Séminaire SoSySec : SECURE-GEGELATI Always-On Intrusion Detection through GEGELATI Lightweight Tangled Program Graphs

Seminar
Starting on
Ending on
Location
IRISA Rennes
Room
Pétri/Turing
Speaker
Maxime Pelcat (INSA Rennes)

SoSySec seminar
Software and Systems Security
Inria - Rennes
Friday October 07, 11:00

Room Pétri/Turing

---------------------------------------------------
Maxime Pelcat (INSA Rennes)
---------------------------------------------------
==============================================================================
SECURE-GEGELATI Always-On Intrusion Detection through GEGELATI Lightweight Tangled Program Graphs
==============================================================================

The fast improvement of Machine-Learning (ML) methods gives rise to new attacks in Information System (IS). Simultaneously, ML also creates new opportunities for network intrusion detection. Early network intrusion detection is a valuable asset for IS security, as it fosters early deployment of countermeasures and reduces the impact of attacks on system availability. This paper proposes and studies an anomaly-based Network Intrusion Detection System (NIDS) based on Tangled Program Graph (TPG) ML and called Secure-Gegelati. Secure-GEGELATI learns how to detect intrusions from IS-produced traces and is optimised to fit the requirements of intrusion detection. The study evaluates the capacity of Secure-Gegelati to act as a continuously learning, real-time, and low energy NIDS when executed in an embedded network probe. We show that a TPG is capable of switching between training and inference phases, new training phases enriching the probe knowledge with limited degradation of previous intrusion detection capabilities. The Secure-GEGELATI software reaches 8x the energy efficiency of an optimised Random Forests (RF)-based Intrusion Detection System (IDS) on the same platform. It is capable of processing 13.2 k connections/seconds with a peak power of less than 3.3 Watts on an embedded platform, and is processing in real-time the CIC-IDS 2017 dataset while detecting 84% of intrusions and raising less than 0.2% of false alarms.

Sourbier, N., Desnos, K., Guyet, T. et al. SECURE-GEGELATI Always-On Intrusion Detection through GEGELATI Lightweight Tangled Program Graphs. J Sign Process Syst(2022). https://doi.org/10.1007/s11265-021-01728-1

 

To receive the SoSySec announcements, please subscribe to the SoSySec mailing list:
https://sympa.inria.fr/sympa/subscribe/sosysec
All past and future SoSySec talks are listed at
https://seminaires-dga.inria.fr/en/seances-a-venir/
----------------------------------------------------------------------

Vous pouvez vous abonner à nos annonces de séminaires :
https://sympa.inria.fr/sympa/subscribe/sosysec
et consulter la liste des exposés passés et à venir :
https://seminaires-dga.inria.fr/seances-a-venir/