Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Training LSTM RNN models for network flow data classification for attack intention recognition systems
University of Skövde, School of Informatics.
2020 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The classification of network attack data, and prediction of the next likely set of network traffic flows is of particular interest to the cyber security domain, as it forms the basis for the timely response to cyber attacks as they progress. This work presents an overview of the main Attack Intention Recognition (AIR) approaches and techniques proposed over the last few years and proceeds to propose a system for classifying and distinguishing different types of network attacks using LSTM-RNN models. A set of LSTM-RNN models for detecting and distinguishing brute force, denial of service, ping scan, port scan, normal and suspicious network flow data, were trained for application to a real-time AIR algorithm using the CIDDS-001 dataset. The selected models are good enough to be applied to the overall AIR algorithm. The Brute Force model gave 86% accuracy, DOS 71% accuracy, Ping Scan 93% accuracy, Port Scan 71% accuracy. The performance of the selected models are comparable to those models oultined in the literature review and in a few cases seem to perform better. This work highlights that single layer LSTM-RNNs with no more than 150 hidden units are able to accurately classify flows given only the first 5% ofan attack. As the accuracy in this regard is greater than 70%, the selected models are good enough to be applied to the overall AIR algorithm. The report finally discusses suggestions for future work on developing the algorithm.

Place, publisher, year, edition, pages
2020. , p. 59
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-19289OAI: oai:DiVA.org:his-19289DiVA, id: diva2:1506413
Subject / course
Informationsteknologi
Educational program
Data Science - Master’s Programme
Supervisors
Examiners
Available from: 2020-12-03 Created: 2020-12-03 Last updated: 2021-10-29Bibliographically approved

Open Access in DiVA

fulltext(4792 kB)438 downloads
File information
File name FULLTEXT01.pdfFile size 4792 kBChecksum SHA-512
b97383c2c307156a1b0124fa1bcdbeee08219fc4fee96a447c436990c5e227eb3dd5f1251c924584540a47121c8d6f07f668ffa7131a8c3745bdba815f7f405c
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 438 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 882 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf