An Attack Detection Framework Based on BERT and Deep Learning

Seyyar, Yunus Emre; Yavuz, A. Gökhan; Ünver, Halil Murat

doi:10.1109/access.2022.3185748

Cited by 20 publications

(9 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kozik et al [35] and Lin et al [36] proposed transformer-based models to process traffic traces and distinguish anomalous traffic from normal traffic. Seyyar et al [37] combined the multi-layer perceptron (MLP) with the BERT [27]-like input embedding method and proposed an abnormal HTTP request detection method. The experimental results showed that these methods achieved better performance for malicious traffic detection than others.…”

Section: A Malicious Traffic Detectionmentioning

confidence: 99%

Securing 5G/6G IoT Using Transformer and Personalized Federated Learning: An Access-Side Distributed Malicious Traffic Detection Framework

Luo,

Chen,

Sun

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.INDEX TERMS 5G/6G Internet of Things (IoT), malicious traffic detection, Transformer, personalized federated learning, multi-point collaboration.

show abstract

Section: A Malicious Traffic Detectionmentioning

confidence: 99%

Securing 5G/6G IoT Using Transformer and Personalized Federated Learning: An Access-Side Distributed Malicious Traffic Detection Framework

Luo,

Chen,

Sun

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

show abstract

“…The results illustrate that the ELMo representation can better illustrate the contextual-temporal dynamics in event prediction. BERT (Bidirectional Encoder Representations from Transformers) is actively used not only in the processing of natural, but also synthetic languages, such as HTTP/HTTPS for attack detection in network traffic (Seyyar et al, 2022). BERT models also allow learning the context of event log keys in anomaly detection systems LAnoBERT (Lee et al, 2021) and LogBERT (Guo et al, 2021).…”

Section: Semantics Modelsmentioning

confidence: 99%

“…• Rule-based correlation models -similarity rules (SimR) (Kotenko et al, 2020), causal rules (CauR) (Mahdavi et al, 2020;Siddiqui and Boukerche, 2021), composite rules (ComR) (Tao et al, 2021) and rule mining models (RM) (Xie et al, 2018;Bénard et al, 2021). • Semantic correlation models -signature language-based (SigL) (Almseidin et al, 2019;Tidjon et al, 2020), event embedding (EE) (Lee et al, 2021;Seyyar et al, 2022), and ontology learning (OL) (Zheng et al, 2018;Deng and Hooi, 2021) models. • Graphical correlation models -knowledge provenance graphs (KPG) (Milajerdi et al, 2019;Zeng et al, 2021), and probabilistic graphical models (PGM) (Shawly et al, 2019;Ma et al, 2022).…”

Section: Summary Of Ai-based Security Event Correlation Modelsmentioning

confidence: 99%

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

Gaifulina

Kotenko

2023

Artif Intell Rev

View full text Add to dashboard Cite

Information systems need to process a large amount of event monitoring data. The process of finding the relationships between events is called correlation, which creates a context between independent events and previously collected information in real time and normalizes it for subsequent processing. In cybersecurity, events can determine the steps of attackers and can be analyzed as part of a specific attack strategy. In this survey, we present the systematization of security event correlation models in terms of their representation in AI-based monitoring systems as: rule-based, semantic, graphical and machine learning based-models. We define the main directions of current research in the field of AI-based security event correlation and the methods used for the correlation of both single events and their sequences in attack scenarios. We also describe the prospects for the development of hybrid correlation models. In conclusion, we identify the existing problems in the field and possible ways to overcome them.

show abstract

“…Furthermore, they have been used with a similar technique for the task of human mobility forecasting [23], [24]. More in general, transformerbased models originally designed for NLP tasks have demonstrated successful applications in a wide variety of non-NLP tasks [25], including: images [26], [27], [28], videos [29], [30], [31], speech and audio recognition [32], [33], conversational systems [34], [35], recommender systems [36], [37], reinforcement learning [38], [39], graphs [40], [41], protein structure predictions [42], [43], autonomous driving [44], [45], and anomaly detection problems [46], [47].…”

Section: Related Workmentioning

confidence: 99%

Detection of Wastewater Pollution Through Natural Language Generation With a Low-Cost Sensing Platform

et al. 2023

View full text Add to dashboard Cite

The detection of contaminants in several environments (e.g., air, water, sewage systems) is of paramount importance to protect people and predict possible dangerous circumstances. Most works do this using classical Machine Learning tools that act on the acquired measurement data. This paper introduces two main elements: a low-cost platform to acquire, pre-process, and transmit data to classify contaminants in wastewater; and a novel classification approach to classify contaminants in wastewater, based on deep learning and the transformation of raw sensor data into natural language metadata. The proposed solution presents clear advantages against state-of-the-art systems in terms of higher effectiveness and reasonable efficiency. The main disadvantage of the proposed approach is that it relies on knowing the injection time, i.e., the instant in time when the contaminant is injected into the wastewater. For this reason, the developed system also includes a finite state machine tool able to infer the exact time instant when the substance is injected. The entire system is presented and discussed in detail. Furthermore, several variants of the proposed processing technique are also presented to assess the sensitivity to the number of used samples and the corresponding promptness/computational burden of the system. The lowest accuracy obtained by our technique is 91.4%, which is significantly higher than the 81.0% accuracy reached by the best baseline method.

show abstract

An Attack Detection Framework Based on BERT and Deep Learning

Cited by 20 publications

References 36 publications

Securing 5G/6G IoT Using Transformer and Personalized Federated Learning: An Access-Side Distributed Malicious Traffic Detection Framework

Securing 5G/6G IoT Using Transformer and Personalized Federated Learning: An Access-Side Distributed Malicious Traffic Detection Framework

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

Detection of Wastewater Pollution Through Natural Language Generation With a Low-Cost Sensing Platform

Contact Info

Product

Resources

About