Szczegóły publikacji
Opis bibliograficzny
Autoencoder-based IDS for cloud and mobile devices / Kamil FABER, Łukasz FABER, Bartłomiej ŚNIEŻYŃSKI // W: CCGrid 2021 [Dokument elektroniczny] : 21st IEEE/ACM international symposium on Cluster, Cloud and Internet Computing : 10-13 May 2021, Melbourne, Australia : proceedings / eds. Laurent Lefevre, [et al.]. — Wersja do Windows. — Dane tekstowe. — Piscataway: IEEE, cop. 2021. — Dod. ISBN: 978-1-7281-9587-2. — e-ISBN: 978-1-7281-9586-5. — S. 728-736. — Wymagania systemowe: Adobe Reader. — Bibliogr. s. 735-736, Abstr. — Publikacja dostępna online od: 2021-08-02. - Dod. prezentacja: https://youtu.be/fT05qVUsSHM
Autorzy (3)
Słowa kluczowe
Dane bibliometryczne
ID BaDAP | 135564 |
---|---|
Data dodania do BaDAP | 2021-09-27 |
Tekst źródłowy | URL |
DOI | 10.1109/CCGrid51090.2021.00088 |
Rok publikacji | 2021 |
Typ publikacji | materiały konferencyjne (aut.) |
Otwarty dostęp | |
Wydawca | Institute of Electrical and Electronics Engineers (IEEE) |
Konferencja | 2021 IEEE/ACM 21st international symposium on Cluster, Cloud and Internet Computing |
Abstract
Along with the popularization of cloud computing and the increase in responsibilities of mobile devices, there is a need for intrusion detection systems available for working in these two new areas. At the same time, the increase in computational power of mobile devices gives us the possibility to use them to do a part of data preprocessing. Similarly, more complex operations can be executed in the cloud – this concept is known as mobile cloud computing. In this paper, we propose an autoencoder-based intrusion detection system applicable to cloud and mobile environments. The system provides multiple data gathering points, allowing to monitor either fully controlled networks, like virtual networks in the cloud, or mobile devices scattered in different networks. The monitoring process uses both mobile devices and cloud computational power. Gathered network traffic records are sent to a proper intrusion detection node, which executes the detection process. In case of suspicious behavior, an alert of a possible intrusion can be sent to the device owner. The detection process is based on an autoencoder neural network, which brings significant advantages: an anomaly-based approach, training only on benign samples, and a good performance. To improve detection results, we created time-window-based features, and there is also a possibility to share computed statistics between intrusion detection nodes. In the experiments, we construct three models using pure network flows data and time-window-based features. The results show that the autoencoder-based approach can detect with a high performance attacks not known during the training process. We also prove that created derived features have a significant impact on detection results.