Improving Cyber-Threat Detection by Moving the Boundary Around the Normal Samples

Andresini, Giuseppina; Appice, Annalisa; Caforio, Francesco Paolo; Malerba, Donato

doi:10.1007/978-3-030-57024-8_5

Cited by 8 publications

(3 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors used the AE to extract attack features. The CNN and MLP are applied to detect the intrusion attack [28][29][30] .…”

Section: Related Workmentioning

confidence: 99%

“…In this paper, five algorithms were used, that is, THEODORA [28] , AIDA [29] , MINDFUL [30] and, DNN-3 [35] and DNN4Layers [36] , as the comparative algorithms to verify the efficiency of the cVAE-DML. The details of those comparative algorithms are shown as follows.…”

Section: Comparative Experimentsmentioning

confidence: 99%

“…THEODORA is an attack detection model which can reduce data over-fitting by re-positioning the decision boundary that separates the normal training samples and the threats [28].…”

Section: Comparative Experimentsmentioning

confidence: 99%

See 2 more Smart Citations

Attack Detection Model for BCoT based on Contrastive Variational Autoencoder and Metric Learning

Wu,

Liu,

Ding

et al. 2024

Preprint

View full text Add to dashboard Cite

With development of blockchain technology, clouding computing and Internet of Things (IoT), blockchain and cloud of things (BCoT) has become development tendency. But the security has become the most development hinder of BCoT. Attack detection model is a crucial part of attack revelation mechanism for BCoT. As a consequence, attack detection model has received more concerned. Due to the great diversity and variation of network attacks aiming to BCoT, tradition attack detection models are not suitable for BCoT. In this paper, we propose a novel attack detection model for BCoT, denoted as cVAE-DML. The novel model is based on contrastive variational autoencoder (cVAE) and deep metric learning (DML). By training the cVAE, the proposed model generates private features for attack visiting information as well as shared features between attack visiting information and normal visiting information. Based on those generated features, the proposed model can generate representative new samples to balance the training dataset. At last, the decoder of cVAE is connected to the deep metric learning network to detect attack aiming to BCoT. The efficiency of cVAE-DML is verified using the CIC-IDS 2017 dataset and CSE-CIC-IDS 2018 dataset. The results show that cVAE-DML can improve attack detection efficiency even under the condition of unbalanced samples.

show abstract

“…The authors used the AE to extract attack features. The CNN and MLP are applied to detect the intrusion attack [28][29][30] .…”

Section: Related Workmentioning

confidence: 99%