Skip to main content
SpringerLink
Log in

Application of Deep Learning Architectures for Cyber Security

  • Chapter
  • First Online:
Cybersecurity and Secure Information Systems

Abstract

Machine learning has played an important role in the last decade mainly in natural language processing, image processing and speech recognition where it has performed well in comparison to the classical rule based approach. The machine learning approach has been used in cyber security use cases namely, intrusion detection, malware analysis, traffic analysis, spam and phishing detection etc. Recently, the advancement of machine learning typically called as ‘deep learning’ outperformed humans in several long standing artificial intelligence tasks. Deep learning has the capability to learn optimal feature representation by itself and more robust in an adversarial environment in compared to classical machine learning algorithms. This approach is in early stage in cyber security. In this work, to leverage the application of deep learning architectures towards cyber security, we consider intrusion detection, traffic analysis and Android malware detection. In all the experiments of intrusion detection, deep learning architectures performed well in compared to classical machine learning algorithms. Moreover, deep learning architectures have achieved good performance in traffic analysis and Android malware detection too.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.weforum.org/events/world-economic-forum-annual-meeting-2016.

  2. 2.

    https://scikit-learn.org/stable/.

  3. 3.

    https://www.tensorflow.org/.

  4. 4.

    https://keras.io/.

  5. 5.

    https://github.com/vinayakumarr/Network-Intrusion-Detection.

  6. 6.

    http://www.idc.com/.

  7. 7.

    https://securelist.com/.

  8. 8.

    www.trendmicro.com.

  9. 9.

    http://www.cisco.com/web/offer/gistty2 asset/Cisco2014 ASR.pdf.

  10. 10.

    http://www.avg.com/us-en/avg-software-technology.

  11. 11.

    https://www.sec.cs.tu-bs.de/~danarp/drebin/.

  12. 12.

    https://github.com/JesusFreke/smali.

References

  1. Jordan MI, Mitchell TM (2015) Machine learning: trends, perspectives, and prospects. Science 349(6245):255–260

    Article  MathSciNet  Google Scholar 

  2. Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutorials 18(2):1153–1176

    Article  Google Scholar 

  3. LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436

    Article  Google Scholar 

  4. Vinayakumar R, Soman KP, Poornachandran P (2018) Evaluating deep learning approaches to characterize and classify malicious URLs. J Intell Fuzzy Syst 34(3):1333–1343

    Article  Google Scholar 

  5. Vinayakumar R, Soman KP, Poornachandran P (2018) Detecting malicious domain names using deep learning approaches at scale. J Intell Fuzzy Syst 34(3):1355–1367

    Article  Google Scholar 

  6. Vinayakumar R, Soman KP (2018) DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT Express 4(4):255–258

    Article  Google Scholar 

  7. Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1222–1228

    Google Scholar 

  8. Vinayakumar R, Soman KP, Poornachandran P (2017) Applying deep learning approaches for network traffic prediction. In 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2353–2358

    Google Scholar 

  9. Vinayakumar R, Poornachandran P, Soman KP (2018) Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Big data in engineering applications. Springer, Singapore, pp 113–142

    Google Scholar 

  10. Vinayakumar R, Soman KP, Poornachandran P (2017) Deep encrypted text categorization. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 364–370

    Google Scholar 

  11. Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1282–1289

    Google Scholar 

  12. Vinayakumar R, Soman KP, Poornachandran P (2017) Secure shell (ssh) traffic analysis with flow based features using shallow and deep networks. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2026–2032

    Google Scholar 

  13. Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluating shallow and deep networks for secure shell (ssh) traffic analysis. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 266–274

    Google Scholar 

  14. Vinayakumar R, Soman KP, Poornachandran P (2017) Long short-term memory based operation log anomaly detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 236–242

    Google Scholar 

  15. Vinayakumar R, Soman KP, Poornachandran P (2017) Deep android malware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1677–1683

    Google Scholar 

  16. Mohan VS, Vinayakumar R, Soman KP, Poornachandran P (2018) Spoof net: syntactic patterns for identification of ominous online factors. In: 2018 IEEE security and privacy workshops (SPW). IEEE, pp 258–263

    Google Scholar 

  17. Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int J Inf Syst Model Des (IJISMD) 8(3):43–63

    Article  Google Scholar 

  18. Vinayakumar R, Barathi Ganesh HB, Anand Kumar M, Soman KP (2018) Deepanti-phishnet: applying deep neural networks for phishing email detection. Cenaisecurity@iwspa-2018, pp 40–50. http://ceur-ws.org/Vol-2124/paper9

