IT Intrusion Detection Using Statistical Learning and Testbed Measurements

• URL: http://arxiv.org/abs/2402.13081v1
• Date: Tue, 20 Feb 2024 15:25:56 GMT
• Title: IT Intrusion Detection Using Statistical Learning and Testbed Measurements
• Authors: Xiaoxuan Wang and Rolf Stadler
• Abstract summary: We study automated intrusion detection in an IT infrastructure, specifically the problem of identifying the start of an attack. We apply statistical learning methods, including Hidden Markov Model (HMM), Long Short-Term Memory (LSTM), and Random Forest (RFC) We find that both HMM and LSTM can be effective in predicting attack start time, attack type, and attack actions.
• Score: 8.493936898320673
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: We study automated intrusion detection in an IT infrastructure, specifically the problem of identifying the start of an attack, the type of attack, and the sequence of actions an attacker takes, based on continuous measurements from the infrastructure. We apply statistical learning methods, including Hidden Markov Model (HMM), Long Short-Term Memory (LSTM), and Random Forest Classifier (RFC) to map sequences of observations to sequences of predicted attack actions. In contrast to most related research, we have abundant data to train the models and evaluate their predictive power. The data comes from traces we generate on an in-house testbed where we run attacks against an emulated IT infrastructure. Central to our work is a machine-learning pipeline that maps measurements from a high-dimensional observation space to a space of low dimensionality or to a small set of observation symbols. Investigating intrusions in offline as well as online scenarios, we find that both HMM and LSTM can be effective in predicting attack start time, attack type, and attack actions. If sufficient training data is available, LSTM achieves higher prediction accuracy than HMM. HMM, on the other hand, requires less computational resources and less training data for effective prediction. Also, we find that the methods we study benefit from data produced by traditional intrusion detection systems like SNORT.

Related papers

• Towards a Theoretical Understanding of Memorization in Diffusion Models [76.85077961718875]
  Diffusion probabilistic models (DPMs) are being employed as mainstream models for Generative Artificial Intelligence (GenAI) We provide a theoretical understanding of memorization in both conditional and unconditional DPMs under the assumption of model convergence. We propose a novel data extraction method named textbfSurrogate condItional Data Extraction (SIDE) that leverages a time-dependent classifier trained on the generated data as a surrogate condition to extract training data from unconditional DPMs.
  arXiv  Detail & Related papers  (2024-10-03T13:17:06Z)
• Extracting Training Data from Unconditional Diffusion Models [76.85077961718875]
  diffusion probabilistic models (DPMs) are being employed as mainstream models for generative artificial intelligence (AI) We aim to establish a theoretical understanding of memorization in DPMs with 1) a memorization metric for theoretical analysis, 2) an analysis of conditional memorization with informative and random labels, and 3) two better evaluation metrics for measuring memorization. Based on the theoretical analysis, we propose a novel data extraction method called textbfSurrogate condItional Data Extraction (SIDE) that leverages a trained on generated data as a surrogate condition to extract training data directly from unconditional diffusion models.
  arXiv  Detail & Related papers  (2024-06-18T16:20:12Z)
• usfAD Based Effective Unknown Attack Detection Focused IDS Framework [3.560574387648533]
  Internet of Things (IoT) and Industrial Internet of Things (IIoT) have led to an increasing range of cyber threats. For more than a decade, researchers have delved into supervised machine learning techniques to develop Intrusion Detection System (IDS) IDS trained and tested on known datasets fails in detecting zero-day or unknown attacks. We propose two strategies for semi-supervised learning based IDS where training samples of attacks are not required.
  arXiv  Detail & Related papers  (2024-03-17T11:49:57Z)
• Anticipated Network Surveillance -- An extrapolated study to predict cyber-attacks using Machine Learning and Data Analytics [0.0]
  This paper discusses a novel technique to predict an upcoming attack in a network based on several data parameters. The proposed model comprises dataset pre-processing, and training, followed by the testing phase. Based on the results of the testing phase, the best model is selected using which, event class which may lead to an attack is extracted.
  arXiv  Detail & Related papers  (2023-12-27T01:09:11Z)
• The Adversarial Implications of Variable-Time Inference [47.44631666803983]
  We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
  arXiv  Detail & Related papers  (2023-09-05T11:53:17Z)
• Federated Learning Based Distributed Localization of False Data Injection Attacks on Smart Grids [5.705281336771011]
  False data injection attack (FDIA) is one of the classes of attacks that target the smart measurement devices by injecting malicious data. We propose a federated learning-based scheme combined with a hybrid deep neural network architecture. We validate the proposed architecture by extensive simulations on the IEEE 57, 118, and 300 bus systems and real electricity load data.
  arXiv  Detail & Related papers  (2023-06-17T20:29:55Z)
• TFDPM: Attack detection for cyber-physical systems with diffusion probabilistic models [10.389972581904999]
  We propose TFDPM, a general framework for attack detection tasks in CPSs. It simultaneously extracts temporal pattern and feature pattern given the historical data. The noise scheduling network increases the detection speed by three times.
  arXiv  Detail & Related papers  (2021-12-20T13:13:29Z)
• Convolutional generative adversarial imputation networks for spatio-temporal missing data in storm surge simulations [86.5302150777089]
  Generative Adversarial Imputation Nets (GANs) and GAN-based techniques have attracted attention as unsupervised machine learning methods. We name our proposed method as Con Conval Generative Adversarial Imputation Nets (Conv-GAIN)
  arXiv  Detail & Related papers  (2021-11-03T03:50:48Z)
• Cloud Failure Prediction with Hierarchical Temporary Memory: An Empirical Assessment [64.73243241568555]
  Hierarchical Temporary Memory (HTM) is an unsupervised learning algorithm inspired by the features of the neocortex. This paper presents the first systematic study that assesses HTM in the context of failure prediction.
  arXiv  Detail & Related papers  (2021-10-06T07:09:45Z)
• Learning to Detect: A Data-driven Approach for Network Intrusion Detection [17.288512506016612]
  We perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks.
  arXiv  Detail & Related papers  (2021-08-18T21:19:26Z)
• DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows [52.31831255787147]
  We introduce a novel technique, DAAIN, to detect out-of-distribution (OOD) inputs and adversarial attacks (AA) Our approach monitors the inner workings of a neural network and learns a density estimator of the activation distribution. Our model can be trained on a single GPU making it compute efficient and deployable without requiring specialized accelerators.
  arXiv  Detail & Related papers  (2021-05-30T22:07:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.