Analysis and Detection against Network Attacks in the Overlapping Phenomenon of Behavior Attribute

• URL: http://arxiv.org/abs/2310.10660v1
• Date: Wed, 13 Sep 2023 01:59:26 GMT
• Title: Analysis and Detection against Network Attacks in the Overlapping Phenomenon of Behavior Attribute
• Authors: Jiang Xie, Shuhao Li, Yongzheng Zhanga, Peishuai Sun, Hongbo Xu
• Abstract summary: We propose a multi-label detection model based on deep learning, MLD-Model, in which Wasserstein-Generative-Adversarial- Network-with-Gradient-Penalty (WGAN-GP) with improved loss performs data enhancement. Experimental results demonstrate that MLD-Model can achieve excellent classification performance.
• Score: 6.037603797518956
• License: http://creativecommons.org/publicdomain/zero/1.0/
• Abstract: The proliferation of network attacks poses a significant threat. Researchers propose datasets for network attacks to support research in related fields. Then, many attack detection methods based on these datasets are proposed. These detection methods, whether two-classification or multi-classification, belong to single-label learning, i.e., only one label is given to each sample. However, we discover that there is a noteworthy phenomenon of behavior attribute overlap between attacks, The presentation of this phenomenon in a dataset is that there are multiple samples with the same features but different labels. In this paper, we verify the phenomenon in well-known datasets(UNSW-NB15, CCCS-CIC-AndMal-2020) and re-label these data. In addition, detecting network attacks in a multi-label manner can obtain more information, providing support for tracing the attack source and building IDS. Therefore, we propose a multi-label detection model based on deep learning, MLD-Model, in which Wasserstein-Generative-Adversarial- Network-with-Gradient-Penalty (WGAN-GP) with improved loss performs data enhancement to alleviate the class imbalance problem, and Auto-Encoder (AE) performs classifier parameter pre-training. Experimental results demonstrate that MLD-Model can achieve excellent classification performance. It can achieve F1=80.06% in UNSW-NB15 and F1=83.63% in CCCS-CIC-AndMal-2020. Especially, MLD-Model is 5.99%-7.97% higher in F1 compared with the related single-label methods.

Related papers

• Few Edges Are Enough: Few-Shot Network Attack Detection with Graph Neural Networks [0.0]
  This paper introduces Few Edges Are Enough (FEAE) to better distinguish between false positive anomalies and actual attacks. FEAE achieves competitive performance on two well-known network datasets.
  arXiv  Detail & Related papers  (2025-01-28T14:07:52Z)
• Empowering HWNs with Efficient Data Labeling: A Clustered Federated Semi-Supervised Learning Approach [2.046985601687158]
  Clustered Federated Multitask Learning (CFL) has gained considerable attention as an effective strategy for overcoming statistical challenges. We introduce a novel framework, Clustered Federated Semi-Supervised Learning (CFSL), designed for more realistic HWN scenarios. Our results demonstrate that CFSL significantly improves upon key metrics such as testing accuracy, labeling accuracy, and labeling latency under varying proportions of labeled and unlabeled data.
  arXiv  Detail & Related papers  (2024-01-19T11:47:49Z)
• DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection [0.0]
  Machine Learning approaches have been used to enhance the detection capabilities of Network Intrusion Detection Systems (NIDSs) Recent work has achieved near-perfect performance by following binary- and multi-class network anomaly detection tasks. This paper proposes a Deep One-Class (DOC) classifier for network intrusion detection by only training on benign network data samples.
  arXiv  Detail & Related papers  (2022-12-15T00:08:05Z)
• A Dependable Hybrid Machine Learning Model for Network Intrusion Detection [1.222622290392729]
  We propose a new hybrid model that combines machine learning and deep learning to increase detection rates while securing dependability. Our method produces excellent results when tested on two datasets, KDDCUP'99 and CIC-MalMem-2022.
  arXiv  Detail & Related papers  (2022-12-08T20:19:27Z)
• BMD: A General Class-balanced Multicentric Dynamic Prototype Strategy for Source-free Domain Adaptation [74.93176783541332]
  Source-free Domain Adaptation (SFDA) aims to adapt a pre-trained source model to the unlabeled target domain without accessing the well-labeled source data. To make up for the absence of source data, most existing methods introduced feature prototype based pseudo-labeling strategies. We propose a general class-Balanced Multicentric Dynamic prototype strategy for the SFDA task.
  arXiv  Detail & Related papers  (2022-04-06T13:23:02Z)
• Attentive Prototypes for Source-free Unsupervised Domain Adaptive 3D Object Detection [85.11649974840758]
  3D object detection networks tend to be biased towards the data they are trained on. We propose a single-frame approach for source-free, unsupervised domain adaptation of lidar-based 3D object detectors.
  arXiv  Detail & Related papers  (2021-11-30T18:42:42Z)
• Towards Reducing Labeling Cost in Deep Object Detection [61.010693873330446]
  We propose a unified framework for active learning, that considers both the uncertainty and the robustness of the detector. Our method is able to pseudo-label the very confident predictions, suppressing a potential distribution drift.
  arXiv  Detail & Related papers  (2021-06-22T16:53:09Z)
• No Fear of Heterogeneity: Classifier Calibration for Federated Learning with Non-IID Data [78.69828864672978]
  A central challenge in training classification models in the real-world federated system is learning with non-IID data. We propose a novel and simple algorithm called Virtual Representations (CCVR), which adjusts the classifier using virtual representations sampled from an approximated ssian mixture model. Experimental results demonstrate that CCVR state-of-the-art performance on popular federated learning benchmarks including CIFAR-10, CIFAR-100, and CINIC-10.
  arXiv  Detail & Related papers  (2021-06-09T12:02:29Z)
• Generalized Insider Attack Detection Implementation using NetFlow Data [0.6236743421605786]
  We study an approach centered on using network data to identify attacks. Our work builds on unsupervised machine learning techniques such as One-Class SVM and bi-clustering. We show that our approach is a promising tool for insider attack detection in realistic settings.
  arXiv  Detail & Related papers  (2020-10-27T14:00:31Z)
• One-Shot Object Detection without Fine-Tuning [62.39210447209698]
  We introduce a two-stage model consisting of a first stage Matching-FCOS network and a second stage Structure-Aware Relation Module. We also propose novel training strategies that effectively improve detection performance. Our method exceeds the state-of-the-art one-shot performance consistently on multiple datasets.
  arXiv  Detail & Related papers  (2020-05-08T01:59:23Z)
• Stance Detection Benchmark: How Robust Is Your Stance Detection? [65.91772010586605]
  Stance Detection (StD) aims to detect an author's stance towards a certain topic or claim. We introduce a StD benchmark that learns from ten StD datasets of various domains in a multi-dataset learning setting. Within this benchmark setup, we are able to present new state-of-the-art results on five of the datasets.
  arXiv  Detail & Related papers  (2020-01-06T13:37:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.