From zero-shot machine learning to zero-day attack detection

Sarhan, Mohanad; Layeghy, Siamak; Gallagher, Marcus; Portmann, Marius

doi:10.1007/s10207-023-00676-0

Cited by 16 publications

(7 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further investigation revealed that these assaults with low-zero-day detection percentages have distinctive characteristic distributions and a wider Wasserstein distance than assaults in other assault classes. These results show the need to consider certain feature distributions to overcome such obstacles and illustrate the shortcomings of ML-based IDSs in successfully identifying specific zero-day attack situations [24].…”

Section: Related Literaturementioning

confidence: 92%

“…To evaluate the effectiveness of machine learning-based IDSs in recognizing zeroday attack scenarios, Sarhan et al [24] developed a unique zero-shot learning approach. The learning models translate data characteristics to semantic attributes that distinguish between known attacks and benign activity during the attribute learning step.…”

Section: Related Literaturementioning

confidence: 99%

See 1 more Smart Citation

Social Media Zero-Day Attack Detection Using TensorFlow

Topcu,

Alzoubi,

Elbasi

et al. 2023

Electronics

View full text Add to dashboard Cite

In the current information era, knowledge can pose risks in the online realm. It is imperative to proactively recognize potential threats, as unforeseen dangers cannot be eliminated entirely. Often, malware exploits and other emerging hazards are only identified after they have occurred. These types of risks are referred to as zero-day attacks since no pre-existing anti-malware measures are available to mitigate them. Consequently, significant damages occur when vulnerabilities in systems are exploited. The effectiveness of security systems, such as IPS and IDS, relies heavily on the prompt and efficient response to emerging threats. Failure to address these issues promptly hinders the effectiveness of security system developers. The purpose of this study is to analyze data from the Twitter platform and deploy machine learning techniques, such as word categorization, to identify vulnerabilities and counteract zero-day attacks swiftly. TensorFlow was utilized to handle the processing and conversion of raw Twitter data, resulting in significant efficiency improvements. Moreover, we integrated the Natural Language Toolkit (NLTK) tool to extract targeted words in various languages. Our results indicate that we have achieved an 80% success rate in detecting zero-day attacks by using our tool. By utilizing publicly available information shared by individuals, relevant security providers can be promptly informed. This approach enables companies to patch vulnerabilities more quickly.

show abstract

Section: Related Literaturementioning

confidence: 92%

Section: Related Literaturementioning

confidence: 99%

Social Media Zero-Day Attack Detection Using TensorFlow

Topcu,

Alzoubi,

Elbasi

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…In a similar vein, Kumar, V. developed a two-phase intelligent network technique specifically for identifying zero-day threats, achieving impressive accuracy rates of over 90% on CICIDS 2018 and real-time datasets using created signatures [25]. Sarhan, M. suggested a zero-sample learning technique to evaluate the performance of machine learning-based detection systems against unknown threats, providing valuable insights into their abilities to identify and mitigate such threats [26]. Sheng, C. devised a self-growing attack traffic classification system based on density-based heuristic clustering to improve the detection of unknown forms of attacks, enabling real-time automated detection [27].…”

Section: Related Workmentioning

confidence: 99%

An Effective Method for Detecting Unknown Types of Attacks Based on Log-Cosh Variational Autoencoder

Yu,

Xu,

Jiang

2023

Applied Sciences

View full text Add to dashboard Cite

The increasing prevalence of unknown-type attacks on the Internet highlights the importance of developing efficient intrusion detection systems. While machine learning-based techniques can detect unknown types of attacks, the need for innovative approaches becomes evident, as traditional methods may not be sufficient. In this research, we propose a deep learning-based solution called the log-cosh variational autoencoder (LVAE) to address this challenge. The LVAE inherits the strong modeling abilities of the variational autoencoder (VAE), enabling it to understand complex data distributions and generate reconstructed data. To better simulate discrete features of real attacks and generate unknown types of attacks, we introduce an effective reconstruction loss term utilizing the logarithmic hyperbolic cosine (log-cosh) function in the LVAE. Compared to conventional VAEs, the LVAE shows promising potential in generating data that closely resemble unknown attacks, which is a critical capability for improving the detection rate of unknown attacks. In order to classify the generated unknown data, we employed eight feature extraction and classification techniques. Numerous experiments were conducted using the latest CICIDS2017 dataset, training with varying amounts of real and unknown-type attacks. Our optimal experimental results surpassed several state-of-the-art techniques, achieving accuracy and average F1 scores of 99.89% and 99.83%, respectively. The suggested LVAE strategy also demonstrated outstanding performance in generating unknown attack data. Overall, our work establishes a solid foundation for accurately and efficiently identifying unknown types of attacks, contributing to the advancement of intrusion detection techniques.

show abstract

“…The findings conclude that SVM, scoring an average accuracy of 98.18%, refers to the best machine learning algorithm that can detect intrusions in a system. To empower machine learning-based NIDS to be able to detect zero-day attacks, [7] proposes a zero-shot learning method, which maps network data to known and unknown attack behaviors. Designing zero-day detection rate, the study was able to measure the effectiveness of the ML model developed, using UNSW-NB15 and NF-UNSW-NB15v2 datasets.…”

Section: Related Workmentioning

confidence: 99%

“…With the widespread usage of Internet applications, numerous network security issues occur on a regular basis, weakening network security. The vulnerabilities in cyberspace have led to various cyber-attacks including unauthorized access, denial of service (DoS), malware attacks, zero-day attacks, data breaches, social engineering, or phishing [5]- [7]. In May 2017, a ransomware virus caused massive losses in several areas, including banking, energy, medical care, and colleges.…”

Section: Introductionmentioning

confidence: 99%

LoGD-ai: An Efficient Network Intrusion Detection System Using a Soft Voting-Based Ensemble Learner

Agyapong,

Boateng,

Prempeh

et al. 2023

Preprint

View full text Add to dashboard Cite

Network attacks detection is still a difficult task because of the large data volumes needed for training a cutting-edge machine learning algorithms to unearth network invasions. Recently, a number of data mining methods have been put out for network intrusion detection. Meanwhile, each of them encounters certain difficulties resulting from the sophisticated nature of threats the existing models cannot detect. The NSL-KDD dataset containing four different form of attacks was employed in this paper. In this paper, we demonstrate the efficiency of LoGD-ai, a soft voting-based ensemble learner as network intrusion detection system to classify network data to normal and malicious. This soft-voting based ensemble classifier employs logistic regression, gradient boosting and decision tree algorithms for intrusion detection. Finally, the performance of the LoGD-ai classifier is compared to the popular gradient boosting machine (GBM), random forests (RF), and AdaBoost. Scoring 98.05% on accuracy, the LoGD-ai classifier performs better than GBM, RF and AdaBoost classifiers, efficiently detecting and classifying network traffic as normal or malicious. Compared to gradient boosting, our proposed methodology increases accuracy by 0.52%, which is critical for network intrusion detection.

show abstract

From zero-shot machine learning to zero-day attack detection

Cited by 16 publications

References 39 publications

Social Media Zero-Day Attack Detection Using TensorFlow

Social Media Zero-Day Attack Detection Using TensorFlow

An Effective Method for Detecting Unknown Types of Attacks Based on Log-Cosh Variational Autoencoder

LoGD-ai: An Efficient Network Intrusion Detection System Using a Soft Voting-Based Ensemble Learner

Contact Info

Product

Resources

About