Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion d展开更多
Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) atta...Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.展开更多
Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of att...Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.展开更多
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion d
基金Supported by the National Natural Science Foundation of China (61202387, 61103220)Major Projects of National Science and Technology of China(2010ZX03006-001-01)+3 种基金Doctoral Fund of Ministry of Education of China (2012014110002)China Postdoctoral Science Foundation (2012M510641)Hubei Province Natural Science Foundation (2011CDB456)Wuhan Chenguang Plan Project(2012710367)
文摘Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2018R1D1A1B07050864,and was supported by another the Agency for Defense Development,UD200020ED.
文摘Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.
