Detecting Unknown Attacks in IoT Environments: An Open Set Classifier
for Enhanced Network Intrusion Detection
- URL: http://arxiv.org/abs/2309.07461v2
- Date: Thu, 28 Sep 2023 06:10:43 GMT
- Title: Detecting Unknown Attacks in IoT Environments: An Open Set Classifier
for Enhanced Network Intrusion Detection
- Authors: Yasir Ali Farrukh, Syed Wali, Irfan Khan and Nathaniel D. Bastian
- Abstract summary: In this paper, we introduce a framework aimed at mitigating the open set recognition (OSR) problem in the realm of Network Intrusion Detection Systems (NIDS) tailored for IoT environments.
Our framework capitalizes on image-based representations of packet-level data, extracting spatial and temporal patterns from network traffic.
The empirical results prominently underscore the framework's efficacy, boasting an impressive 88% detection rate for previously unseen attacks.
- Score: 5.787704156827843
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The widespread integration of Internet of Things (IoT) devices across all
facets of life has ushered in an era of interconnectedness, creating new
avenues for cybersecurity challenges and underscoring the need for robust
intrusion detection systems. However, traditional security systems are designed
with a closed-world perspective and often face challenges in dealing with the
ever-evolving threat landscape, where new and unfamiliar attacks are constantly
emerging. In this paper, we introduce a framework aimed at mitigating the open
set recognition (OSR) problem in the realm of Network Intrusion Detection
Systems (NIDS) tailored for IoT environments. Our framework capitalizes on
image-based representations of packet-level data, extracting spatial and
temporal patterns from network traffic. Additionally, we integrate stacking and
sub-clustering techniques, enabling the identification of unknown attacks by
effectively modeling the complex and diverse nature of benign behavior. The
empirical results prominently underscore the framework's efficacy, boasting an
impressive 88\% detection rate for previously unseen attacks when compared
against existing approaches and recent advancements. Future work will perform
extensive experimentation across various openness levels and attack scenarios,
further strengthening the adaptability and performance of our proposed solution
in safeguarding IoT environments.
Related papers
- LLM-based Continuous Intrusion Detection Framework for Next-Gen Networks [0.7100520098029439]
The framework employs a transformer encoder architecture, which captures hidden patterns in a bidirectional manner to differentiate between malicious and legitimate traffic.
The system incrementally identifies unknown attack types by leveraging a Gaussian Mixture Model (GMM) to cluster features derived from high-dimensional BERT embeddings.
Even after integrating additional unknown attack clusters, the framework continues to perform at a high level, achieving 95.6% in both classification accuracy and recall.
arXiv Detail & Related papers (2024-11-04T18:12:14Z) - Multi-stage Attack Detection and Prediction Using Graph Neural Networks: An IoT Feasibility Study [2.5325901958283126]
This paper proposes a novel 3-stage intrusion detection system inspired by a simplified version of the Lockheed Martin cyber kill chain.
The proposed approach consists of three models, each responsible for detecting a group of attacks with common characteristics.
Using the ToN IoT dataset, we achieved an average of 94% F1-Score among different stages, outperforming the benchmark approaches.
arXiv Detail & Related papers (2024-04-28T22:11:24Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - To Make Yourself Invisible with Adversarial Semantic Contours [47.755808439588094]
Adversarial Semantic Contour (ASC) is an estimate of a Bayesian formulation of sparse attack with a deceived prior of object contour.
We show that ASC can corrupt the prediction of 9 modern detectors with different architectures.
We conclude with cautions about contour being the common weakness of object detectors with various architecture.
arXiv Detail & Related papers (2023-03-01T07:22:39Z) - An Online Ensemble Learning Model for Detecting Attacks in Wireless
Sensor Networks [0.0]
We develop an intelligent, efficient, and updatable intrusion detection system by applying an important machine learning concept known as ensemble learning.
In this paper, we examine the application of different homogeneous and heterogeneous online ensembles in sensory data analysis.
Among the proposed novel online ensembles, both the heterogeneous ensemble consisting of an Adaptive Random Forest (ARF) combined with the Hoeffding Adaptive Tree (HAT) algorithm and the homogeneous ensemble HAT made up of 10 models achieved higher detection rates of 96.84% and 97.2%, respectively.
arXiv Detail & Related papers (2022-04-28T23:10:47Z) - A Novel Online Incremental Learning Intrusion Prevention System [2.5234156040689237]
This paper proposes a novel Network Intrusion Prevention System that utilise a SelfOrganizing Incremental Neural Network along with a Support Vector Machine.
Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy.
arXiv Detail & Related papers (2021-09-20T13:30:11Z) - Towards AIOps in Edge Computing Environments [60.27785717687999]
This paper describes the system design of an AIOps platform which is applicable in heterogeneous, distributed environments.
It is feasible to collect metrics with a high frequency and simultaneously run specific anomaly detection algorithms directly on edge devices.
arXiv Detail & Related papers (2021-02-12T09:33:00Z) - Aurora Guard: Reliable Face Anti-Spoofing via Mobile Lighting System [103.5604680001633]
Anti-spoofing against high-resolution rendering replay of paper photos or digital videos remains an open problem.
We propose a simple yet effective face anti-spoofing system, termed Aurora Guard (AG)
arXiv Detail & Related papers (2021-02-01T09:17:18Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z) - Unsupervised Domain Adaptation in Person re-ID via k-Reciprocal
Clustering and Large-Scale Heterogeneous Environment Synthesis [76.46004354572956]
We introduce an unsupervised domain adaptation approach for person re-identification.
Experimental results show that the proposed ktCUDA and SHRED approach achieves an average improvement of +5.7 mAP in re-identification performance.
arXiv Detail & Related papers (2020-01-14T17:43:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.