Neural networks have become an increasingly popular solution for network
intrusion detection systems (NIDS). Their capability of learning complex
patterns and behaviors make them a suitable solution for differentiating
between normal traffic and network attacks. However, a drawback of neural
networks is the amount of resources needed to train them. Many network gateways
and routers devices, which could potentially host an NIDS, simply do not have
the memory or processing power to train and sometimes even execute such models.
More importantly, the existing neural network solutions are trained in a
supervised manner. Meaning that an expert must label the network traffic and
update the model manually from time to time.
In this paper, we present Kitsune: a plug and play NIDS which can learn to
detect attacks on the local network, without supervision, and in an efficient
online manner. Kitsune's core algorithm (KitNET) uses an ensemble of neural
networks called autoencoders to collectively differentiate between normal and
abnormal traffic patterns. KitNET is supported by a feature extraction
framework which efficiently tracks the patterns of every network channel. Our
evaluations show that Kitsune can detect various attacks with a performance
comparable to offline anomaly detectors, even on a Raspberry PI. This
demonstrates that Kitsune can be a practical and economic NIDS.
Description
Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection
%0 Generic
%1 mirsky2018kitsune
%A Mirsky, Yisroel
%A Doitshman, Tomer
%A Elovici, Yuval
%A Shabtai, Asaf
%D 2018
%K anomaly-detection deep-learning
%T Kitsune: An Ensemble of Autoencoders for Online Network Intrusion
Detection
%U http://arxiv.org/abs/1802.09089
%X Neural networks have become an increasingly popular solution for network
intrusion detection systems (NIDS). Their capability of learning complex
patterns and behaviors make them a suitable solution for differentiating
between normal traffic and network attacks. However, a drawback of neural
networks is the amount of resources needed to train them. Many network gateways
and routers devices, which could potentially host an NIDS, simply do not have
the memory or processing power to train and sometimes even execute such models.
More importantly, the existing neural network solutions are trained in a
supervised manner. Meaning that an expert must label the network traffic and
update the model manually from time to time.
In this paper, we present Kitsune: a plug and play NIDS which can learn to
detect attacks on the local network, without supervision, and in an efficient
online manner. Kitsune's core algorithm (KitNET) uses an ensemble of neural
networks called autoencoders to collectively differentiate between normal and
abnormal traffic patterns. KitNET is supported by a feature extraction
framework which efficiently tracks the patterns of every network channel. Our
evaluations show that Kitsune can detect various attacks with a performance
comparable to offline anomaly detectors, even on a Raspberry PI. This
demonstrates that Kitsune can be a practical and economic NIDS.
@misc{mirsky2018kitsune,
abstract = {Neural networks have become an increasingly popular solution for network
intrusion detection systems (NIDS). Their capability of learning complex
patterns and behaviors make them a suitable solution for differentiating
between normal traffic and network attacks. However, a drawback of neural
networks is the amount of resources needed to train them. Many network gateways
and routers devices, which could potentially host an NIDS, simply do not have
the memory or processing power to train and sometimes even execute such models.
More importantly, the existing neural network solutions are trained in a
supervised manner. Meaning that an expert must label the network traffic and
update the model manually from time to time.
In this paper, we present Kitsune: a plug and play NIDS which can learn to
detect attacks on the local network, without supervision, and in an efficient
online manner. Kitsune's core algorithm (KitNET) uses an ensemble of neural
networks called autoencoders to collectively differentiate between normal and
abnormal traffic patterns. KitNET is supported by a feature extraction
framework which efficiently tracks the patterns of every network channel. Our
evaluations show that Kitsune can detect various attacks with a performance
comparable to offline anomaly detectors, even on a Raspberry PI. This
demonstrates that Kitsune can be a practical and economic NIDS.},
added-at = {2019-06-07T16:07:43.000+0200},
author = {Mirsky, Yisroel and Doitshman, Tomer and Elovici, Yuval and Shabtai, Asaf},
biburl = {https://www.bibsonomy.org/bibtex/26fe982011a8c887efe517f5069f9d976/nonancourt},
description = {Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection},
interhash = {f0759371e21489f1a2c4647bb7953296},
intrahash = {6fe982011a8c887efe517f5069f9d976},
keywords = {anomaly-detection deep-learning},
note = {cite arxiv:1802.09089Comment: Appears in Network and Distributed Systems Security Symposium (NDSS) 2018},
timestamp = {2019-06-07T16:07:43.000+0200},
title = {Kitsune: An Ensemble of Autoencoders for Online Network Intrusion
Detection},
url = {http://arxiv.org/abs/1802.09089},
year = 2018
}