Guorui Xie,Qing Li,Chupeng Cui,Peican Zhu,Dan Zhao,Wanxin Shi,Zhuyun Qi,Yong Jiang,Xi Xiao

DOI: https://doi.org/10.1109/srds55811.2022.00029

2022-01-01

Abstract:Though several deep learning (DL) detectors have been proposed for the network attack detection and achieved high accuracy, they are computationally expensive and struggle to satisfy the real-time detection for high-speed networks. Recently, programmable switches exhibit a remarkable throughput efficiency on production networks, indicating a possible deployment of the timely detector. Therefore, we present Soter, a DL enhanced in-network framework for the accurate real-time detection. Soter consists of two phases. One is filtering packets by a rule-based decision tree running on the Tofino ASIC. The other is executing a well-designed lightweight neural network for the thorough inspection of the suspicious packets on the CPU. Experiments on the commodity switch demonstrate that Soter behaves stably in ten network scenarios of different traffic rates and fulfills per-flow detection in 0.03s. Moreover, Soter naturally adapts to the distributed deployment among multiple switches, guaranteeing a higher total throughput for large data centers and cloud networks.

Guorui Xie,Qing Li,Zhenning Shi,Hanbin Fang,Shengpeng Ji,Yong Jiang,Zhenhui Yuan,Lianbo Ma,Mingwei Xu

DOI: https://doi.org/10.1109/tc.2023.3333253

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Neural networks (NNs) are widely used in classification-based networking analysis to help traffic transmission and system security. However, there are heterogeneous network devices (e.g., switches and routers) in a network. Manually customizing NNs with specific device requirements (e.g., max allowed running latency) can be time-consuming and labor-intensive. Furthermore, the diverse data characteristics of different networking classification tasks add to the burden of NN customization. This paper introduces Loong, a neural architecture search (NAS) based system that automatically generates NNs for various networking tasks and devices. Loong includes a neural operation embedding module, which embeds candidate neural operations into the layer to be designed. Then, the layer-wise training is used to generate a task-specific NN layer by layer. This layer-wise scheme simultaneously trains and selects candidate neural operations using gradient feedback. Finally, only the important operations are selected to form the layer, maximizing accuracy. By incorporating multiple objectives, including deployment memory and running latency of devices, into the training and selection of NNs, Loong is able to customize NNs for heterogeneous network devices. Experiments show that Loong's NNs outperform 13 manual-designed and NAS-based NNs, with a 4.11% improvement in F1-score. Additionally, Loong's NNs achieve faster (7.92X) speeds on commodity devices.

Guorui Xie,Qing Li,Chupeng Cui,Ruoyu Li,Lianbo Ma,Zhuyun Qi,Yong Jiang

DOI: https://doi.org/10.1109/TDSC.2024.3402955

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:To improve the accuracy of network attack detection, recent work has proposed deep learning (DL) based detectors. Nonetheless, conventional DL-based solutions are computation-intensive and have to be deployed on high-performance x86 servers, which is inefficient for large-scale networks. Unlike x86 servers, current programmable switches (e.g., P4 switches) support a throughput of Tbps and enable programmable logic in networks, indicating a promising alternative. Therefore, we present Soterv2, an intelligent in-network solution deployed on programmable switches. Soterv2 utilizes a two-phase detection manner. In the first phase, we build a P4 program running on the switch's Tofino ASIC to filter malicious packets from the massive traffic. Then, a DL-based inspection is conducted on the switch's CPU, thoroughly detecting the filtered packets. To improve the filtering performance, we propose to embed the rule-based machine learning model, decision tree, in a single match-action table in the P4 program. We also design a lightweight DL model, Branch Convolution Net, running on a multi-core fashion to speed up the thorough detection. Besides, Soterv2 enables the coordination of distributed switches, covering the detection in a large-scale network. Experiments demonstrate that Soterv2 behaves stably in eight network scenarios of different traffic rates (40/100Gbps) and fulfills per-flow detection in 0.03s.

