A Proactive Model for Intrusion Detection Using Image Representation of Network Flows

Saeed, Rimsha, Qureshi, Hassaan Khaliq, Ioannou, Christiana orcid iconORCID: 0000-0001-7332-4530 and Lestas, Marios (2024) A Proactive Model for Intrusion Detection Using Image Representation of Network Flows. IEEE Access, 12 .

[thumbnail of VOR]
Preview
PDF (VOR) - Published Version
Available under License Creative Commons Attribution.

2MB

Official URL: https://doi.org/10.1109/ACCESS.2024.3489772

Abstract

Many interconnected IoT devices driven by imperatives of efficiency and convenience often lack adequate security measures, making them susceptible to exploitation by cyber-criminals. Effective network security necessitates meticulous intrusion detection, which typically involves scrutinizing the network traffic using deep packet or stateful protocol inspection techniques. However, traditional inspection methods often require manual feature engineering, which can result in loss of payload information and thus, false alarms. In this study, a controlled testbed environment is established to capture botnet traffic. The paper introduces a detection approach that involves converting raw NetFlow data to IDX, short for ‘Index,’ image representations. A hybrid deep learning architecture is designed, integrating VGG19 and GRU structures to learn the spatial and temporal features, respectively. The detection results show that the proposed solution achieves 98.883% true positives rate and 0.9% false negatives rate, surpassing conventional anomaly detection. In addition, an adaptive sliding window technique is introduced for live intrusion detection and prevention. Through iterative testing and refinement, a runtime of 0.041ms per image and 0.00171ms per packet is achieved, confirming the robust nature of the proposed method.


Repository Staff Only: item control page