Payload-based network intrusion detection using LSTM autoencoders

Simple item page
buir.advisorKozat, Süleyman Serdar
dc.contributor.authorCoşan, Selin
dc.date.accessioned2020-12-28T09:48:59Z
dc.date.available2020-12-28T09:48:59Z
dc.date.copyright2020-12
dc.date.issued2020-12
dc.date.submitted2020-12-25
dc.descriptionCataloged from PDF version of article.en_US
dc.descriptionThesis (Master's): Bilkent University, Department of Electrical and Electronics Engineering, İhsan Doğramacı Bilkent University, 2020.en_US
dc.descriptionIncludes bibliographical references (leaves 40-44).en_US
dc.description.abstractThe increase in the use of computer networks by vast numbers of different devices have allowed malicious entities to develop a plethora of diverse attacks, targeting individuals and businesses. The defence systems need to be kept up to date constantly since new attacks emerge daily, in addition to having a wide range of characteristics. Intrusion detection is a branch of cyber-security that aims to prevent these attacks. Machine learning and deep learning approaches gained popularity in this discipline, as they did in many others such as fraud detection and medicine. Given that network traffic usually displays normal behavior, anomaly detection methods can pinpoint threats by identifying connections with abnormal properties. This task can be accomplished in a supervised or an unsupervised manner. Regardless of the path, constructing meaningful representations of network data is essential. In this thesis, we employ different types of feature extraction methods for computer network data and anomaly detection strategies that can detect malicious behaviour. For the feature extraction task, we aim to obtain vector representations of network payloads such that the core information is more reachable and irrelevant information is discarded. In our setting, the input size can vary due to the nature of the computer network data. Considering this, we use feature extraction methods that can map inputs of varying sizes into feature spaces with fixed dimensionality so that some machine learning approaches, that are otherwise unusable in these settings, can be employed. For the anomaly detection task, we utilize both supervised and unsupervised approaches. The supervised methods make use of the aforementioned feature extraction strategies and use the reduced and fixed dimensional representations of the computer network data. For the unsupervised case, we employ autoencoders that can extract information from sequential data. Recurrent neural networks(RNNs) can process sequential data with varying length. We specifically use autoencoders with long short-term memory(LSTM), which is a special form of RNNs with a more complex structure that allows them to handle long-term dependencies in sequential data. Then, anomaly detection is performed using reconstruction error. We conduct experiments using dynamic and realistic data sets, which consist of various types of attacks. Then, we evaluate the validity of our proposed approaches based on AUC and F1 measures.en_US
dc.description.provenanceSubmitted by Betül Özen (ozen@bilkent.edu.tr) on 2020-12-28T09:48:59Z No. of bitstreams: 1 Thesis_SelinCosan_Bilkent.pdf: 719346 bytes, checksum: c1728461e95510f00f9e17be0c61bc8f (MD5)en
dc.description.provenanceMade available in DSpace on 2020-12-28T09:48:59Z (GMT). No. of bitstreams: 1 Thesis_SelinCosan_Bilkent.pdf: 719346 bytes, checksum: c1728461e95510f00f9e17be0c61bc8f (MD5) Previous issue date: 2020-12en
dc.description.statementofresponsibilityby Selin Coşanen_US
dc.format.extentxi, 44 leaves ; 30 cmen_US
dc.identifier.itemidB125000
dc.identifier.urihttp://hdl.handle.net/11693/54859
dc.language.isoEnglishen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectIntrusion detectionen_US
dc.subjectAnomaly detectionen_US
dc.subjectLong short-term memoryen_US
dc.subjectDeep autoencodersen_US
dc.subjectFeature extractionen_US
dc.titlePayload-based network intrusion detection using LSTM autoencodersen_US
dc.title.alternativeLSTM özkodlayıcılar ile ağ yükü tabanlı ihlal tespitien_US
dc.typeThesisen_US
thesis.degree.disciplineElectrical and Electronic Engineering
thesis.degree.grantorBilkent University
thesis.degree.levelMaster's
thesis.degree.nameMS (Master of Science)

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Thesis_SelinCosan_Bilkent.pdf
Size:
702.49 KB
Format:
Adobe Portable Document Format
Description:
Full printable version
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Graduate School of Engineering and Science