Binbin Huang,Xunqing Huang,Xiao Liu,Chuntao Ding,Yuyu Yin,Shuiguang Deng

DOI: https://doi.org/10.1016/j.comcom.2023.12.034

IF: 5.047

2024-01-01

Computer Communications

Abstract:With the increasing proliferation of Internet-of-Things (IoT) devices, it is a growing trend toward training a deep neural network (DNN) model in pipeline parallelism across resource-constraint IoT devices. To ensure the model convergence and accuracy, synchronous pipeline parallelism is usually adopted. However, the synchronous pipeline can incur a long waiting time due to its gradient aggregation of all microbatches. It is urgent for a DNN model to design an adaptive partitioning and efficient scheduling scheme in heterogeneous IoT environment. To address this problem, we propose a policy gradient based model partitioning and scheduling scheme (PG-MPSS) to minimize per-iteration training time. More specifically, we first design a double-network framework to divide and schedule a DNN model. Then, we adopt a policy gradient algorithm to update the double-network parameters, aiming at learning an optimal double-network model. We conduct extensive experiments to compare the DNN training time of the PG-MPSS scheme with that of Dynamic Programming (DP), Genetic Algorithm (GA), Particle Swarm Optimization (PSO), Average&Greedy (AG) and Proximal Policy Optimization (PPO) five baseline algorithms under different experimental settings. The related experimental results demonstrate that the PG-MPSS scheme can greatly expedite synchronous pipeline training of a DNN model.

James Seekings,Peyton Chandarana,Mahsa Ardakani,MohammadReza Mohammadi,Ramtin Zand

2024-07-12

Abstract:This paper explores the synergistic potential of neuromorphic and edge computing to create a versatile machine learning (ML) system tailored for processing data captured by dynamic vision sensors. We construct and train hybrid models, blending spiking neural networks (SNNs) and artificial neural networks (ANNs) using PyTorch and Lava frameworks. Our hybrid architecture integrates an SNN for temporal feature extraction and an ANN for classification. We delve into the challenges of deploying such hybrid structures on hardware. Specifically, we deploy individual components on Intel's Neuromorphic Processor Loihi (for SNN) and Jetson Nano (for ANN). We also propose an accumulator circuit to transfer data from the spiking to the non-spiking domain. Furthermore, we conduct comprehensive performance analyses of hybrid SNN-ANN models on a heterogeneous system of neuromorphic and edge AI hardware, evaluating accuracy, latency, power, and energy consumption. Our findings demonstrate that the hybrid spiking networks surpass the baseline ANN model across all metrics and outperform the baseline SNN model in accuracy and latency.

Neural and Evolutionary Computing,Artificial Intelligence,Hardware Architecture,Computer Vision and Pattern Recognition,Machine Learning

Andy Reed,Laurence Dooley,Soraya Kouadri Mostefaoui

DOI: https://doi.org/10.3390/s24175581

IF: 3.9

2024-08-31

Sensors

Abstract:The pernicious impact of malicious Slow DoS (Denial of Service) attacks on the application layer and web-based Open Systems Interconnection model services like Hypertext Transfer Protocol (HTTP) has given impetus to a range of novel detection strategies, many of which use machine learning (ML) for computationally intensive full packet capture and post-event processing. In contrast, existing detection mechanisms, such as those found in various approaches including ML, artificial intelligence, and neural networks neither facilitate real-time detection nor consider the computational overhead within resource-constrained Internet of Things (IoT) networks. Slow DoS attacks are notoriously difficult to reliably identify, as they masquerade as legitimate application layer traffic, often resembling nodes with slow or intermittent connectivity. This means they often evade detection mechanisms because they appear as genuine node activity, which increases the likelihood of mistakenly being granted access by intrusion-detection systems. The original contribution of this paper is an innovative Guardian Node (GN) Slow DoS detection model, which analyses the two key network attributes of packet length and packet delta time in real time within a live IoT network. By designing the GN to operate within a narrow window of packet length and delta time values, accurate detection of all three main Slow DoS variants is achieved, even under the stealthiest malicious attack conditions. A unique feature of the GN model is its ability to reliably discriminate Slow DoS attack traffic from both genuine and slow nodes experiencing high latency or poor connectivity. A rigorous critical evaluation has consistently validated high, real-time detection accuracies of more than 98% for the GN model across a range of demanding traffic profiles. This performance is analogous to existing ML approaches, whilst being significantly more resource efficient, with computational and storage overheads being over 96% lower than full packet capture techniques, so it represents a very attractive alternative for deployment in resource-scarce IoT environments.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zecheng Hao,Tong Bu,Xinyu Shi,Zihan Huang,Zhaofei Yu,Tiejun Huang

