Zero-shot learning approach to adaptive Cybersecurity using Explainable
AI
- URL: http://arxiv.org/abs/2106.14647v1
- Date: Mon, 21 Jun 2021 06:29:13 GMT
- Title: Zero-shot learning approach to adaptive Cybersecurity using Explainable
AI
- Authors: Dattaraj Rao, Shraddha Mane
- Abstract summary: We present a novel approach to handle the alarm flooding problem faced by Cybersecurity systems like security information and event management (SIEM) and intrusion detection (IDS)
We apply a zero-shot learning method to machine learning (ML) by leveraging explanations for predictions of anomalies generated by a ML model.
In this approach, without any prior knowledge of attack, we try to identify it, decipher the features that contribute to classification and try to bucketize the attack in a specific category.
- Score: 0.5076419064097734
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cybersecurity is a domain where there is constant change in patterns of
attack, and we need ways to make our Cybersecurity systems more adaptive to
handle new attacks and categorize for appropriate action. We present a novel
approach to handle the alarm flooding problem faced by Cybersecurity systems
like security information and event management (SIEM) and intrusion detection
(IDS). We apply a zero-shot learning method to machine learning (ML) by
leveraging explanations for predictions of anomalies generated by a ML model.
This approach has huge potential to auto detect alarm labels generated in SIEM
and associate them with specific attack types. In this approach, without any
prior knowledge of attack, we try to identify it, decipher the features that
contribute to classification and try to bucketize the attack in a specific
category - using explainable AI. Explanations give us measurable factors as to
what features influence the prediction of a cyber-attack and to what degree.
These explanations generated based on game-theory are used to allocate credit
to specific features based on their influence on a specific prediction. Using
this allocation of credit, we propose a novel zero-shot approach to categorize
novel attacks into specific new classes based on feature influence. The
resulting system demonstrated will get good at separating attack traffic from
normal flow and auto-generate a label for attacks based on features that
contribute to the attack. These auto-generated labels can be presented to SIEM
analyst and are intuitive enough to figure out the nature of attack. We apply
this approach to a network flow dataset and demonstrate results for specific
attack types like ip sweep, denial of service, remote to local, etc.
Paper was presented at the first Conference on Deployable AI at IIT-Madras in
June 2021.
Related papers
- A Dual-Tier Adaptive One-Class Classification IDS for Emerging Cyberthreats [3.560574387648533]
We propose a one-class classification-driven IDS system structured on two tiers.
The first tier distinguishes between normal activities and attacks/threats, while the second tier determines if the detected attack is known or unknown.
This model not only identifies unseen attacks but also uses them for retraining them by clustering unseen attacks.
arXiv Detail & Related papers (2024-03-17T12:26:30Z) - Can Adversarial Examples Be Parsed to Reveal Victim Model Information? [62.814751479749695]
In this work, we ask whether it is possible to infer data-agnostic victim model (VM) information from data-specific adversarial instances.
We collect a dataset of adversarial attacks across 7 attack types generated from 135 victim models.
We show that a simple, supervised model parsing network (MPN) is able to infer VM attributes from unseen adversarial attacks.
arXiv Detail & Related papers (2023-03-13T21:21:49Z) - On Trace of PGD-Like Adversarial Attacks [77.75152218980605]
Adversarial attacks pose safety and security concerns for deep learning applications.
We construct Adrial Response Characteristics (ARC) features to reflect the model's gradient consistency.
Our method is intuitive, light-weighted, non-intrusive, and data-undemanding.
arXiv Detail & Related papers (2022-05-19T14:26:50Z) - Are Your Sensitive Attributes Private? Novel Model Inversion Attribute
Inference Attacks on Classification Models [22.569705869469814]
We focus on model inversion attacks where the adversary knows non-sensitive attributes about records in the training data.
We devise a novel confidence score-based model inversion attribute inference attack that significantly outperforms the state-of-the-art.
We also extend our attacks to the scenario where some of the other (non-sensitive) attributes of a target record are unknown to the adversary.
arXiv Detail & Related papers (2022-01-23T21:27:20Z) - Adversarial Machine Learning Threat Analysis in Open Radio Access
Networks [37.23982660941893]
The Open Radio Access Network (O-RAN) is a new, open, adaptive, and intelligent RAN architecture.
In this paper, we present a systematic adversarial machine learning threat analysis for the O-RAN.
arXiv Detail & Related papers (2022-01-16T17:01:38Z) - Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the
Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers.
We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions.
We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z) - The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems.
In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
arXiv Detail & Related papers (2021-06-26T10:50:07Z) - Utilising Flow Aggregation to Classify Benign Imitating Attacks [0.0]
In many applications, the choice of features is more important than the choice of model.
A range of studies have attempted to discriminate between benign traffic and well-known cyber-attacks.
We introduce new features based on a higher level of abstraction of network traffic.
arXiv Detail & Related papers (2021-03-06T23:09:12Z) - Hidden Backdoor Attack against Semantic Segmentation Models [60.0327238844584]
The emphbackdoor attack intends to embed hidden backdoors in deep neural networks (DNNs) by poisoning training data.
We propose a novel attack paradigm, the emphfine-grained attack, where we treat the target label from the object-level instead of the image-level.
Experiments show that the proposed methods can successfully attack semantic segmentation models by poisoning only a small proportion of training data.
arXiv Detail & Related papers (2021-03-06T05:50:29Z) - Adversarial Attack Attribution: Discovering Attributable Signals in
Adversarial ML Attacks [0.7883722807601676]
Even production systems, such as self-driving cars and ML-as-a-service offerings, are susceptible to adversarial inputs.
Can perturbed inputs be attributed to the methods used to generate the attack?
We introduce the concept of adversarial attack attribution and create a simple supervised learning experimental framework to examine the feasibility of discovering attributable signals in adversarial attacks.
arXiv Detail & Related papers (2021-01-08T08:16:41Z) - On Adversarial Examples and Stealth Attacks in Artificial Intelligence
Systems [62.997667081978825]
We present a formal framework for assessing and analyzing two classes of malevolent action towards generic Artificial Intelligence (AI) systems.
The first class involves adversarial examples and concerns the introduction of small perturbations of the input data that cause misclassification.
The second class, introduced here for the first time and named stealth attacks, involves small perturbations to the AI system itself.
arXiv Detail & Related papers (2020-04-09T10:56:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.