Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection

• URL: http://arxiv.org/abs/2406.07578v1
• Date: Fri, 7 Jun 2024 21:05:33 GMT
• Title: Individual Packet Features are a Risk to Model Generalisation in ML-Based Intrusion Detection
• Authors: Kahraman Kostas, Mike Just, Michael A. Lones,
• Abstract summary: Individual packet features (IPF) are attributes extracted from a single network packet, such as timing, size, and source-destination information. We identify the limitations of IPF, showing they can produce misleadingly high detection rates. Our findings emphasize the need for approaches that consider packet interactions for robust intrusion detection.
• Score: 3.3772986620114387
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Machine learning is increasingly used for intrusion detection in IoT networks. This paper explores the effectiveness of using individual packet features (IPF), which are attributes extracted from a single network packet, such as timing, size, and source-destination information. Through literature review and experiments, we identify the limitations of IPF, showing they can produce misleadingly high detection rates. Our findings emphasize the need for approaches that consider packet interactions for robust intrusion detection. Additionally, we demonstrate that models based on IPF often fail to generalize across datasets, compromising their reliability in diverse IoT environments.

Related papers

• Object Style Diffusion for Generalized Object Detection in Urban Scene [69.04189353993907]
  We introduce a novel single-domain object detection generalization method, named GoDiff. By integrating pseudo-target domain data with source domain data, we diversify the training dataset. Experimental results demonstrate that our method not only enhances the generalization ability of existing detectors but also functions as a plug-and-play enhancement for other single-domain generalization methods.
  arXiv  Detail & Related papers  (2024-12-18T13:03:00Z)
• GeMID: Generalizable Models for IoT Device Identification [4.029017464832905]
  Device identification (DI) distinguishes IoT devices based on their traffic patterns. Existing approaches to DI that build machine learning models often overlook the challenge of model generalizability across diverse network environments. We propose a novel framework to address this limitation and evaluate the generalizability of DI models across datasets collected within different network environments.
  arXiv  Detail & Related papers  (2024-11-05T17:09:43Z)
• Open-Set Deepfake Detection: A Parameter-Efficient Adaptation Method with Forgery Style Mixture [58.60915132222421]
  We introduce an approach that is both general and parameter-efficient for face forgery detection. We design a forgery-style mixture formulation that augments the diversity of forgery source domains. We show that the designed model achieves state-of-the-art generalizability with significantly reduced trainable parameters.
  arXiv  Detail & Related papers  (2024-08-23T01:53:36Z)
• Federated PCA on Grassmann Manifold for IoT Anomaly Detection [23.340237814344384]
  Traditional machine learning-based intrusion detection systems (ML-IDS) possess limitations such as the requirement for labeled data. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions. This paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that learns common representations of distributed non-i.i.d. datasets.
  arXiv  Detail & Related papers  (2024-07-10T07:23:21Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• IoTGeM: Generalizable Models for Behaviour-Based IoT Attack Detection [3.3772986620114387]
  We present an approach for modelling IoT network attacks that focuses on generalizability, yet also leads to better detection and performance. First, we present an improved rolling window approach for feature extraction, and introduce a multi-step feature selection process that reduces overfitting. Second, we build and test models using isolated train and test datasets, thereby avoiding common data leaks. Third, we rigorously evaluate our methodology using a diverse portfolio of machine learning models, evaluation metrics and datasets.
  arXiv  Detail & Related papers  (2023-10-17T21:46:43Z)
• TII-SSRC-23 Dataset: Typological Exploration of Diverse Traffic Patterns for Intrusion Detection [0.5261718469769447]
  Existing datasets often fall short, lacking the necessary diversity and alignment with the contemporary network environment. This paper introduces TII-SSRC-23, a novel and comprehensive dataset designed to overcome these challenges.
  arXiv  Detail & Related papers  (2023-09-14T05:23:36Z)
• Ensemble Learning based Anomaly Detection for IoT Cybersecurity via Bayesian Hyperparameters Sensitivity Analysis [2.3226893628361682]
  Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices. Data collected by IoT contain a tremendous amount of information for anomaly detection. In this paper, we present a study on using ensemble machine learning methods for enhancing IoT cybersecurity via anomaly detection.
  arXiv  Detail & Related papers  (2023-07-20T05:23:49Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• Finding Facial Forgery Artifacts with Parts-Based Detectors [73.08584805913813]
  We design a series of forgery detection systems that each focus on one individual part of the face. We use these detectors to perform detailed empirical analysis on the FaceForensics++, Celeb-DF, and Facebook Deepfake Detection Challenge datasets.
  arXiv  Detail & Related papers  (2021-09-21T16:18:45Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.