2024-01-01

Abstract:Spiking Neural Networks (SNNs) have received widespread attention in academic communities due to their superior spatio-temporal processing capabilities and energy-efficient characteristics. With further in-depth application in various fields, the vulnerability of SNNs under adversarial attack has become a focus of concern. In this paper, we draw inspiration from two mainstream learning algorithms of SNNs and observe that SNN models reserve both rate and temporal information. To better understand the capabilities of these two types of information, we conduct a quantitative analysis separately for each. In addition, we note that the retention degree of temporal information is related to the parameters and input settings of spiking neurons. Building on these insights, we propose a hybrid adversarial attack based on rate and temporal information (HART), which allows for dynamic adjustment of the rate and temporal attributes. Experimental results demonstrate that compared to previous works, HART attack can achieve significant superiority under different attack scenarios, data types, network architecture, time-steps, and model hyper-parameters. These findings call for further exploration into how both types of information can be effectively utilized to enhance the reliability of SNNs. Code is available at [https://github.com/hzc1208/HART_Attack](https://github.com/hzc1208/HART_Attack).

Junpeng He,Lingfeng Yao,Xiong Li,Muhammad Khurram Khan,Weina Niu,Xiaosong Zhang,Fagen Li

DOI: https://doi.org/10.1007/s10489-024-05290-8

IF: 5.3

2024-02-27

Applied Intelligence

Abstract:Malicious traffic on the Internet has become an increasingly serious problem, and several artificial intelligence (AI)-based malicious traffic detection methods have been proposed. Generally, AI-based methods need numerous benign and specific types of malicious traffic training instances to achieve better detection results. However, for attacks with only a few instances, known as the few-shot attacks, these methods often perform poorly, and how to train a model for detecting few-shot attacks is a huge challenge. For this problem, we propose a novel intrusion detection system based on generative adversarial networks and model-agnostic meta-learning. The system adopts a hybrid detection mechanism where an anomaly-based classifier determines whether incoming traffic is malicious and a signature-based classifier identifies the class of malicious traffic. In the system, the samples of few-shot attacks are augmented by maximizing the use of meta-knowledge and then applied to assist the detection of few-shot attacks to obtain better detection results. The experiments show that for CSE-CIC-IDS2018 and Bot-IoT datasets, this system can detect malicious traffic with 94.3%/1.8% TPR/FPR and 99.8%/0.1% TPR/FPR, respectively, and also can identify the class of the few-shot attacks with 95.2% and 91.9% accuracy, respectively. Compared with other related methods, the system improves the accuracy of identifying few-shot attacks on these two datasets by at least 2.2% and 1.5%, respectively. Additionally, a parameter visualization process is designed, which shows the fast-adaptive property and better generalization capability of the system.

computer science, artificial intelligence

Qijun Hou,Anbai Jiang,Wei-Qiang Zhang,Pingyi Fan,Jia Liu

DOI: https://doi.org/10.1109/globecom54140.2023.10436800

2023-01-01

Abstract:The fast-developing Artificial Internet of Things (AIoT) technologies enable the consistent monitoring of multiple machines, by which machine failures can be detected in the early phases, and production efficiency and system management can be greatly promoted, bringing huge significance for anomaly detection. However, in most cases, anomalies are not provided for training, and the lack of direct supervision deprecates the anomaly detection performance. For the application viewpoint, the detector is required to generalize well on multiple machines, except for being computationally efficient. The computational cost is strictly limited, which is a great challenge for mobile and embedded devices. In face of these issues, we propose MobileAnoNet, which decouples an end-to-end detector into a front-end feature extractor and a back-end anomaly detector. The front-end extractor, consuming most computation, is unified for all machine types, while the back-end detector is specialized for each machine type, improving the detection capacity. The model is trained by handy labels of machine types and working conditions, in which multiple classification heads are attached behind the feature extractor during training. The performance of the model is evaluated on two DCASE datasets focusing on machine audio anomaly detection. It's shown that MobileAnoNet achieves a general improvement of 6.9% and 8.8% on two datasets, respectively. The ablation study demonstrates that multi-task learning promotes the general representation capacity. The source code is available at: www.github.com/hqj-les30/MobileAnoNet.

