Janne Alatalo

Bio: Janne Alatalo is an academic researcher from JAMK University of Applied Sciences. The author has contributed to research in topics: Computer science & Intrusion detection system. The author has an hindex of 2, co-authored 4 publications receiving 8 citations.

Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders

Abstract: The number of intrusions and attacks against data networks and networked systems increases constantly, while encryption has made it more difficult to inspect network traffic and classify it as malicious. In this paper, an anomaly-based intrusion detection system using Haar wavelet transforms in combination with an adversarial autoencoder was developed for detecting malicious TLS-encrypted Internet traffic. Data containing legitimate, as well as advanced malicious traffic was collected from a large-scale cyber exercise and used in the analysis. Based on the findings and domain expertise, a set of features for distinguishing modern malware from packet timing analysis were chosen and evaluated. Performance of the adversarial autoencoder was compared with a traditional autoencoder. The results indicate that the adversarial model performs better than the traditional autoencoder. In addition, a machine learning pipeline capable of analyzing traffic in near real time was developed for data analysis.

Artificial Intelligence in the IoT Era: A Review of Edge AI Hardware and Software

Abstract: The modern trend of moving artificial intelligence computation near to the origin of data sources has increased the demand for new hardware and software suitable for such environments. We carried out a scoping study to find the current resources used when developing Edge AI applications. Due to the nature of the topic, the research combined scientific sources with product information and software project sources. The paper is structured as follows. In the first part, Edge AI applications are briefly discussed followed by hardware options and finally, the software used to develop AI models is described. There are various hardware products available, and we found as many as possible for this research to identify the best-known manufacturers. We describe the devices in the following categories: artificial intelligence accelerators and processors, field-programmable gate arrays, system-on-a-chip devices, system-on-modules, and full computers from development boards to servers. There seem to be three trends in Edge AI software development: neural network optimization, mobile device software and microcontroller software. We discussed these emerging fields and how the special challenges of low power consumption and machine learning computation are being taken into account. Our findings suggest that the Edge AI ecosystem is currently developing, and it has its own challenges to which vendors and developers are responding.

Chromatic and Spatial Analysis of One-Pixel Attacks Against an Image Classifier

Abstract: One-pixel attack is a curious way of deceiving neural network classifier by changing only one pixel in the input image. The full potential and boundaries of this attack method are not yet fully understood. In this research, the successful and unsuccessful attacks are studied in more detail to illustrate the working mechanisms of a one-pixel attack created using differential evolution. The data comes from our earlier studies where we applied the attack against medical imaging. We used a real breast cancer tissue dataset and a real classifier as the attack target. This research presents ways to analyze chromatic and spatial distributions of one-pixel attacks. In addition, we present one-pixel attack confidence maps to illustrate the behavior of the target classifier. We show that the more effective attacks change the color of the pixel more, and that the successful attacks are situated at the center of the images. This kind of analysis is not only useful for understanding the behavior of the attack but also the qualities of the classifying neural network.

Network Anomaly Detection Based on WaveNet

Abstract: Increasing amount of attacks and intrusions against networked systems and data networks requires sensor capability. Data in modern networks, including the Internet, is often encrypted, making classical traffic analysis complicated. In this study, we detect anomalies from encrypted network traffic by developing an anomaly based network intrusion detection system applying neural networks based on the WaveNet architecture. Implementation was tested using dataset collected from a large annual national cyber security exercise. Dataset included both legitimate and malicious traffic containing modern, complex attacks and intrusions. The performance results indicated that our model is suitable for detecting encrypted malicious traffic from the datasets.

Time Series Change Point Detection with Self-Supervised Contrastive Predictive Coding

Abstract: Change Point Detection (CPD) methods identify the times associated with changes in the trends and properties of time series data in order to describe the underlying behaviour of the system. For instance, detecting the changes and anomalies associated with web service usage, application usage or human behaviour can provide valuable insights for downstream modelling tasks. We propose a novel approach for self-supervised Time Series Change Point detection method based onContrastivePredictive coding (TS-CP^2). TS-CP^2 is the first approach to employ a contrastive learning strategy for CPD by learning an embedded representation that separates pairs of embeddings of time adjacent intervals from pairs of interval embeddings separated across time. Through extensive experiments on three diverse, widely used time series datasets, we demonstrate that our method outperforms five state-of-the-art CPD methods, which include unsupervised and semi-supervisedapproaches. TS-CP^2 is shown to improve the performance of methods that use either handcrafted statistical or temporal features by 79.4% and deep learning-based methods by 17.0% with respect to the F1-score averaged across the three datasets.

Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset

Abstract: The rapid growth of Internet of Things (IoT) is expected to add billions of IoT devices connected to the Internet. These devices represent a vast attack surface for cyberattacks. For example, these IoT devices can be infected with botnets to enable Distributed Denial of Service (DDoS) attacks. Signature-based intrusion detection systems are traditional countermeasures for such attacks. However, these methods rely on human experts and are time-consuming in terms of updates and may not exhaust all attack types especially zero-day attacks. Deep learning has shown some promise in intrusion detection. This paper shows that it is possible to use generative deep learning methods like Adversarial Autoencoders (AAE) and Bidirectional Generative Adversarial Networks (BiGAN) to detect intruders based on an analysis of the network data. The recently posted full IoT-23 dataset based on Somfy door lock, Philips Hue and Amazon Echo devices was used to train generative deep learning models to detect a variety of attacks like DDoS, and various botnets like Mirai, Okiruk and Torii. Over 1.8 million network flows were used to train the various models. The resulting generative models outperform traditional machine learning techniques like Random Forests. Both AAE and BiGAN-based models were able to achieve an F1-Score of 0.99. A BiGAN to detect unknown attacks was also trained to detect novel zero-day attacks with an F1-Score from 0.85 to 1.

Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset

Abstract: The rapid growth of Internet of Things (IoT) is expected to add billions of IoT devices connected to the Internet. These devices represent a vast attack surface for cyberattacks. For example, these IoT devices can be infected with botnets to enable Distributed Denial of Service (DDoS) attacks. Signature-based intrusion detection systems are traditional countermeasures for such attacks. However, these methods rely on human experts and are time-consuming in terms of updates and may not exhaust all attack types especially zero-day attacks. Deep learning has shown some promise in intrusion detection. This paper shows that it is possible to use generative deep learning methods like Adversarial Autoencoders (AAE) and Bidirectional Generative Adversarial Networks (BiGAN) to detect intruders based on an analysis of the network data. The recently posted full IoT-23 dataset based on Somfy door lock, Philips Hue and Amazon Echo devices was used to train generative deep learning models to detect a variety of attacks like DDoS, and various botnets like Mirai, Okiruk and Torii. Over 1.8 million network flows were used to train the various models. The resulting generative models outperform traditional machine learning techniques like Random Forests. Both AAE and BiGAN-based models were able to achieve an F1-Score of 0.99. A BiGAN to detect unknown attacks was also trained to detect novel zero-day attacks with an F1-Score from 0.85 to 1.

A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN

Abstract: Software Defined Networking provides new functionalities to easily manage, configure, and optimize network resources by introducing a clear separation between the control entity and the forwarding devices. Such functionalities also help network operators detect and mitigate the security attacks to the network and provide better security level when compared to the traditional networks. However, some security threats, particularly distributed denial of service (DDoS) attacks, keep their effectiveness in degrading the availability of the networks even if the networking paradigm have changed. Existing DDoS attack detection approaches for SDN are mainly based on statistical (threshold-based) and Machine Learning-based (ML) approaches. Considering the dynamic characteristics of the network traffic, finding a dynamic threshold is somehow problematic. On the other hand, finding an appropriate feature that can discriminate DDoS attack from normal traffic is challenging for ML-based approaches. Therefore, to address the aforementioned issues, in this work, we propose a DDoS attack detection and countermeasure scheme based on discrete wavelet transform (DWT) and auto-encoder neural network for SDN. The proposed scheme extracts statistical features from the wavelet transform to be processed by an auto-encoder neural network to detect samples of DDoS attack traffic. Later, to reduce the computational burden imposed by the neural network model, the average hit rate in the flow table of the switches is used to activate the DDoS detection of the scheme. We also provide a detailed performance analysis by considering the computational cost complexity of the algorithms proposed in scheme and the evaluation of the successful detection rate with simulations. Our experimental results show that the proposed scheme achieves high detection rate against DNS amplification, Network Time Protocol and TCP SYN flood attacks with a remarkably low false alarm rate.