Google Scholar
Index Terms
- Neural network architectures for the detection of SYN flood attacks in IoT systems
Recommendations
A lab implementation of SYN flood attack and defense
SIGITE '08: Proceedings of the 9th ACM SIGITE conference on Information technology educationA "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. SYN flood attack is one of the most common types of DoS. In this lab, we model and simulate a real world ...
Random Neural Network for Lightweight Attack Detection in the IoT
Modelling, Analysis, and Simulation of Computer and Telecommunication SystemsAbstractCyber-attack detection has become a basic component of all information processing systems, and once an attack is detected it may be possible to block or mitigate its effects. This paper addresses the use of a learning recurrent Random Neural ...
Method of Comparison of Neural Network Resistance to Adversarial Attacks
Internet of Things, Smart Spaces, and Next Generation Networks and SystemsAbstractThe vulnerability of neural networks to adversarial attacks has long been revealed. However, the structure of neural networks is not given due attention during the attack. The article deals with the impact of different parameters of a neural ...
Comments