CBAM: A Contextual Model for Network Anomaly Detection

Clausen, Henry; Grov, Gudmund; Aspinall, David

doi:10.3390/computers10060079

Cited by 10 publications

(6 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the field of target detection, the evaluation index [18] in the field of information retrieval is used to evaluate the detection performance of a single category, in which the AP value is the area value under the P-R curve with accuracy and recall as the vertical and horizontal coordinate axis, as shown in formula (7). For the calculation of precision (also known as recall), formula (8) is used.…”

Section: Performance Evaluation and Experimental Resultsmentioning

confidence: 99%

“…In view of the balance between detection accuracy and speed of Yolo series algorithms, yolov3 is selected as the detection basic network to improve the anchor box calculation method, so as to make it more suitable for the anchor boxes of instrument data set and make it more rapid convergence model; In addition, the residual block is added to further improve the extraction of shallow features, and the convolution block attention module CBAM [6][7][8] is added to the backbone network to deduce the attention weight sequentially from the two dimensions of channel and space, and then multiply it with the original feature map for adaptive adjustment, so as to make the network pay more attention to the area where the instrument target is located.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Target Detection of Pointer Instrument based on Deep Learning

Wang¹,

Dong²

2022

HSET

View full text Add to dashboard Cite

This paper proposed an instrument target detection algorithm based on yolov3 network for the drawbacks caused by manual inspection of pointer instruments in complex industrial environments. Firstly, the algorithm improved the model convergence speed by introducing the k-means++ algorithm to cluster out 9 sets of initial anchor boxes suitable for the pointer meter data set. Moreover, by combining the channel attention mechanism with spatial attention mechanism in the yolov3 backbone network, the extraction of shallow features was further improved by adding two residual blocks to the second residual block, then a new model yolov3-CBAM (Convolutional Block Attention Module) was formed. In addition, the mean average accuracy (map) of the training and testing of the three types of instruments on the data set reaches 90.8% by the results, which is about 2.1% higher than the original yolov3. This algorithm has obvious advantages in the patrol inspection and identification of industrial instruments.

show abstract

Section: Performance Evaluation and Experimental Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Target Detection of Pointer Instrument based on Deep Learning

Wang¹,

Dong²

2022

HSET

View full text Add to dashboard Cite

show abstract

“…[17] -and will instead focus on some more generic observations. The challenges faced when developing suitable datasets, and their scarcity, has already been discussed [9], [20], [30], [36]. A significant number of published works have used old and outdated datasets as benchmarks [8].…”

Section: A Datasetsmentioning

confidence: 99%

“…As a result, there has consistently been a lack of suitable datasets for this domain [9], [20], [30], [36] -and even more so for APTs [36] -causing some to argue that lack of suitable datasets constitutes one of the biggest challenges for developing capabilities to defend against APTs [34].…”

Section: Introductionmentioning

confidence: 99%

LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations

Gjerstad

Kadiric

Grov

et al. 2022

2022 IEEE International Conference on Big Data (Big Data)

Self Cite

View full text Add to dashboard Cite

Development and evaluation of data-driven capabilities for both threat hunting and intrusion detection require highquality and up-to-date datasets. The generation of such datasets poses multiple challenges, which has led to a general lack of suitable datasets for this domain.One such difficulty is the ability to correctly label each datapoint at a suitable level of granularity. In this paper, we argue that the challenges faced when labelling datasets can to some degree be decoupled from realistic emulations of up-to-date attacks and benign behaviours. We propose a modular labelling approach that can be combined with existing emulation platforms that provide the necessary details used for labelling. A proof-ofconcept implementation is provided with our LADEMU (Labelled Apt Datasets from EMUlations) tool, which is integrated with the Mitre CALDERA emulation platform and uses the GHOSTS framework for benign behaviour. LADEMU captures both host and network logs and labels them at a sufficient level of detail to separate the various attack steps. This provides dataset support for the development of data-driven APT, multi-step and killchain capabilities. As a case, LADEMU is used to generate a labelled dataset from an intelligence-driven emulation plan of an advanced persistent threat (APT) group.

show abstract

“…In the work of Urooj et al [ 10 ], the role of Deep Learning and Machine Learning is discussed both in the performance of the attack and detection of the attack. Henry et al [ 11 ] have demonstrated that using a bidirectional LSTM network, a potential network anomaly could be detected in a short session of time. However, one of the fundamental challenges in the applicability of Machine Learning- (ML) and Deep Learning- (DL) based intrusion detection systems is that most of them are trained using an almost decade-old NSL-KDD dataset.…”

Section: Introductionmentioning

confidence: 99%

Plant and Salamander Inspired Network Attack Detection and Data Recovery Model

Sharma

Issac

Xin

et al. 2023

Sensors

View full text Add to dashboard Cite

The number of users of the Internet has been continuously rising, with an estimated 5.1 billion users in 2023, which comprises around 64.7% of the total world population. This indicates the rise of more connected devices to the network. On average, 30,000 websites are hacked daily, and nearly 64% of companies worldwide experience at least one type of cyberattack. As per IDC’s 2022 Ransomware study, two-thirds of global organizations were hit by a ransomware attack that year. This creates the desire for a more robust and evolutionary attack detection and recovery model. One aspect of the study is the bio-inspiration models. This is because of the natural ability of living organisms to withstand various odd circumstances and overcome them with an optimization strategy. In contrast to the limitations of machine learning models with the need for quality datasets and computational availability, bio-inspired models can perform in low computational environments, and their performances are designed to evolve naturally with time. This study concentrates on exploring the evolutionary defence mechanism in plants and understanding how plants react to any known external attacks and how the response mechanism changes to unknown attacks. This study also explores how regenerative models, such as salamander limb regeneration, could build a network recovery system where services could be automatically activated after a network attack, and data could be recovered automatically by the network after a ransomware-like attack. The performance of the proposed model is compared to open-source IDS Snort and data recovery systems such as Burp and Casandra.

show abstract

CBAM: A Contextual Model for Network Anomaly Detection

Cited by 10 publications

References 29 publications

Target Detection of Pointer Instrument based on Deep Learning

Target Detection of Pointer Instrument based on Deep Learning

LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations

Plant and Salamander Inspired Network Attack Detection and Data Recovery Model

Contact Info

Product

Resources

About