A Deep reinforcement learning approach to network intrusion detection

Gülmez, Halim Görkem
Intrusion detection is one of the most important problems in today’s world. Every daynew attacks are being used in order to breach the security of systems and signature-based security systems fail to detect these zero-day attacks. An anomaly-basedintrusion detection system, particularly one that utilizes a machine learning approach,is needed to effectively handle these kinds of attacks. With the advancements in bigdata technologies, storing and handling data became easier, therefore big dataanalytics has become an indispensable tool for various tasks. In this thesis, we proposea framework for detecting intrusions in network systems using big data analytics inreal time. The framework is built on Apache Spark, which runs anomaly detectionalgorithms on streaming data after it has been trained offline with the normal behaviorof the system. Two different machine learning solutions have been implementedseparately for comparison: long short-term memory recurrent neural networks anddeep reinforcement learning. Reinforcement learning is built on state and action pairswith associated positive or negative awards. For the solution in this thesis, alerts onattacks and non-alerts on normal behavior are positively rewarded to train learningagents. Reinforcement learning is combined and improved with neural networks byusing them for Q-learning. A variety of intrusion detection datasets from the literatureare used for experimentation, including NSL-KDD, UNSW-NB15 and CICIDS2017. The deep reinforcement learning solution is emphasized as the better solution basedon the experiment results.


A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A Computational Dynamic Trust Model for User Authorization
ZHONG, Yuhui; Bhargava, Bharat; LU, Yİ; Angın, Pelin (Institute of Electrical and Electronics Engineers (IEEE), 2015-01-01)
Development of authorization mechanisms for secure information access by a large community of users in an open environment is an important problem in the ever-growing Internet world. In this paper we propose a computational dynamic trust model for user authorization, rooted in findings from social science. Unlike most existing computational trust models, this model distinguishes trusting belief in integrity from that in competence in different contexts and accounts for subjectivity in the evaluation of a pa...
A Digital Twins Approach to Smart Grid Security Testing and Standardization
Atalay, Manolya; Angın, Pelin (2020-06-01)
The exponential growth of the Internet of Things in recent years has created an ever larger cyber attack surface, introducing new security vulnerabilities for all computerized systems. Among the most significant of those systems are industrial control systems (ICS) consisting of many cyber physical components, and smart grids are a prominent example of ICS, whose failures have potential to cause major disruptions in all aspects of our daily lives. In this paper, we provide an overview of smart grid cybersec...
A faster intrusion detection method for high-speed computer networks
Tarım, Mehmet Cem; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2011)
The malicious intrusions to computer systems result in the loss of money, time and hidden information which require deployment of intrusion detection systems. Existing intrusion detection methods analyze packet payload to search for certain strings and to match them with a rule database which takes a long time in large size packets. Because of buffer limits, packets may be dropped or the system may stop working due to high CPU load. In this thesis, we investigate signature based intrusion detection with sig...
A framework for distributed intrusion detection systems
Öztosun, Ümit; Koçyiğit, Altan; Mumcuoğlu, Erkan; Department of Information Systems (2002)
Emergence of intrusion detection systems (IDSs) has leveraged the security of infor mation systems. However, they also introduced new problems. Plethora of intrusion detection systems are in common use today, using various different ways and tech niques for intrusion detection. It is not uncommon to see an information system uti lizes different IDSs, in order to combine advantages and to reduce disadvantages of individual systems. This often results in a confusion of systems that output informa tion in diff...
Citation Formats
H. G. Gülmez, “A Deep reinforcement learning approach to network intrusion detection,” Thesis (M.S.) -- Graduate School of Natural and Applied Sciences. Computer Engineering., Middle East Technical University, 2019.