Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This paper presents a two-level deep learning architecture for detecting multiple attack classes. In particular, it is an extension of a previous study with a dual objective: reducing the false alarm rate and improving the detection rate, and testing the system with different types of attacks. The problem is treated as a semi-supervised task, and the anomaly detector exploits deep autoencoder building blocks. The model is described and tested on the recent CICIDS2017 and CSE-CIC-IDS2018 datasets. The performance comparison with our previous study shows a lower false alarm rate and the validity of the model for multiple attack classes.

2L-ZED-IDS: A Two-Level Anomaly Detector for Multiple Attack Classes

Rak M.;
2020

Abstract

Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This paper presents a two-level deep learning architecture for detecting multiple attack classes. In particular, it is an extension of a previous study with a dual objective: reducing the false alarm rate and improving the detection rate, and testing the system with different types of attacks. The problem is treated as a semi-supervised task, and the anomaly detector exploits deep autoencoder building blocks. The model is described and tested on the recent CICIDS2017 and CSE-CIC-IDS2018 datasets. The performance comparison with our previous study shows a lower false alarm rate and the validity of the model for multiple attack classes.
2020
Catillo, M.; Rak, M.; Villano, U.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11591/427850
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 41
  • ???jsp.display-item.citation.isi??? ND
social impact