  19. Vinayakumar R, Soman KP, Poornachandran P, Mohan VS, Kumar AD (2019) ScaleNet: scalable and hybrid framework for cyber threat situational awareness based on DNS, URL, and email data analysis. J Cyber Secur Mobility 8(2):189–240

    Article  Google Scholar 

  20. Anderson JP (1980) Computer security threat monitoring and surveillance. In: Technical report. James P Anderson co., Fort Washington, Pennsylvania

    Google Scholar 

  21. Staudemeyer RC (2015) Applying long short-term memory recurrent neural networks to intrusion detection. S Afr Comput J 56(1):136–154

    Google Scholar 

  22. Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur (TiSSEC) 3(4):227–261

    Article  Google Scholar 

  23. Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Zissman MA (2000) Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings DARPA information survivability conference and exposition, DISCEX’00, vol 2. IEEE, pp 12–26

    Google Scholar 

  24. \(\ddot{\text{O}}\)zg\(\ddot{\text{u}}\)r A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ PrePrints 4:e1954v1

    Google Scholar 

  25. Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutorials 16(1):303–336

    Article  Google Scholar 

  26. Agarwal R, Joshi MV (2000) PNrule: a new framework for learning classifier models in data mining. Technical Report TR 00–015. University of Minnesota, Department of Computer Science

    Google Scholar 

  27. Kayacik H, Zincir-Heywood AN, Heywood MI (2005) Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the third annual conference on privacy, security and trust 2005, PST 2005, DBLP

    Google Scholar 

  28. Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C Appl Rev 38(5):649–659

    Article  Google Scholar 

  29. Li W (2004) Using genetic algorithm for network intrusion detection. In: Proceedings of the United States department of energy cyber security group, vol 1, pp 1–8

    Google Scholar 

  30. Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642. https://doi.org/10.1016/j.cose.2011.08.009

    Article  Google Scholar 

  31. Al-Subaie M, Zulkernine M (2006) Efficacy of hidden Markov models over neural networks in anomaly intrusion detection. In: 30th Annual international computer software and applications conference. COMPSAC 06., vol 1, pp 325–332. ISSN 0730-3157

    Google Scholar 

  32. Upadhyay R, Pantiukhin D Application of convolutional neural network to intrusion type recognition. https://www.researchgate.net

  33. Gao Ni et al (2014) An intrusion detection model based on deep belief networks. In: 2014 Second international conference on advanced cloud and big data (CBD). IEEE

    Google Scholar 

  34. Moradi M, Zulkernine M (2004) A neural network based system for intrusion detection and classification of attacks. In: Paper presented at the proceeding of the 2004 IEEE international conference on advances in intelligent systems Theory and applications. Luxembourg

    Google Scholar 

  35. Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Third international conference on intelligent systems design and applications, intelligent systems design and applications, advances in soft computing. Springer, Germany, pp 239–48

    Chapter  Google Scholar 

  36. Xue J-S, Sun J-Z, Zhang X (2004) Recurrent network in network intrusion detection system. In: Proceedings of 2004 international conference on machine learning and cybernetics, vol 5, pp 2676–2679

    Google Scholar 

  37. Yang J, Deng J, Li S, Hao Y (2015) Improved traffic detection with support vector machine based on restricted Boltzmann machine. Soft Comput 21(11):3101–31112. https://doi.org/10.1007/s00500-015-1994-9

    Article  Google Scholar 

  38. Javaid A, Niyaz Q, Sun W, Alam M (2015) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS), New York, NY, USA, 3–5 Dec 2015, pp 21–26. They also used recurrent network to preserve the state full information of malware sequences

    Google Scholar 

  39. Jihyun K, Howon K (2015) Applying recurrent neural network to intrusion detection with hessian free optimization. In: Proc, WISA

    Google Scholar 

  40. Kim J, Kim J, Thu,HLT, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International conference on platform technology and service (PlatCon), Jeju, pp 1-5. https://doi.org/10.1109/PlatCon.2016.7456805

  41. Brugger S, Chow J (2005) An assessment of the DARPA IDS evaluation dataset using snort. Tech. Rep. CSE-2007-1, Department of Computer Science, University of California, Davis (UCDAVIS)

    Google Scholar 

  42. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the second IEEE symposium on computational intelligence for security and defence applications

    Google Scholar 

  43. Wang Z (2015) The applications of deep learning on traffic identification. BlackHat USA

    Google Scholar 

  44. Touch J, Kojo M, Lear E, Mankin A, Ono K, Stiemerling M, Eggert L (2013) Service name and transport protocol port number registry. The Internet Assigned Numbers Authority (IANA)

