CNN-based Intrusion Detection System Using Packet Payload for Industrial Control Systems
DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | 최영준 | - |
dc.contributor.author | 송주엽 | - |
dc.date.accessioned | 2019-04-01T16:40:49Z | - |
dc.date.available | 2019-04-01T16:40:49Z | - |
dc.date.issued | 2019-02 | - |
dc.identifier.other | 28414 | - |
dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/14953 | - |
dc.description | 학위논문(석사)--아주대학교 일반대학원 :컴퓨터공학과,2019. 2 | - |
dc.description.tableofcontents | Abstract I 1. Introduction 1 2. Related Work 4 3. Network Traffic and Machine Learning 7 3.1. Traffic Feature 7 3.2. Machine Learning for Detection 9 4. Anomaly Detection Model 10 4.1. Single Packet Detection Model 11 4.2. Sequence Detection Model 12 4.2.1. Packet sequence shuffle regardless of a window 14 4.2.2. Packet sequence shuffle within a window 14 4.2.3. Packet replacement with an in-window packet 15 4.2.4. Packet replacement with an out-of-window packet 15 4.3. Hybrid model 16 5. Preprocessing 17 5.1. Basic Preprocessing Methods 18 5.1.1. Histogram-based preprocessing 18 5.1.2. Padding-based preprocessing 19 5.1.3. Filter-based preprocessing 21 5.1.4. Example 22 5.2. Extension of Preprocessing using N-Gram 23 6. Experimental Results 24 6.1. Single Packet Detection Model 26 6.1.1. Comparison of basic preprocessing methods 26 6.1.2. Result of N-Gram extension 30 6.2. Sequence Detection Model 36 7. Conclusion 39 Reference 41 | - |
dc.language.iso | eng | - |
dc.publisher | The Graduate School, Ajou University | - |
dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
dc.title | CNN-based Intrusion Detection System Using Packet Payload for Industrial Control Systems | - |
dc.type | Thesis | - |
dc.contributor.affiliation | 아주대학교 일반대학원 | - |
dc.contributor.department | 일반대학원 컴퓨터공학과 | - |
dc.date.awarded | 2019. 2 | - |
dc.description.degree | Master | - |
dc.identifier.localId | 905247 | - |
dc.identifier.uci | I804:41038-000000028414 | - |
dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/common/orgView/000000028414 | - |
dc.description.alternativeAbstract | As industrial control systems are connected with networks, they are exposed to more security threats. To cope with cyber attacks, rule-based detection has been adopted but faces limitation as cyber attacks become more sophisticated. Therefore, Intrusion Detection System (IDS) has been deployed in reality but existing IDS primarily uses packet header information to perform traffic flow detection. However, such IDS has problems because it does not detect packet deformation properly. To solve this problem, we propose to use packet payload in IDS to respond to a variety of attacks and at the same time achieve high performance. We use Convolution Neural Network (CNN) models, one of deep neural networks, which have been known to work well for image classification. To fit to the input of CNN, we need to convert the packet payload to corresponding images. To do so, we develop preprocessing methods: padding-based and filter-based, as well as existing histogram-based method. We further use N-Gram together with these preprocessing methods for performance enhancement. We also propose detection models that detect both packet modification and traffic flow by inspecting each packet and a sequence of packets. For this, we generate abnormal data to address data imbalances without abnormal traffic during learning and testing. To verify the effectiveness of the proposed methods, the packet detection and sequence detection models are compared and analyzed in terms of the detection accuracy. For evaluation, cross-verification is conducted to increase the reliability of the statistics. | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.