Andreas Ziegler,Karl Vetter,Thomas Gossard,Jonas Tebbe,Sebastian Otte,Andreas Zell

2024-09-17

Abstract:Neuromorphic Computing (NC) and Spiking Neural Networks (SNNs) in particular are often viewed as the next generation of Neural Networks (NNs). NC is a novel bio-inspired paradigm for energy efficient neural computation, often relying on SNNs in which neurons communicate via spikes in a sparse, event-based manner. This communication via spikes can be exploited by neuromorphic hardware implementations very effectively and results in a drastic reductions of power consumption and latency in contrast to regular GPU-based NNs. In recent years, neuromorphic hardware has become more accessible, and the support of learning frameworks has improved. However, available hardware is partially still experimental, and it is not transparent what these solutions are effectively capable of, how they integrate into real-world robotics applications, and how they realistically benefit energy efficiency and latency. In this work, we provide the robotics research community with an overview of what is possible with SNNs on neuromorphic hardware focusing on real-time processing. We introduce a benchmark of three popular neuromorphic hardware devices for the task of event-based object detection. Moreover, we show that an SNN on a neuromorphic hardware is able to run in a challenging table tennis robot setup in real-time.

Robotics,Computer Vision and Pattern Recognition

xingbin wang,Boyan Zhao,Yulan Su,Sisi Zhang,Fengkai Yuan,Jun Zhang,Dan Meng,Rui Hou,Xingbin Wang

DOI: https://doi.org/10.1145/3677318

2024-08-16

ACM Transactions on Embedded Computing Systems

Abstract:Understanding how to defend against adversarial attacks is crucial for ensuring the safety and reliability of these systems in real-world applications. Various adversarial defense methods are proposed, which aim at improving the robustness of neural networks against adversarial attacks by changing the model structure, adding detection networks, and adversarial purification network. However, deploying adversarial defense methods in existing DNN accelerators or defensive accelerators leads to many key issues. To address these challenges, this article proposes sDNNGuard , an elastic heterogeneous DNN accelerator architecture that can efficiently orchestrate the simultaneous execution of original ( target ) DNN networks and the detect algorithm or network. It not only supports for dense DNN detect algorithms, but also allows for sparse DNN defense methods and other mixed dense-sparse (e.g., dense-dense and sparse-dense) workloads to fully exploit the benefits of sparsity. sDNNGuard with a CPU core also supports the non-DNN computing and allows the special layer of the neural network, and used for the conversion for sparse storage format for weights and activation values. To reduce off-chip traffic and improve resources utilization, a new hardware abstraction with elastic on-chip buffer/computing resource management is proposed to achieve dynamical resource scheduling mechanism. We propose an extended AI instruction set for neural networks synchronization, task scheduling and efficient data interaction. Experiment results show that sDNNGuard can effectively validate the legitimacy of the input samples in parallel with the target DNN model, achieving an average 1.42× speedup compared with the state-of-the-art accelerators.

computer science, software engineering, hardware & architecture

Tianyi Wang,Zichen Wang,Cong Wang,Yuanchao Shu,Ruilong Deng,Peng Cheng,Jiming Chen

2024-12-03

Abstract:Object detection is a fundamental enabler for many real-time downstream applications such as autonomous driving, augmented reality and supply chain management. However, the algorithmic backbone of neural networks is brittle to imperceptible perturbations in the system inputs, which were generally known as misclassifying attacks. By targeting the real-time processing capability, a new class of latency attacks are reported recently. They exploit new attack surfaces in object detectors by creating a computational bottleneck in the post-processing module, that leads to cascading failure and puts the real-time downstream tasks at risks. In this work, we take an initial attempt to defend against this attack via background-attentive adversarial training that is also cognizant of the underlying hardware capabilities. We first draw system-level connections between latency attack and hardware capacity across heterogeneous GPU devices. Based on the particular adversarial behaviors, we utilize objectness loss as a proxy and build background attention into the adversarial training pipeline, and achieve a reasonable balance between clean and robust accuracy. The extensive experiments demonstrate the defense effectiveness of restoring real-time processing capability from $13$ FPS to $43$ FPS on Jetson Orin NX, with a better trade-off between the clean and robust accuracy.

