An Adaptable Deep Learning-Based Intrusion Detection System to Zero-Day
Attacks
- URL: http://arxiv.org/abs/2108.09199v1
- Date: Fri, 20 Aug 2021 14:41:28 GMT
- Title: An Adaptable Deep Learning-Based Intrusion Detection System to Zero-Day
Attacks
- Authors: Mahdi Soltani, Behzad Ousat, Mahdi Jafari Siavoshani, Amir Hossein
Jahangir
- Abstract summary: Intrusion detection system (IDS) is essential element of security monitoring in computer networks.
Main challenge of an IDS is facing new (i.e., zero-day) attacks and separating them from benign traffic and existing types of attacks.
In this paper, we propose a framework for deep learning-based IDSes addressing new attacks.
- Score: 4.607145155913717
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The intrusion detection system (IDS) is an essential element of security
monitoring in computer networks. An IDS distinguishes the malicious traffic
from the benign one and determines the attack types targeting the assets of the
organization. The main challenge of an IDS is facing new (i.e., zero-day)
attacks and separating them from benign traffic and existing types of attacks.
Along with the power of the deep learning-based IDSes in auto-extracting
high-level features and its independence from the time-consuming and costly
signature extraction process, the mentioned challenge still exists in this new
generation of IDSes.
In this paper, we propose a framework for deep learning-based IDSes
addressing new attacks. This framework is the first approach using both deep
novelty-based classifiers besides the traditional clustering based on the
specialized layer of deep structures, in the security scope. Additionally, we
introduce DOC++ as a newer version of DOC as a deep novelty-based classifier.
We also employ the Deep Intrusion Detection (DID) framework for the
preprocessing phase, which improves the ability of deep learning algorithms to
detect content-based attacks. We compare four different algorithms (including
DOC, DOC++, OpenMax, and AutoSVM) as the novelty classifier of the framework
and use both the CIC-IDS2017 and CSE-CIC-IDS2018 datasets for the evaluation.
Our results show that DOC++ is the best implementation of the open set
recognition module. Besides, the completeness and homogeneity of the clustering
and post-training phase prove that this model is good enough for the supervised
labeling and updating phase.
Related papers
- Multi-agent Reinforcement Learning-based Network Intrusion Detection System [3.4636217357968904]
Intrusion Detection Systems (IDS) play a crucial role in ensuring the security of computer networks.
We propose a novel multi-agent reinforcement learning (RL) architecture, enabling automatic, efficient, and robust network intrusion detection.
Our solution introduces a resilient architecture designed to accommodate the addition of new attacks and effectively adapt to changes in existing attack patterns.
arXiv Detail & Related papers (2024-07-08T09:18:59Z) - A Dual-Tier Adaptive One-Class Classification IDS for Emerging Cyberthreats [3.560574387648533]
We propose a one-class classification-driven IDS system structured on two tiers.
The first tier distinguishes between normal activities and attacks/threats, while the second tier determines if the detected attack is known or unknown.
This model not only identifies unseen attacks but also uses them for retraining them by clustering unseen attacks.
arXiv Detail & Related papers (2024-03-17T12:26:30Z) - A near-autonomous and incremental intrusion detection system through active learning of known and unknown attacks [2.686686221415684]
Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled.
We present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks.
arXiv Detail & Related papers (2023-10-26T14:37:54Z) - Activate and Reject: Towards Safe Domain Generalization under Category
Shift [71.95548187205736]
We study a practical problem of Domain Generalization under Category Shift (DGCS)
It aims to simultaneously detect unknown-class samples and classify known-class samples in the target domains.
Compared to prior DG works, we face two new challenges: 1) how to learn the concept of unknown'' during training with only source known-class samples, and 2) how to adapt the source-trained model to unseen environments.
arXiv Detail & Related papers (2023-10-07T07:53:12Z) - Dynamic Conceptional Contrastive Learning for Generalized Category
Discovery [76.82327473338734]
Generalized category discovery (GCD) aims to automatically cluster partially labeled data.
Unlabeled data contain instances that are not only from known categories of the labeled data but also from novel categories.
One effective way for GCD is applying self-supervised learning to learn discriminate representation for unlabeled data.
We propose a Dynamic Conceptional Contrastive Learning framework, which can effectively improve clustering accuracy.
arXiv Detail & Related papers (2023-03-30T14:04:39Z) - DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly
Detection [0.0]
Machine Learning approaches have been used to enhance the detection capabilities of Network Intrusion Detection Systems (NIDSs)
Recent work has achieved near-perfect performance by following binary- and multi-class network anomaly detection tasks.
This paper proposes a Deep One-Class (DOC) classifier for network intrusion detection by only training on benign network data samples.
arXiv Detail & Related papers (2022-12-15T00:08:05Z) - Novel Class Discovery in Semantic Segmentation [104.30729847367104]
We introduce a new setting of Novel Class Discovery in Semantic (NCDSS)
It aims at segmenting unlabeled images containing new classes given prior knowledge from a labeled set of disjoint classes.
In NCDSS, we need to distinguish the objects and background, and to handle the existence of multiple classes within an image.
We propose the Entropy-based Uncertainty Modeling and Self-training (EUMS) framework to overcome noisy pseudo-labels.
arXiv Detail & Related papers (2021-12-03T13:31:59Z) - Open-set Adversarial Defense [93.25058425356694]
We show that open-set recognition systems are vulnerable to adversarial attacks.
Motivated by this observation, we emphasize the need of an Open-Set Adrial Defense (OSAD) mechanism.
This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem.
arXiv Detail & Related papers (2020-09-02T04:35:33Z) - Learning Adaptive Embedding Considering Incremental Class [55.21855842960139]
Class-Incremental Learning (CIL) aims to train a reliable model with the streaming data, which emerges unknown classes sequentially.
Different from traditional closed set learning, CIL has two main challenges: 1) Novel class detection.
After the novel classes are detected, the model needs to be updated without re-training using entire previous data.
arXiv Detail & Related papers (2020-08-31T04:11:24Z) - Bayesian Optimization with Machine Learning Algorithms Towards Anomaly
Detection [66.05992706105224]
In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique.
The performance of the considered algorithms is evaluated using the ISCX 2012 dataset.
Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
arXiv Detail & Related papers (2020-08-05T19:29:35Z) - A Content-Based Deep Intrusion Detection System [12.590415345079995]
We propose a framework, called deep intrusion detection (DID) system, that uses the pure content of traffic flows in addition to traffic metadata.
To this end, we deploy and evaluate an offline IDS following the framework using LSTM as a deep learning technique.
arXiv Detail & Related papers (2020-01-14T19:08:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.