TY - GEN
T1 - Griffin: An Ensemble of AutoEncoders for Anomaly Traffic Detection in SDN
AU - Yang, Liyan
AU - Song, Yubo
AU - Gao, Shang
AU - Xiao, Bin
AU - Hu, Aiqun
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - The Network Intrusion Detection Systems (NIDS) with machine learning in SDN become increasingly popular solutions. NIDS uses abnormal traffic detection to identify unknown network attacks. Most of today's abnormal traffic detection systems are supposed to continuously update the recognition model in time based on the features from newly collected packets to accurately identify unknown network attack behaviors. However, those existing solutions always require a large number of packets to train the recognition model offline. That means it is impossible to accurately detect the emergence of new cyber-attacks immediately. This paper proposes Griffin, a per-packet anomaly detection system that can dynamically update the training model based on neural networks. The Griffin is executed in SDN environment, utilizing a novel ensemble of autoencoders to collectively filter out abnormal traffic from normal traffic. Meanwhile, the autoencoders are updated based on the root mean square error to adjust the training model. The adjustment is done in an unsupervised manner, which needs no expert to label the network traffic or update the model from time to time. Our evaluations, with the open Datasets provided by Yisroel Mirsky, show that Griffin's time delay is around 0. 1s and its accuracy is 98%. Moreover, we also compare Griffin with other four similar NIDSs and find that Griffin performs the best in terms of Matthews Correlation Coefficient and complexity.
AB - The Network Intrusion Detection Systems (NIDS) with machine learning in SDN become increasingly popular solutions. NIDS uses abnormal traffic detection to identify unknown network attacks. Most of today's abnormal traffic detection systems are supposed to continuously update the recognition model in time based on the features from newly collected packets to accurately identify unknown network attack behaviors. However, those existing solutions always require a large number of packets to train the recognition model offline. That means it is impossible to accurately detect the emergence of new cyber-attacks immediately. This paper proposes Griffin, a per-packet anomaly detection system that can dynamically update the training model based on neural networks. The Griffin is executed in SDN environment, utilizing a novel ensemble of autoencoders to collectively filter out abnormal traffic from normal traffic. Meanwhile, the autoencoders are updated based on the root mean square error to adjust the training model. The adjustment is done in an unsupervised manner, which needs no expert to label the network traffic or update the model from time to time. Our evaluations, with the open Datasets provided by Yisroel Mirsky, show that Griffin's time delay is around 0. 1s and its accuracy is 98%. Moreover, we also compare Griffin with other four similar NIDSs and find that Griffin performs the best in terms of Matthews Correlation Coefficient and complexity.
KW - anomaly detection
KW - autoencoder
KW - ensemble learning
KW - network intrusion detection system
KW - Software-defined Network
UR - http://www.scopus.com/inward/record.url?scp=85100443234&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM42002.2020.9322187
DO - 10.1109/GLOBECOM42002.2020.9322187
M3 - Conference article published in proceeding or book
AN - SCOPUS:85100443234
T3 - 2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings
SP - 1
EP - 6
BT - 2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 IEEE Global Communications Conference, GLOBECOM 2020
Y2 - 7 December 2020 through 11 December 2020
ER -