Computer Vision and Pattern Recognition,Cryptography and Security

Christian Callegari,Stefano Giordano,Michele Pagano

DOI: https://doi.org/10.1016/j.bdr.2024.100446

IF: 3.3

2024-02-29

Big Data Research

Abstract:Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. For this reason, many works on the topic have been proposed in the last decade. Nonetheless, an ultimate solution, able to provide a high detection rate with an acceptable false alarm rate, has still to be identified. In the last years big research efforts have focused on the application of Deep Learning techniques to the field, but no work has been able, so far, to propose a system achieving good detection performance, while processing raw network traffic in real time. For this reason in the paper we propose an Intrusion Detection System that, leveraging on probabilistic data structures and Deep Learning techniques, is able to process in real time the traffic collected in a backbone network, offering excellent detection performance and low false alarm rate. Indeed, the extensive experimental tests, run to validate our system and compare different Deep Learning techniques, confirm that, with a proper parameter setting, we can achieve about 92% of detection rate, with an accuracy of 0.899. Finally, with minimal changes, the proposed system can provide some information about the kind of anomaly, although in the multi-class scenario the detection rate is slightly lower (around 86%).

computer science, information systems, artificial intelligence, theory & methods

Guru Bhandari,Andreas Lyth,Andrii Shalaginov,Tor-Morten Grønli

DOI: https://doi.org/10.3390/electronics12020298

IF: 2.9

2023-01-07

Electronics

Abstract:Cyberattacks always remain the major threats and challenging issues in the modern digital world. With the increase in the number of internet of things (IoT) devices, security challenges in these devices, such as lack of encryption, malware, ransomware, and IoT botnets, leave the devices vulnerable to attackers that can access and manipulate the important data, threaten the system, and demand ransom. The lessons from the earlier experiences of cyberattacks demand the development of the best-practices benchmark of cybersecurity, especially in modern Smart Environments. In this study, we propose an approach with a framework to discover malware attacks by using artificial intelligence (AI) methods to cover diverse and distributed scenarios. The new method facilitates proactively tracking network traffic data to detect malware and attacks in the IoT ecosystem. Moreover, the novel approach makes Smart Environments more secure and aware of possible future threats. The performance and concurrency testing of the deep neural network (DNN) model deployed in IoT devices are computed to validate the possibility of in-production implementation. By deploying the DNN model on two selected IoT gateways, we observed very promising results, with less than 30 kb/s increase in network bandwidth on average, and just a 2% increase in CPU consumption. Similarly, we noticed minimal physical memory and power consumption, with 0.42 GB and 0.2 GB memory usage for NVIDIA Jetson and Raspberry Pi devices, respectively, and an average 13.5% increase in power consumption per device with the deployed model. The ML models were able to demonstrate nearly 93% of detection accuracy and 92% f1-score on both utilized datasets. The result of the models shows that our framework detects malware and attacks in Smart Environments accurately and efficiently.

engineering, electrical & electronic,computer science, information systems,physics, applied

Fang Feng,Xin Liu,Binbin Yong,Rui Zhou,Qingguo Zhou

DOI: https://doi.org/10.1016/j.adhoc.2018.09.014

IF: 4.816

2019-01-01

Ad Hoc Networks

Abstract:Ad-hoc network is a temporary self-organizing network that needs no fixed infrastructure. So it has been applied extensively in many areas requesting temporary communication such as military field, emergency disaster relief and road traffic. While, due to the feature of self-organization and wireless communication channels, ad-hoc network is more vulnerable to various attacks compared to the traditional network. In this paper, we proposed a plug and play device to detect Denial of Service (DoS) and privacy attacks. This device mainly includes capture tool and deep learning detection model. Capture tool is used to grab packets in ad-hoc networks, deep learning detection model is used for detecting attacks. An alarm will be triggered if the detected result is attack. In this way, we can avoid the detected attack to spreading out in larger scale. The proposed method can be used as the second line of dense to issue the early-warning signal. In the experiment, first, we use Deep neural network (DNN) detection model to detect DoS attacks; next, we use DNN, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) detection model to detect XSS and SQL attacks. The results show that these detection models can achieve very high Accuracy, Precision, Recall and F1−score. In addition, the time efficiency among the CNN, the LSTM and the DNN is in acceptable range. It proofs that the proposed method can be effectively applied for attack detection. It is important to note that the proposed method can be extended to all other attacks with little modification in ad-hoc networks.

