Speaker
Description
Nowadays, computer networks generate large and complex data sets, which leads to problems related to the detection of new, modified threats. Classic Intrusion Detection Systems – IDS, based on static rules and signatures, have difficulty identifying masked - as legitimate or previously unseen malicious activities. The challenge they face is reverse shell attacks, in which the attacker establishes a seemingly reliable connection with the victim. This study presents an approach aimed at solving a problem related to the cybersecurity of computer systems and networks. This is done by building, training, and testing the effectiveness of deep neural architectures for recognizing illegitimate reverse shell packets passing through a computer network.
The simulation of the attacks is carried out in a protected environment – Oracle Virtual Box. The interception of network packets in real time is carried out using a software tool written in the Python programming language. Packet sniffing itself is performed both in the virtual environment and in the real environment. The sniffer script extracts significant sets of characteristics from network packets, such as packet size, protocols used, ports, TCP flags, IP addresses - of the source (attacker) and the recipient (victim), and others. The current report compares several deep neural networks, namely One-dimensional convolution neural network/1D CNN, Long Short-Term Memory/LSTM and Autoencoder. As 1D CNN, it extracts local dependencies between network packet features for traffic classification. LSTM models capture temporal dependencies and sequences from network data, and autoencoders reconstruct normal network behavior patterns. The results of the experiments reveal the ability of deep neural networks to correctly model the behavior of network traffic and ultimately increase the recognition of compromised data. The proposed approach offers the opportunity to further automate the processes of detection and monitoring of computer systems, which in turn would lead to the protection of network infrastructure in modern dynamic environments.