Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection

Hindy, Hanan; Atkinson, Robert; Tachtatzis, Christos; Colin, Jean-Noël; Bayne, Ethan; Bellekens, Xavier

doi:10.3390/electronics9101684

Cited by 90 publications

(40 citation statements)

References 42 publications

(46 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors’ previous work in [ 31 ] proposed an autoencoder model to detect zero-day attacks. The model relies on the encoding–decoding capabilities of autoencoders to flag unknown (zero-day) attacks.…”

Section: Experiments and Resultsmentioning

confidence: 99%

“…The published results demonstrate the ability of the autoencoder to effectively detect zero-day attacks; however, the attacks that mimic benign behaviour experienced very low detection rates. In this section, the published model [ 31 ] was re-evaluated using the proposed higher level of feature abstraction. The aim is to assess the impact of the new features on zero-day attack detection, specifically benign mimicking ones, whose detection rate is low.…”

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Experiments and Resultsmentioning

confidence: 99%

“…To visualise the impact of flow aggregation features on zero-day attack detection, Figure 6 shows the effectiveness of flow aggregation features by contrasting the results that are discussed in this section versus the ones in [ 31 ]. It is observed that all attacks experienced a rise in detection accuracy when the flow aggregation features were used.…”

Section: Experiments and Resultsmentioning

confidence: 99%

“…Table 13 lists the zero-day detection accuracies when flow aggregation features are used alongside the bidirectional flow ones, which were used solely in the previously published work. The results show a high detection rate of all attacks, including the attacks that were detected with low accuracy without the flow aggregation features in [31]. To visualise the impact of flow aggregation features on zero-day attack detection, Figure 6 shows the effectiveness of flow aggregation features by contrasting the results that are discussed in this section versus the ones in [31].…”

Section: Zero-day Attack Detection Revaluationmentioning

confidence: 98%

See 4 more Smart Citations

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Hindy

Atkinson

Tachtatzis

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones.

show abstract

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Zero-day Attack Detection Revaluationmentioning

confidence: 98%

See 3 more Smart Citations

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Hindy

Atkinson

Tachtatzis

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

Applications of Machine Learning Techniques in the Realm of Cybersecurity

Kumar¹,

Pande²

2022

Cyber Security and Digital Forensics

View full text Add to dashboard Cite

Detection of zero‐day attacks in computer networks using combined classification

Bami

Moharamkhani

Zadmehr

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

In today's world, many public and private services are provided virtually on the Internet. Due to the increasing dynamism and development of computer networks, intrusion detection systems, as one of the hottest topics in network security, has become an attractive area of research for researchers. The intrusion detection system tries to categorize the activity of the connections into two categories, normal and abnormal. In intrusion detection system, each connection is described based on a set of features, and decisions about whether that connection is normal or abnormal are made using those features. The act of determining the norm or abnormality of a connection is called classification. In this article, a method based on combined classification is proposed to detect zero-day attacks. One of the most important innovations in this method is using a new version of the GRASP feature selection algorithm, which is used to diversify the base classifiers. In this method, an attempt is made to produce a subset of different features that have high accuracy; and variety to be used in the assembly stage.Experimental results showed that the method used to create feature subsets has high quality.

show abstract

Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection

Cited by 90 publications

References 42 publications

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Utilising Flow Aggregation to Classify Benign Imitating Attacks

Applications of Machine Learning Techniques in the Realm of Cybersecurity

Detection of zero‐day attacks in computer networks using combined classification

Contact Info

Product

Resources

About