Colin Shea,Tinoosh Mohsenin

DOI: https://doi.org/10.1145/3358699

IF: 2.013

2019-10-31

ACM Journal on Emerging Technologies in Computing Systems

Abstract:Deep neural networks have become the readiest answer to a range of application challenges including image recognition, stock analysis, natural language processing, and biomedical applications such as seizure detection. All while outperforming prior leading solutions that relied heavily on hand-engineered techniques. However, deployment of these neural networks often requires high-computational and memory-intensive solutions. These requirements make it challenging to deploy Deep Neural Networks (DNNs) in embedded, real-time low-power applications where classic architectures, GPUs and CPUs, still impose significant power burden. Systems-on-Chip (SoC) with Field-programmable Gate Arrays (FPGAs) can be used to improve performance and allow more fine-grain control of resources than CPUs or GPUs, but it is difficult to find the optimal balance between hardware and software to improve DNN efficiency. In the current research literature there have been few proposed solutions to address optimizing hardware and software deployments of DNNs in embedded low-power systems. To address the computation resource restriction and low-power needs for deploying these networks, we describe and implement a domain-specific metric model for optimizing task deployment on differing platforms, hardware and software. Next, we propose a DNN hardware accelerator called Scalable Low-power Accelerator for real-time deep neural Networks (SCALENet) that includes multithreaded software workers. Finally, we propose a heterogeneous aware scheduler that uses the DNN-specific metric models and the SCALENet accelerator to allocate a task to a resource based on solving a numerical cost for a series of domain objectives. To demonstrate the applicability of our contribution, we deploy nine modern deep network architectures, each containing a different number of parameters within the context of two different neural network applications: image processing and biomedical seizure detection. Utilizing the metric modeling techniques integrated into the heterogeneous aware scheduler and the SCALENet accelerator, we demonstrate the ability to meet computational requirements, adapt to multiple architectures, and lower power by providing an optimized task to resource allocation. Our heterogeneous aware scheduler improves power saving by decreasing power consumption by 10% of the total system power, does not affect the accuracy of the networks, and still meets the real-time deadlines. We demonstrate the ability to achieve parity with or exceed the energy efficiency of NVIDIA GPUs when evaluated against Jetson TK1 with embedded GPU SoC and with a 4× power savings in a power envelope of 2.0W. When compared to existing FPGA-based accelerators, SCALENet’s accelerator and heterogeneous aware scheduler achieves a 4× improvement in energy efficiency.

engineering, electrical & electronic,computer science, hardware & architecture,nanoscience & nanotechnology

Ziming Zhao,Zhaoxuan Li,Jialun Jiang,Fengyuan Yu,Fan Zhang,Congyuan Xu,Xinjie Zhao,Rui Zhang,Shize Guo

DOI: https://doi.org/10.1109/tdsc.2023.3242134

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Traffic detection systems based on machine learning have been proposed to defend against cybersecurity threats, such as intrusion attacks and malware. However, they did not take the impact of network-induced phenomena into consideration, such as packet loss, retransmission, and out-of-order. These phenomena will introduce additional misclassifications in the real world. In this paper, we present ${sf ERNN}$, a robust and end-to-end RNN model that is specially designed against network-induced phenomena. As its core, ${sf ERNN}$ is designed with a novel gating unit named as session gate that includes: (i) four types of actions to simulate common network-induced phenomena during model training; and (ii) the Mealy machine to update states of session gate that adjusts the probability distribution of network-induced phenomena. Taken together, ${sf ERNN}$ advances state-of-the-art by realizing the model robustness for network-induced phenomena in an error-resilient manner. We implement ${sf ERNN}$ and evaluate it extensively on both intrusion detection and malware detection systems. By practical evaluation with dynamic bandwidth utilization and different network topologies, we demonstrate that ${sf ERNN}$ can still identify 98.63% of encrypted intrusion traffic when facing about 16% abnormal packet sequences on a 10 Gbps dataplane. Similarly, ${sf ERNN}$ can still robustly identify more than 97% of the encrypted malware traffic in multi-user concurrency scenarios. ${sf ERNN}$ can realize $sim$4% accuracy more than SOTA methods. Based on the Integrated Gradients method, we interpret the gating mechanism can reduce the dependencies on local packets (termed dependency dispersion). Moreover, we demonstrate that ${sf ERNN}$ possesses superior stability and scalability in terms of parameter settings and feature selection.

