Multi-Perspective Content Delivery Networks Security Framework Using Optimized Unsupervised Anomaly Detection

• URL: http://arxiv.org/abs/2107.11514v1
• Date: Sat, 24 Jul 2021 02:43:23 GMT
• Title: Multi-Perspective Content Delivery Networks Security Framework Using Optimized Unsupervised Anomaly Detection
• Authors: Li Yang, Abdallah Moubayed, Abdallah Shami, Parisa Heidari, Amine Boukhtouta, Adel Larabi, Richard Brunner, Stere Preda, Daniel Migault
• Abstract summary: We propose a multi-perspective unsupervised learning framework for anomaly detection in CDNs. In the proposed framework, a multi-perspective feature engineering approach, an optimized unsupervised anomaly detection model, and a multi-perspective validation method, are developed. Experimental results are presented based on the analytics of eight days of real-world CDN log data provided by a major CDN operator.
• Score: 9.102485917295587
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Content delivery networks (CDNs) provide efficient content distribution over the Internet. CDNs improve the connectivity and efficiency of global communications, but their caching mechanisms may be breached by cyber-attackers. Among the security mechanisms, effective anomaly detection forms an important part of CDN security enhancement. In this work, we propose a multi-perspective unsupervised learning framework for anomaly detection in CDNs. In the proposed framework, a multi-perspective feature engineering approach, an optimized unsupervised anomaly detection model that utilizes an isolation forest and a Gaussian mixture model, and a multi-perspective validation method, are developed to detect abnormal behaviors in CDNs mainly from the client Internet Protocol (IP) and node perspectives, therefore to identify the denial of service (DoS) and cache pollution attack (CPA) patterns. Experimental results are presented based on the analytics of eight days of real-world CDN log data provided by a major CDN operator. Through experiments, the abnormal contents, compromised nodes, malicious IPs, as well as their corresponding attack types, are identified effectively by the proposed framework and validated by multiple cybersecurity experts. This shows the effectiveness of the proposed method when applied to real-world CDN data.

Related papers

• Unseen Attack Detection in Software-Defined Networking Using a BERT-Based Large Language Model [5.062869359266078]
  We introduce a novel approach that leverages Natural Language Processing (NLP) and the pre trained BERT base model to enhance attack detection in Software defined networking (SDN) Our approach transforms network flow data into a format interpretable by language models, allowing BERT to capture intricate patterns and relationships within network traffic. Our approach is specifically designed to detect previously unseen attacks, offering a solution for identifying threats that the model was not explicitly trained on.
  arXiv  Detail & Related papers  (2024-12-09T06:27:20Z)
• HUWSOD: Holistic Self-training for Unified Weakly Supervised Object Detection [66.42229859018775]
  We introduce a unified, high-capacity weakly supervised object detection (WSOD) network called HUWSOD. HUWSOD incorporates a self-supervised proposal generator and an autoencoder proposal generator with a multi-rate re-supervised pyramid to replace traditional object proposals. Our findings indicate that randomly boxes, although significantly different from well-designed offline object proposals, are effective for WSOD training.
  arXiv  Detail & Related papers  (2024-06-27T17:59:49Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Prevention of cyberattacks in WSN and packet drop by CI framework and information processing protocol using AI and Big Data [0.0]
  This study integrates a cognitive intelligence (CI) framework, an information processing protocol, and sophisticated artificial intelligence (AI) and big data analytics approaches. The framework is capable of detecting and preventing several forms of assaults, including as denial-of-service (DoS) attacks, node compromise, and data tampering. It is highly resilient to packet drop occurrences, which improves the WSN's overall reliability and performance.
  arXiv  Detail & Related papers  (2023-06-15T19:00:39Z)
• Graph Agent Network: Empowering Nodes with Inference Capabilities for Adversarial Resilience [50.460555688927826]
  We propose the Graph Agent Network (GAgN) to address the vulnerabilities of graph neural networks (GNNs) GAgN is a graph-structured agent network in which each node is designed as an 1-hop-view agent. Agents' limited view prevents malicious messages from propagating globally in GAgN, thereby resisting global-optimization-based secondary attacks.
  arXiv  Detail & Related papers  (2023-06-12T07:27:31Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• ORF-Net: Deep Omni-supervised Rib Fracture Detection from Chest CT Scans [47.7670302148812]
  radiologists need to investigate and annotate rib fractures on a slice-by-slice basis. We propose a novel omni-supervised object detection network, which can exploit multiple different forms of annotated data. Our proposed method outperforms other state-of-the-art approaches consistently.
  arXiv  Detail & Related papers  (2022-07-05T07:06:57Z)
• An Online Ensemble Learning Model for Detecting Attacks in Wireless Sensor Networks [0.0]
  We develop an intelligent, efficient, and updatable intrusion detection system by applying an important machine learning concept known as ensemble learning. In this paper, we examine the application of different homogeneous and heterogeneous online ensembles in sensory data analysis. Among the proposed novel online ensembles, both the heterogeneous ensemble consisting of an Adaptive Random Forest (ARF) combined with the Hoeffding Adaptive Tree (HAT) algorithm and the homogeneous ensemble HAT made up of 10 models achieved higher detection rates of 96.84% and 97.2%, respectively.
  arXiv  Detail & Related papers  (2022-04-28T23:10:47Z)
• Selective and Features based Adversarial Example Detection [12.443388374869745]
  Security-sensitive applications that relay on Deep Neural Networks (DNNs) are vulnerable to small perturbations crafted to generate Adversarial Examples (AEs) We propose a novel unsupervised detection mechanism that uses the selective prediction, processing model layers outputs, and knowledge transfer concepts in a multi-task learning setting. Experimental results show that the proposed approach achieves comparable results to the state-of-the-art methods against tested attacks in white box scenario and better results in black and gray boxes scenarios.
  arXiv  Detail & Related papers  (2021-03-09T11:06:15Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• DNS Covert Channel Detection via Behavioral Analysis: a Machine Learning Approach [0.09176056742068815]
  We propose an effective covert channel detection method based on the analysis of DNS network data passively extracted from a network monitoring system. The proposed solution has been evaluated over a 15-day-long experimental session with the injection of traffic that covers the most relevant exfiltration and tunneling attacks.
  arXiv  Detail & Related papers  (2020-10-04T13:28:28Z)
• Deep Learning based Covert Attack Identification for Industrial Control Systems [5.299113288020827]
  We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
  arXiv  Detail & Related papers  (2020-09-25T17:48:43Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.