A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

Shaukat, Kamran; Luo, Siwei; Varadharajan, Vijay; Hameed, Ibrahim A.; Xu, Min

doi:10.1109/access.2020.3041951

Cited by 225 publications

(85 citation statements)

References 469 publications

(336 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the majority of its neighbours classify an instance incorrectly, that instance is discarded [30]. 3) Cluster Centroids: This method performs k-means an d replaces the majority class samples with their respective cluster centroids to reduce the n u mb er of samples [31]. 4) Edited Nearest Neighbors (ENN): Each instance is tested using k-NN with the rest of the samples in t h is method.…”

Section: ) Data-level Methodsmentioning

confidence: 99%

A Comparative Performance Analysis of Data Resampling Methods on Imbalance Medical Data

et al. 2021

Self Cite

View full text Add to dashboard Cite

Medical datasets are usually imbalanced, where negative cases severely outnumber p osit iv e cases. Therefore, it is essential to deal with this data skew problem when training machine learning algorithms. This study uses two representative lung cancer datasets, PLCO an d NLST, wit h imb alan ce ratios (the proportion of samples in the majority class to those in the minority class) of 24.7 and 25.0, respectively, to predict lung cancer incidence. This research uses the performance o f 23 clas s imb alan ce methods (resampling and hybrid systems) with three classical classifiers (logistic regression, random forest, and LinearSVC) to identify the best imbalance techniques suitable for medical datasets. Resampling includes ten under-sampling methods (RUS, Etc.), seven over-sampling methods (SMOTE, Etc.), an d t wo integrated sampling methods (SMOTEENN, SMOTE-Tomek). Hybrid systems include (Balanced Bagging, Etc.). The results show that class imbalance learning can improve the classification abilit y o f t h e mo d el. Compared with other imbalanced techniques, under-sampling techniques have the highest standard deviation (SD), and over-sampling techniques have the lowest SD. Over-sampling is a stable met h od, an d the AUC in the model is generally higher than in other ways. Using ROS, the random forest p erforms t h e best predictive ability and is more suitable for the lung cancer datasets used in this study.

show abstract

Section: ) Data-level Methodsmentioning

confidence: 99%

A Comparative Performance Analysis of Data Resampling Methods on Imbalance Medical Data

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Supervised algorithms learn a model allowing to classify any new observation (a data point) as either collected when a system is targeted by a malicious attack, or during normal operations. For example, the literature reports on the successful usage of Random Forests [44], Support Vector Machines [54], [82], Convolutional Deep Neural Networks [38], [55], [71] for the detection of attacks through the analysis of network traffic, assuming that those attacks are known at training time by the supervised ML algorithms.…”

Section: Detection Of Known and Unknown Attacksmentioning

confidence: 99%

Unsupervised Algorithms to Detect Zero-Day Attacks: Strategy and Application

2021

View full text Add to dashboard Cite

In the last decade, researchers, practitioners and companies struggled for devising mechanisms to detect cyber-security threats. Among others, those efforts originated rule-based, signature-based or supervised Machine Learning (ML) algorithms that were proven effective for detecting those intrusions that have already been encountered and characterized. Instead, new unknown threats, often referred to as zero-day attacks or zero-days, likely go undetected as they are often misclassified by those techniques. In recent years, unsupervised anomaly detection algorithms showed potential to detect zero-days. However, dedicated support for quantitative analyses of unsupervised anomaly detection algorithms is still scarce and often does not promote meta-learning, which has potential to improve classification performance. To such extent, this paper introduces the problem of zero-days and reviews unsupervised algorithms for their detection. Then, the paper applies a questionanswer approach to identify typical issues in conducting quantitative analyses for zero-days detection, and shows how to setup and exercise unsupervised algorithms with appropriate tooling. Using a very recent attack dataset, we debate on i) the impact of features on the detection performance of unsupervised algorithms, ii) the relevant metrics to evaluate intrusion detectors, iii) means to compare multiple unsupervised algorithms, iv) the application of meta-learning to reduce misclassifications. Ultimately, v) we measure detection performance of unsupervised anomaly detection algorithms with respect to zero-days. Overall, the paper exemplifies how to practically orchestrate and apply an appropriate methodology, process and tool, providing even non-experts with means to select appropriate strategies to deal with zero-days.

show abstract

“…e huge volume of network data has made intrusion detection issues amenable to machine learning (ML) methods, which have been successfully applied in natural language processing [8], recommendation system [9], etc. ML-based IDS has attracted much interest from researchers over the last decade [10][11][12]. ML-based IDS could be roughly divided into pattern recognition issues and anomaly detection issues despite its fuzzy boundary, which means that it overlaps with anomaly-based IDS to a large extent.…”

Section: Introductionmentioning

confidence: 99%

Detecting Temporal Attacks: An Intrusion Detection System for Train Communication Ethernet Based on Dynamic Temporal Convolutional Network

Yue

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The train communication Ethernet (TCE) of modern intelligent trains is under an ever-increasing threat of serious network attacks. Denial of service (DoS) and man in the middle (MITM), the two most destructive attacks against TCE, are difficult to detect by conventional methods. Aiming at their highly time-correlated properties, a novel dynamic temporal convolutional network-based intrusion detection system (DyTCN-IDS) is proposed in this paper to detect these temporal attacks. A semiphysical TCE testbed that is capable of simulating real situations in TCE-based trains is first built to generate an effective dataset for training and testing. DyTCN-IDS consists of two phases, and in the first phase, systematic feature engineering is designed to optimize the dataset. In the second phase, a basic detection model that is good at dealing with temporal features is first built by utilizing the temporal convolutional network with several architectural optimizations. Then, in order to decrease the computational consumption waste on network packet sequences with different lengths of inner temporal relationships, dynamic neural network technology is further adopted to optimize the basic detection model. Diverse experiments were carried out to evaluate the proposed system from different angles. The experimental results indicate that our system is easy to train, converges fast, costs less computational resources, and achieves satisfying detection performance with a macro false alarm rate of 0.09%, a macro F-score of 99.39%, and an accuracy of 99.40%. Compared to some canonical DL-based IDS and some latest IDS, our system acquires the best overall detection performance as well.

show abstract

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

Cited by 225 publications

References 469 publications

A Comparative Performance Analysis of Data Resampling Methods on Imbalance Medical Data

A Comparative Performance Analysis of Data Resampling Methods on Imbalance Medical Data

Unsupervised Algorithms to Detect Zero-Day Attacks: Strategy and Application

Detecting Temporal Attacks: An Intrusion Detection System for Train Communication Ethernet Based on Dynamic Temporal Convolutional Network

Contact Info

Product

Resources

About