An Associated Random Neural Network Detects Intrusions and Estimates Attack Graphs

Abstract

Cyberattacks especially Botnet Distributed Denial of Service (DDoS) increasingly target networked systems compromise interconnected nodes by constantly spreading malware. In order to prevent these attacks in their early stages which includes stopping the spread of malware it is vital to identify compromised nodes and successfully predict potential attack paths. To this end this paper proposes a novel system based on an Associated Random Neural Network (ARNN) that simultaneously detects intrusion at the network-level and estimates the network attack graph. In this system ARNN is trained online to minimize problem-specific multi-task loss so that it identifies compromised network nodes while the neural network connection weights also estimate the attack path. The performance of the method is calculated using the Kitsune attack dataset showing that the method achieves a recall rate above 0.95 in estimating the network attack graph and provides a near-perfect classification of compromised nodes. The ARNN-based system for dynamic and continuous estimation of compromised nodes and network attack graphs can pave the way for enhancing security measures and stopping Botnet DDoS attacks from spreading in networked systems.