Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey

McCarthy, Andrew; Ghadafi, Essam; Andriotis, Panagiotis; Legg, Phil

doi:10.3390/jcp2010010

Cited by 29 publications

(11 citation statements)

References 134 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed ML‐Entropy, along with the competing solutions, are evaluated using two distinct network traffic datasets: (

i

) the DARPA2009 dataset, 23 a well‐known dataset that has been used in the context of ML application in cybersecurity and IoT 36,37 ; and (

ii

) a dataset from a large corporation, hereafter denoted as RealCorp dataset.…”

Section: Methodsmentioning

confidence: 99%

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

Santos‐Neto,

Bordim,

Alchieri

et al. 2024

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware defined network (SDN) has emerged as a new paradigm in terms of network architecture, providing flexibility, agility, and programmability to network management. These benefits boosted the SDN adoption, bringing new challenges mainly related to security, in particular, those related to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. The detection, prevention, and mitigation of these attacks are important since they can affect the entire network. Many current security measures use statistical techniques, as entropy, or machine learning (ML) algorithms to detect DoS and DDoS attacks. While the definition of a threshold to determine whether a traffic is an attack is not trivial in statistical techniques, ML solutions may provide better accuracy but require considerable computational resources and time to converge to a model able to detect these attacks. Trying to circumvent these limitations, current hybrid approaches either use the results from entropy as input in ML algorithms (EntropyML) or use entropy as a filter and ML algorithms to identify attacks. This work goes one step ahead and combines these techniques in a three‐step approach (EntropyMLEntropy), called ML‐Entropy, which inherits the intelligence of ML algorithms to adjust the threshold used by entropy. The proposed solution was implemented and evaluated in two datasets, the well‐known synthetic DARPA dataset and a dataset composed by traffic collected from a real‐corporate environment. Experimental results show that, in general, ML‐Entropy presents an accuracy above 99%, similar to support vector machine (SVC) and random forest (RF) algorithms, being able to converge to a detection model up to and faster than RF and SVC, respectively.

show abstract

“…The proposed ML‐Entropy, along with the competing solutions, are evaluated using two distinct network traffic datasets: (

i

) the DARPA2009 dataset, 23 a well‐known dataset that has been used in the context of ML application in cybersecurity and IoT 36,37 ; and (

ii

) a dataset from a large corporation, hereafter denoted as RealCorp dataset.…”

Section: Methodsmentioning

confidence: 99%

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

Santos‐Neto,

Bordim,

Alchieri

et al. 2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…In addition, the proposed approach performs well on imbalanced data and has a better ability to identify different cyberattacks as it has been mentioned in the previous sub-sections. Therefore, RF-2NIDS can be considered as a robust model against adversarial attacks, whereby the only purpose is to trick the learnt model to make incorrect results (McCarthy et al, 2022;Sauka et al, 2022;Zhao et al, 2022). This will be proven in the next contribution.…”

Section: Comparison With Existing Methodsmentioning

confidence: 99%

i-2NIDS Novel Intelligent Intrusion Detection Approach for a Strong Network Security

Ennaji

Akkad

Haddouch

2023

International Journal of Information Security and Privacy

View full text Add to dashboard Cite

The potential of machine learning mechanisms played a key role in improving the intrusion detection task. However, other factors such as quality of data, overfitting, imbalanced problems, etc. may greatly affect the performance of an intelligent intrusion detection system (IDS). To tackle these issues, this paper proposes a novel machine learning-based IDS called i-2NIDS. The novelty of this approach lies in the application of the nested cross-validation method, which necessitates using two loops: the outer loop is for hyper-parameter selection that costs least error during the run of a small amount of training set and the inner loop for the error estimation in the test set. The experiments showed significant improvements within NSL-KDD dataset with a test accuracy rate of 99.97%, 99.79%, 99.72%, 99.96%, and 99.98% in detecting normal activities, DDoS/DoS, Probing, R2L and U2R attacks, respectively. The obtained results approve the efficiency and superiority of the approach over other recent existing experiments.

show abstract

“…In this section, we will review existing research that uses GAN to address the issue of unbalanced data in detecting cyberattacks using reinforcement learning (RL) models. The literature in the field of cyberattack detection suggests that recurrent neural network (RNN) and RL approaches are not yet fully explored [12]. Our paper will specifically focus on insider threat detection (ITD) as a type of cyberattack detection.…”

Section: Related Workmentioning

confidence: 99%

A Multi-Agent Intrusion Detection System Optimized by a Deep Reinforcement Learning Approach with a Dataset Enlarged Using a Generative Model to Reduce the Bias Effect

Mouyart,

Medeiros Machado,

Jun

2023

JSAN

View full text Add to dashboard Cite

Intrusion detection systems can defectively perform when they are adjusted with datasets that are unbalanced in terms of attack data and non-attack data. Most datasets contain more non-attack data than attack data, and this circumstance can introduce biases in intrusion detection systems, making them vulnerable to cyberattacks. As an approach to remedy this issue, we considered the Conditional Tabular Generative Adversarial Network (CTGAN), with its hyperparameters optimized using the tree-structured Parzen estimator (TPE), to balance an insider threat tabular dataset called the CMU-CERT, which is formed by discrete-value and continuous-value columns. We showed through this method that the mean absolute errors between the probability mass functions (PMFs) of the actual data and the PMFs of the data generated using the CTGAN can be relatively small. Then, from the optimized CTGAN, we generated synthetic insider threat data and combined them with the actual ones to balance the original dataset. We used the resulting dataset for an intrusion detection system implemented with the Adversarial Environment Reinforcement Learning (AE-RL) algorithm in a multi-agent framework formed by an attacker and a defender. We showed that the performance of detecting intrusions using the framework of the CTGAN and the AE-RL is significantly improved with respect to the case where the dataset is not balanced, giving an F1-score of 0.7617.

show abstract

Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey

Cited by 29 publications

References 134 publications

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

DDoS attack detection in SDN: Enhancing entropy‐based detection with machine learning

i-2NIDS Novel Intelligent Intrusion Detection Approach for a Strong Network Security

A Multi-Agent Intrusion Detection System Optimized by a Deep Reinforcement Learning Approach with a Dataset Enlarged Using a Generative Model to Reduce the Bias Effect

Contact Info

Product

Resources

About