Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This paper presents a two-level deep learning architecture for detecting multiple attack classes. In particular, it is an extension of a previous study with a dual objective: reducing the false alarm rate and improving the detection rate, and testing the system with different types of attacks. The problem is treated as a semi-supervised task, and the anomaly detector exploits deep autoencoder building blocks. The model is described and tested on the recent CICIDS2017 and CSE-CIC-IDS2018 datasets. The performance comparison with our previous study shows a lower false alarm rate and the validity of the model for multiple attack classes.

2L-ZED-IDS: A Two-Level Anomaly Detector for Multiple Attack Classes

Catillo M.;Villano U.
2020-01-01

Abstract

Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This paper presents a two-level deep learning architecture for detecting multiple attack classes. In particular, it is an extension of a previous study with a dual objective: reducing the false alarm rate and improving the detection rate, and testing the system with different types of attacks. The problem is treated as a semi-supervised task, and the anomaly detector exploits deep autoencoder building blocks. The model is described and tested on the recent CICIDS2017 and CSE-CIC-IDS2018 datasets. The performance comparison with our previous study shows a lower false alarm rate and the validity of the model for multiple attack classes.
2020
978-3-030-44037-4
978-3-030-44038-1
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12070/43946
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 34
  • ???jsp.display-item.citation.isi??? ND
social impact