As information technology advances, it provides user convenience but also has more vulnerabilities than ever before. In particular, attackers use advanced techniques to perform new attacks. In cyber security, such attacks are defined as unknown attacks and target previously undetected vulnerabilities or excavate gaps in the system. Because these attacks are unidentified or unanalyzed, they are difficult to identify in signature-based misuse detection that learns rules or patterns. Furthermore, anomaly-based detection that learns from normal data to detect outliers cannot detect unknown attacks accurately, because it does not distinguish between known and unknown attacks. To overcome these problems, this study applied Open-Set Recognition with dissimilarity weight(OSRDW). A OSRDW method was used to effectively train the extreme value distribution, which was calculated by applying the dissimilarity weight, through which unknown attack's weights were calculated and classified unknown attacks. Through research analysis, unknown attack divide two types, and three data sets(NSL-KDD, UNSW-NB15, CICIDS-2017) were used in the experiment. For the first type of unknown attack, the unknown attack detection rate of the proposed method was approximately 10%-20% better than that of the conventional method. For the second type of unknown attack, the accuracy and unknown attack detection rate were higher for the proposed method. The experimental results confirmed that the proposed method had better performance in detecting unknown attacks and it was detected various attacks in the three data sets.
Researchers have continuously sought effective ways to immediately detect unknown (zeroday) cyberattacks. Most current methods rely on pattern-recognition to identify known threats when they appear; however, some newer capabilities use machine-learning (ML) anomaly detection tools that involve training a model based on normal network data, so the outliers can be identified and scrutinized in case they represent a new attack. Various deep-learning methods have been attempted for the latter, but training for unknown features and new events is problematic with machine learning (ML), owing to the need to train for the unknown, which actually increases the risk of false positives. Moreover, attacks developed using adversarial learning techniques can quickly outsmart such algorithms by hiding the attack in the normal distribution. To overcome these problems, this study applies data discretization and decision-boundary point analyses to scrutinize patterns near the thresholds of uncertainty. A novel discretization method is used to effectively train our model for the fuzzy c-means feature analysis of data points at the decision boundary, through which adversarial features are detected and classified based upon their entropy. Through this, it was possible to identify incorrectly detected attack data distributed near the model's decision boundary. The National Security Laboratory's Knowledge Discovery Dataset, which is commonly used to evaluate ML intrusion detection systems, is used to evaluate the proposed method. The results show that our model successfully identifies attacks at the decision boundary as desired and that its performance can be improved through classification. In addition, when classification was performed, it was confirmed that the accuracy performance of DoS attacks was
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.