Welcome to the InfoSci Platform
Application of Representation Learning-Based Chronological Modeling for Network Intrusion Detection

Application of Representation Learning-Based Chronological Modeling for Network Intrusion Detection

Nitin O. Mathur, Chengcheng Li, Bilal Gonen, Kijung Lee
Copyright: © 2022 |Volume: 16 |Issue: 1 |Pages: 32
ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781683180203|DOI: 10.4018/IJISP.291701
Cite Article Cite Article

MLA

Mathur, Nitin O., et al. "Application of Representation Learning-Based Chronological Modeling for Network Intrusion Detection." IJISP vol.16, no.1 2022: pp.1-32. http://doi.org/10.4018/IJISP.291701

APA

Mathur, N. O., Li, C., Gonen, B., & Lee, K. (2022). Application of Representation Learning-Based Chronological Modeling for Network Intrusion Detection. International Journal of Information Security and Privacy (IJISP), 16(1), 1-32. http://doi.org/10.4018/IJISP.291701

Chicago

Mathur, Nitin O., et al. "Application of Representation Learning-Based Chronological Modeling for Network Intrusion Detection," International Journal of Information Security and Privacy (IJISP) 16, no.1: 1-32. http://doi.org/10.4018/IJISP.291701

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

An autoencoder has the potential to overcome the limitations of current intrusion detection methods by recognizing benign user activity rather than differentiating between benign and malicious activity. However, the line separating them is quite blurry with a significant overlap. The first part of this study aims to investigate the rationale behind this overlap. The results suggest that although a subset of traffic cannot be separated without labels, timestamps have the potential to be leveraged for identification of activity that does not conform to the normal or expected behavior of the network. The second part aims to eliminate dependence on visual-inspections by exploring automation. The trend of errors for HTTP traffic was modeled chronologically using resampled data and moving averages. This model successfully identified attacks that had orchestrated over HTTP within their respective time slots. These results support the hypothesis that it is technically feasible to build an anomaly-based intrusion detection system where each individual observation need not be categorized.