Software Engineering Meets Network Engineering: Conceptual Model for Events Monitoring and Logging
Abstraction applied in computer networking hides network details behind a well-defined representation by building a model that captures an essential aspect of the network system. Two current methods of representation are available, one based on graph theory, where a network node is reduced to a point in a graph, and the other the use of non-methodological iconic depictions such as human heads, walls, towers or computer racks. In this paper, we adopt an abstract representation methodology, the thinging machine (TM), proposed in software engineering to model computer networks. TM defines a single coherent network architecture and topology that is constituted from only five generic actions with two types of arrows. Without loss of generality, this paper applies TM to model the area of network monitoring in packet-mode transmission. Complex network documents are difficult to maintain and are not guaranteed to mirror actual situations. Network monitoring is constant monitoring for and alerting of malfunctions, failures, stoppages or suspicious activities in a network system. Current monitoring systems are built on ad hoc descriptions that lack systemization. The TM model of monitoring presents a theoretical foundation integrated with events and behavior descriptions. To investigate TM modeling s feasibility, we apply it to an existing computer network in a Kuwaiti enterprise to create an integrated network system that includes hardware, software and communication facilities. The final specifications point to TM modeling s viability in the computer networking field.
Early Detection of Network Attacks Using Deep Learning
The Internet has become a prime subject to security attacks and intrusions by attackers. These attacks can lead to system malfunction, network breakdown, data corruption or theft. A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. State-of-the-art intrusion detection systems are designed to detect an attack by inspecting the complete information about the attack. This means that an IDS would only be able to detect an attack after it has been executed on the system under attack and might have caused damage to the system. In this paper, we propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption. We employ a deep neural network-based classifier for attack identification. The network is trained in a supervised manner to extract relevant features from raw network traffic data instead of relying on a manual feature selection process used in most related approaches. Further, we introduce a new metric, called earliness, to evaluate how early our proposed approach detects attacks. We have empirically evaluated our approach on the CICIDS2017 dataset. The results show that our approach performed well and attained an overall 0.803 balanced accuracy.