Since the information age, knowledge and data has been increasing exponentially and constantly evolving into everything we interact with daily - IOT, Big data, Cloud, smart homes etc. The Protection and security of information and its associated systems has been one of the major challenges of the decade as attack surfaces have become and are becoming more extensive. And hence the need to use proactive anomaly detection tools to detect intrusions and malicious activities arises. It is very important to prevent data loss, infrastructure damages and protect data integrity. Nevertheless, attackers have mastered exploit techniques and devising more subtle tools that bypasses security countermeasures and avoid straight detection. Hence, deep learning network (one of the machine learning techniques) are widely used to perform effective intrusion detection by analyzing network flows and classifying them as “normal traffic” or “abnormal traffic”. This paper presents a deep learning architecture for Botnet attacks detection, which is a contribution to the on-going project aiming at the design and implementation of tools for the detection of 0-day threats (ZED-IDS, Zero Day Intrusion Detection System). The problem would be tackled as a semi-supervised task, and the anomaly detector would be based on a deep autoencoder. The model would be described, and the detection performance results obtained on the improved IDS CICIDS2017 dataset would be presented and commented. The performance result would then be compared with other common supervised classifiers to show the potential of the proposal for 0-day attack detection.
Author: Ogbomo Efosa