Dr. Rajeev Agrawal, a computer scientist in the information technology laboratory at the Engineer Research and Development Center under the U.S. Army Corps of Engineers, will present a lecture titled “Using Deep Learning in Identifying Network Intrusions” at 10 a.m. Monday, April 8, in Room 209 Computer Science Building.
The abstract of the lecture is as follows: Deep Learning algorithms have been very successful in computer vision, natural language processing, and speech recognition. However, there is a big challenge in applying it in the cyber security domain due to non‐availability of “real” cybersecurity data. Many researchers have tried using synthetic data such as KDD‐NSL or newer UNSW-NB15 network intrusion datasets, however, it is difficult to determine the performance of the proposed research on a dataset captured from an experimental network. The DoD’s High Performance Computing Modernization Program (HPCMP) operates Defense Research Engineering network (DREN), which has multiple security software and hardware tools installed across the network. A variety of cybersecurity logs are captured using these tools. We use a TensorFlow based framework to analyze DREN’s Bro alert data generated under Cybersecurity Environment for Detection, Analysis and Reporting (CEDAR) project. These alerts are marked as bad or normal by the cybersecurity analysts and used as ground truths. This labeled data is used to measure the performance of our approach in identifying network intrusions. We are able to achieve high-level accuracy by tuning hyper-parameters used in any deep learning approach. In this presentation, we will discuss the results of our approach, which harnesses the power of HPC systems to train our proposed model.