Jörg Ehmer, Yvon Savaria
, Bertrand Granado, Jean Pierre David et Julien Denoulet
Article de revue (2024)
 Document en libre accès dans PolyPublie et chez l'éditeur officiel |
|
Libre accès au plein texte de ce document Version officielle de l'éditeur Conditions d'utilisation: Creative Commons: Attribution (CC BY) Télécharger (1MB) |
Abstract
In recent years, there has been a tremendous increase in the use of connected devices as part of the so-called Internet of Things (IoT), both in private spaces and the industry. Integrated distributed systems have shown many benefits compared to isolated devices. However, exposing industrial infrastructure to the global Internet also generates security challenges that need to be addressed to benefit from tighter systems integration and reduced reaction times. Machine learning algorithms have demonstrated their capacity to detect sophisticated cyber attack patterns. However, they often consume significant amounts of memory, computing resources, and scarce energy. Furthermore, their training relies on the availability of datasets that accurately represent real-world data traffic subject to cyber attacks. Network attacks are relatively rare events, as is reflected in the distribution of typical training datasets. Such imbalanced datasets can bias the training of a neural network and prevent it from successfully detecting underrepresented attack samples, generally known as the problem of imbalanced learning. This paper presents a shallow neural network comprising only 110 ReLU-activated artificial neurons capable of detecting representative attacks observed on a communication network. To enable the training of such small neural networks, we propose an improved attack-sharing loss function to cope with imbalanced learning. We demonstrate that our proposed solution can detect network attacks with an F1 score above 99% for various attacks found in current intrusion detection system datasets, focusing on IoT device communication. We further show that our solution can reduce the false negative detection rate of our proposed shallow network and thus further improve network security while enabling processing at line rate in low-complexity network intrusion systems.
Mots clés
network intrusion detection system (NIDS); neural network; machine learning; network security; network attack detection
| Sujet(s): | 2500 Génie électrique et électronique > 2500 Génie électrique et électronique |
|---|---|
| Département: | Département de génie électrique |
| Organismes subventionnaires: | NSERC Kaloom-Intel-Noviflow Industrial Chair of Professor Savaria, Polytechnique Montreal |
| Numéro de subvention: | IRCPJ-548237-18 CRSNG, RGPIN-2019-05951 CRSNG |
| URL de PolyPublie: | https://publications.polymtl.ca/59715/ |
| Titre de la revue: | Electronics (vol. 13, no 16) |
| Maison d'édition: | MDPI |
| DOI: | 10.3390/electronics13163318 |
| URL officielle: | https://doi.org/10.3390/electronics13163318 |
| Date du dépôt: | 19 nov. 2024 11:21 |
| Dernière modification: | 16 févr. 2025 04:49 |
| Citer en APA 7: | Ehmer, J., Savaria, Y., Granado, B., David, J. P., & Denoulet, J. (2024). Network attack classification with a shallow neural network for internet and internet of things (IoT) traffic. Electronics, 13(16), 3318-3318. https://doi.org/10.3390/electronics13163318 |
|---|---|
Statistiques
Total des téléchargements à partir de PolyPublie
Téléchargements par année
Loading...Provenance des téléchargements
Loading...Dimensions
Actions réservées au personnel
|
Afficher document |