    Google Scholar 

  45. Park BC, Won YJ, Kim MS, Hong JW (2008) Towards automated application signature generation for traffic identification. In: NOMS 2008-2008 IEEE network operations and management symposium. IEEE, pp 160–167

    Google Scholar 

  46. Zuev D, Moore AW (2005) Traffic classification using a statistical approach. In: International workshop on passive and active network measurement. Springer, Berlin, Heidelberg, pp 321–324

    Google Scholar 

  47. Tan KM, Collie BS (1997) Detection and classification of TCP/IP network services. In: Proceedings 13th annual computer security applications conference. IEEE, pp 99–107

    Google Scholar 

  48. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military communications and information systems conference (MilCIS). IEEE, pp 1–6

    Google Scholar 

  49. McLaughlin N, Martinez del Rincon J, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupê A, Joon Ahn G (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy. ACM, pp 301–308

    Google Scholar 

  50. Elhoseny M, Hassanien AE (2019) Mobile object tracking in wide environments using WSNs. In: Dynamic wireless sensor networks. Springer, Cham, pp 3–28

    Google Scholar 

  51. Elhoseny M, Hassanien AE (2019) Expand mobile WSN coverage in harsh environments. In: Dynamic wireless sensor networks. Springer, Cham, pp 29–52

    Google Scholar 

  52. Elhoseny M, Hassanien AE (2019) Hierarchical and clustering WSN models: their requirements for complex applications. In: Dynamic wireless sensor networks. Springer, Cham, pp 53–71

    Google Scholar 

  53. Elhoseny M, Hassanien AE (2019) Extending homogeneous WSN lifetime in dynamic environments using the clustering model. In: Dynamic wireless sensor networks. Springer, Cham, pp 73–92

    Google Scholar 

  54. Elhoseny M, Hassanien AE (2019) Optimizing cluster head selection in WSN to prolong its existence. In: Dynamic wireless sensor networks. Springer, Cham, pp 93–111

    Google Scholar 

  55. Elhoseny M, Hassanien AE (2019) Secure data transmission in WSN: an overview. In: Dynamic wireless sensor networks. Springer, Cham, pp 115–143

    Google Scholar 

  56. Elhoseny M, Hassanien AE (2019) An encryption model for data processing in WSN. In: Dynamic wireless sensor networks. Springer, Cham, pp 145–169

    Google Scholar 

  57. Elhoseny M, Hassanien AE (2019) Using wireless sensor to acquire live data on a SCADA system, towards monitoring file integrity. In: Dynamic wireless sensor networks. Springer, Cham, pp 171–191

    Google Scholar 

  58. Elhoseny M, Elleithy K, Elminir H, Yuan X, Riad A (2015) Dynamic clustering of heterogeneous wireless sensor networks using a genetic algorithm towards balancing energy exhaustion. Int J Sci Eng Res 6(8):1243–1252

    Google Scholar 

  59. Elhoseny M, Elminir H, Riad AM, Yuan XIAOHUI (2014) Recent advances of secure clustering protocols in wireless sensor networks. Int J Comput Netw Commun Secur 2(11):400–413

    Google Scholar 

  60. Riad AM, El-Minir HK, El-hoseny M (2013) Secure routing in wireless sensor networks: a state of the art. Int J Comput Appl 67(7)

    Google Scholar 

Download references

Acknowledgements

This research was supported in part by Paramount Computer Systems and Lakhshya Cyber Security Labs. We are grateful to NVIDIA India, for the GPU hardware support to research grant. We are also grateful to Computational Engineering and Networking (CEN) department for encouraging the research.

Author information

Authors and Affiliations

  1. Center for Computational Engineering and Networking (CEN), Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India

    R. Vinayakumar, K. P. Soman & S. Akarsh

  2. Centre for Cyber Security Systems and Networks, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri, India

    Prabaharan Poornachandran

Authors
  1. R. Vinayakumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. P. Soman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Prabaharan Poornachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Akarsh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Vinayakumar .

Editor information

Editors and Affiliations

  1. Faculty of Computers and Information, Cairo University, Giza, Egypt

    Aboul Ella Hassanien

  2. Faculty of Computer and Information Sciences, Mansoura University, Mansoura, Egypt

    Mohamed Elhoseny

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Vinayakumar, R., Soman, K.P., Prabaharan Poornachandran, Akarsh, S. (2019). Application of Deep Learning Architectures for Cyber Security. In: Hassanien, A., Elhoseny, M. (eds) Cybersecurity and Secure Information Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-16837-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-16837-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-16836-0

  • Online ISBN: 978-3-030-16837-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation