IEEE Access (Jan 2024)

A Proactive Model for Intrusion Detection Using Image Representation of Network Flows

  • Rimsha Saeed,
  • Hassaan Khaliq Qureshi,
  • Christiana Ioannou,
  • Marios Lestas

DOI
https://doi.org/10.1109/ACCESS.2024.3489772
Journal volume & issue
Vol. 12
pp. 160653 – 160666

Abstract

Read online

Many interconnected IoT devices driven by imperatives of efficiency and convenience often lack adequate security measures, making them susceptible to exploitation by cyber-criminals. Effective network security necessitates meticulous intrusion detection, which typically involves scrutinizing the network traffic using deep packet or stateful protocol inspection techniques. However, traditional inspection methods often require manual feature engineering, which can result in loss of payload information and thus, false alarms. In this study, a controlled testbed environment is established to capture botnet traffic. The paper introduces a detection approach that involves converting raw NetFlow data to IDX, short for ‘Index,’ image representations. A hybrid deep learning architecture is designed, integrating VGG19 and GRU structures to learn the spatial and temporal features, respectively. The detection results show that the proposed solution achieves 98.883% true positives rate and 0.9% false negatives rate, surpassing conventional anomaly detection. In addition, an adaptive sliding window technique is introduced for live intrusion detection and prevention. Through iterative testing and refinement, a runtime of 0.041 ms per image and 0.00171 ms per packet is achieved, confirming the robust nature of the proposed method.

Keywords