| Title | Understanding the Influence of Graph Kernels on Deep Learning Architecture: A Case Study of Flow-Based Network Attack Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Su, Liya, Yao, Yepeng, Lu, Zhigang, Liu, Baoxu |
| Conference Name | 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| Keywords | anomaly-based approaches, Computer architecture, Computer crime, computer network security, convolutional neural nets, Deep Learning, deep learning architecture, deep neural networks, flow-based network attack detection, Graph Kernel, graph theory, IP networks, Kernel, learning (artificial intelligence), network attack detection, network attack detection tasks, network attack detection technology, Network Security Architecture, network security practices, network traffic, networked system, Neural networks, pubcrawl, Resiliency |
| Abstract | Flow-based network attack detection technology is able to identify many threats in network traffic. Existing techniques have several drawbacks: i) rule-based approaches are vulnerable because it needs all the signatures defined for the possible attacks, ii) anomaly-based approaches are not efficient because it is easy to find ways to launch attacks that bypass detection, and iii) both rule-based and anomaly-based approaches heavily rely on domain knowledge of networked system and cyber security. The major challenge to existing methods is to understand novel attack scenarios and design a model to detect novel and more serious attacks. In this paper, we investigate network attacks and unveil the key activities and the relationships between these activities. For that reason, we propose methods to understand the network security practices using theoretic concepts such as graph kernels. In addition, we integrate graph kernels over deep learning architecture to exploit the relationship expressiveness among network flows and combine ability of deep neural networks (DNNs) with deep architectures to learn hidden representations, based on the communication representation graph of each network flow in a specific time interval, then the flow-based network attack detection can be done effectively by measuring the similarity between the graphs to two flows. The proposed study provides the effectiveness to obtain insights about network attacks and detect network attacks. Using two real-world datasets which contain several new types of network attacks, we achieve significant improvements in accuracies over existing network attack detection tasks. |
| DOI | 10.1109/TrustCom/BigDataSE.2019.00049 |
| Citation Key | su_understanding_2019 |
Understanding the Influence of Graph Kernels on Deep Learning Architecture: A Case Study of Flow-Based Network Attack Detection