computer science, information systems, software engineering, hardware & architecture

Chunrui Zhang,Gang Wang,Shen Wang,Dechen Zhan,Mingyong Yin

DOI: https://doi.org/10.1016/j.comnet.2023.109692

IF: 5.493

2023-03-11

Computer Networks

Abstract:In recent years, cybersecurity has been endlessly challenged by more and more sophisticated network attacks, due to lacking the ability to detect unknown attacks in time. Recent researches show that machine learning helps to improve the efficacy of network attack detection, by training network attack classification models with huge amount labeled data. However in internal networks, due to the scarcity of attack instances and lacking expert labor force to label the data, it is always difficult to obtain sufficient labeled data to train such models. To uncover unknown attacks with machine learning techniques in internal networks, we propose to exploit transfer learning to utilize public datasets that contains attack instances to train a prediction model that will be used for un-labeled internal datasets. The main problem is to address the heterogeneity between datasets. Specifically, we project two heterogeneous datasets into a common latent space and formulate an optimization problem to minimize the distance of two distributions in the common space. Then we apply SVM classifier to the projected data to identify attack instances in internal networks. We conduct experiments that perform transfer learning between the NSLKDD to UNSW-NB15 datasets. The results validate that the proposed method notably improves the cross-domain attack detection accuracy in learning scenarios, such as "DoS to DoS" and "R2L to Exploits".

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Gangqiang Li,Sissi Xiaoxiao Wu,Shengli Zhang,Qiang Li

DOI: https://doi.org/10.1109/access.2020.2978458

IF: 3.9

2020-01-01

IEEE Access

Abstract:To support the big-data processing needs of large-scale deployments of smart devices, there is significant interest in moving from cloud-computing to multi-agent (fog-computing) models, given these algorithms scalability and self-healing properties with respect to nodes and link failures. However, these algorithms are often based on the average consensus primitive, which is, unfortunately, vulnerable to data injection attacks. Recognizing this challenge, this work proposes three novel methods for detecting and localizing adversarial nodes using neural network (NN) models. The methods proposed are based on fully distributed algorithms, wherein each node locally updates its local states by exchanging information with its neighbors without supervision. Compared to the state-of-the-art, the proposed approach leverages the automatic learning characteristics of NN to reduce the dependence on pre-designed models and human expertise in complex internal attack scenarios. Simulation results show that the NN-based methods can significantly improve the attacker detection and localization performance.

Li Lyna Zhang,Shihao Han,Jianyu Wei,Ningxin Zheng,Ting Cao,Yunxin Liu

DOI: https://doi.org/10.1145/3529706.3529712

2021-01-01

Abstract:Inference latency has become a crucial metric in running Deep Neural Network (DNN) models on various mobile and edge devices. To this end, latency prediction of DNN inference is highly desirable for many tasks where measuring the latency on real devices is infeasible or too costly. Yet it is very challenging and existing approaches fail to achieve a high accuracy of prediction, due to the varying model-inference latency caused by the runtime optimizations on diverse edge devices. In this paper, we propose and develop nn-Meter, a novel and efficient system to accurately predict the DNN inference latency on diverse edge devices. The key idea of nn-Meter is dividing a whole model inference into kernels, i.e., the execution units on a device, and conducting kernel-level prediction. nn-Meter builds atop two key techniques: (i) kernel detection to automatically detect the execution unit of model inference via a set of well-designed test cases; and (ii) adaptive sampling to efficiently sample the most beneficial configurations from a large space to build accurate kernel-level latency predictors. nn-Meter achieves significant high prediction accuracy on four types of edge devices.