NUST Institutional Repository
A Lightweight Real-Time Intrusion Prevention Approach based on Image Representation of Network Flows
- DSpace Home
- →
- E-Theses
- →
- SINES
- →
- Computation Science & Engineering
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Saeed, Rimsha | |
| dc.date.accessioned | 2023-08-09T07:47:00Z | |
| dc.date.available | 2023-08-09T07:47:00Z | |
| dc.date.issued | 2023-08-09 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/35970 | |
| dc.description.abstract | The potential for security breaches has surged amidst the extensive array of intercon- nected devices within an IoT ecosystem. Many IoT devices driven by imperatives of efficiency and convenience often lack adequate security measures, making them suscep- tible to exploitation by cyber-criminals. One such exploitation is botnet attack, where a network of compromised devices, the bots, carry out coordinated and automated actions under the control of a remote operator, the botmaster. The actions of bots are hidden within normal web traffic and comprise 47.4% of all web activity, as revealed by the 2023 Imperva Bad Bot report. Effective network security necessitates meticulous intru- sion detection. The detection process typically involves scrutinizing the network traffic using deep packet or stateful protocol inspection techniques incorporating flow tracking, pattern matching, and statistical analysis. However, manual feature engineering is of- ten required prior to inspection, which often loses the payload information and leads to false alarms. In this study, a controlled environment was set up as a testbed to capture botnet traffic. A detection approach was proposed, which directly extracts five-tuple information along with payloads from raw NetFlow data, generating IDX format im- ages. In addition, a hybrid deep learning architecture was designed, integrating VGG19 and GRU structures to learn the spatial and temporal features of images, respectively. The standalone detection results demonstrate that the performance of the proposed so- lution achieves 99.614% accuracy and 98.883% TPR, surpassing conventional anomaly detection techniques. To assess real-time feasibility of this approach, an adaptive sliding window technique was introduced for live intrusion detection. Through iterative testing and refinement, a processing time of 0.041ms per image and 0.041/24 = 0.00171ms per packet was achieved, confirming the lightweight nature of the proposed method. | en_US |
| dc.description.sponsorship | Dr. Hassaan Khaliq Qureshi | en_US |
| dc.language.iso | en_US | en_US |
| dc.publisher | SINES NUST. | en_US |
| dc.subject | intrusion detection, botnet, raw traffic, flow-to-image conversion, spatial features, temporal features, sliding window | en_US |
| dc.title | A Lightweight Real-Time Intrusion Prevention Approach based on Image Representation of Network Flows | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [234]