Furqan Rustam,Anca Delia Jurcut,Wajdi Aljedaani,Imran Ashraf

DOI: https://doi.org/10.1109/pst58708.2023.10320203

2023-01-01

Abstract:The emergence of new network architectures, protocols, and tools has made it easier for cybercriminals to launch attacks using AI-based tools, presenting challenges in network security. To protect such systems, a versatile malicious traffic detection system is required that can identify attacks regardless of the type of traffic coming toward the network. In this paper, a system is proposed that can singly analyze multi-environment traffic (IoT and traditional IP-based) to detect malicious activity. The existing techniques for managing Multi-Environment traffic are inefficient due to the absence of AI utilization. To overcome these issues, the proposed approach generates a novel multienvironment traffic dataset by merging existing network datasets containing both traditional IP-based traffic and IoT network traffic. Synthetic Data Augmentation TEchnique (S-DATE) is also proposed to overcome the problem of imbalanced data distribution in the new multi-environment dataset. The results show that the utilization of S-DATE results in faster machine learning model convergence and an improvement in the detection rate of normal and abnormal traffic. The proposed approach achieves an impressive overall detection rate of 0.991 and is statistically significant compared to other state-of-the-art approaches.

Rahman Shafique,Furqan Rustam,Gyu Sang Choi,Anca Delia Jurcut

DOI: https://doi.org/10.1109/wcnc57260.2024.10571300

2024-01-01

Abstract:Cybersecurity poses a growing threat to technology infrastructure, especially raising concerns for automobile technology. Modern vehicles, reliant on connectivity, face a critical challenge in safeguarding their in-vehicle networks from cyber-attacks. Although the Controller Area Network is a standard for in-vehicle networks, its lack of security features exposes vehicles to vulnerabilities. Especially, the use of AI for offensive purposes further intensifies the threat to automotive technology infrastructure to protect it from cyber-attacks. This study proposes an approach to enhance in-vehicle network security, employing machine learning algorithms to protect against both AI-based generated attacks and traditional attacks. The Conditional Tabular Generative Adversarial Network (CTGAN) is utilized to generate in-vehicle network traffic, which is then combined with benchmark in-vehicle network traffic to create a complex and diverse scenario. The Random Forest model achieved a significant accuracy score for both benchmark in-vehicle network traffic and AI-based traffic, with scores of 0.93 and 0.89, respectively.

Furqan Rustam,Anca Delia Jurcut

DOI: https://doi.org/10.1016/j.cose.2023.103564

IF: 5.105

2024-01-01

Computers & Security

Abstract:The rapid advancement of network architectures, protocols, and tools poses significant challenges to network security, especially due to the use of AI-based tools by cybercriminals. It is crucial to develop a versatile malicious traffic detection system capable of identifying attacks across diverse traffic types. This paper presents an enhanced system for detecting malicious traffic in multi-environment (M-En) networks, including IoT, SDN, and traditional IP-based traffic. Existing techniques often under-utilize diversity in network traffic, limiting their effectiveness. To address this, we propose a comprehensive approach that combines the power of Synthetic Data Augmentation TEchnique (S-DATE) and Particle Swarm Optimizer (PSO)-based Diverse-Self Ensemble Model (D-SEM). Our approach proposes the M-En dataset, a combination of three different network architectures datasets including InSDN, UNSWNB-15, and IoTID-20 that accurately represent real-world scenarios. S-DATE is then employed to address imbalanced data distribution in novel generated M-En dataset, enabling better model convergence and enhancing the detection rate of normal and abnormal traffic. Additionally, we introduce PSO-D-SEM, a novel ensemble model that leverages the diversity provided by PSO to handle the complexity of M-En networks. The PSO-D-SEM combines individual models trained on a subset of the M-En dataset, resulting in improved overall performance. The experimental results demonstrate the superiority of our enhanced system, achieving a significant accuracy score of 0.989. Further, we also deploy a statistical T-test to demonstrate the significance of the proposed PSO-D-SEM approach in comparison with state-of-the-art methods.

Furqan Rustam,Rahman Shafique,Sarath Kumar Posa,Anca Delia Jurcut

DOI: https://doi.org/10.1109/mass62177.2024.00095

2024-01-01

Abstract:Cybersecurity is gaining interest from researchers as it becomes increasingly important to protect data communication on the internet from cybercriminals. However, with advancements in network infrastructures and architectures, network technology presents challenges in developing security systems that can effectively counter cyberattacks with high accuracy and low computational cost. The latest network architectures necessitate a system capable of analyzing diverse network traffic. To address this, our proposed approach targets the detection of malicious traffic in a multi-environment (M-En) network that includes SDN, IoT, and traditional IP-based networks. To tackle the diversity of M-En networks, we introduce the Dual-Data Trained Light Gradient Boosting Machine (DDT-LightGBM), which combines two LightGBM models through soft voting. The training strategy involves one LightGBM model trained on balanced data using SVMSMOTE for data balancing and another trained on an imbalanced dataset to inject diversity into individual training. By merging both models through soft voting and averaging probabilities for final predictions, the DDT-LightGBM approach achieves a significant accuracy score of 0.992, surpassing other methods in both accuracy and efficiency.

Sarah Alkadi,Saad Al-Ahmadi,Mohamed Maher Ben Ismail

DOI: https://doi.org/10.3390/s24082626

IF: 3.9

2024-04-20

Sensors

Abstract:Recently, Machine Learning (ML)-based solutions have been widely adopted to tackle the wide range of security challenges that have affected the progress of the Internet of Things (IoT) in various domains. Despite the reported promising results, the ML-based Intrusion Detection System (IDS) proved to be vulnerable to adversarial examples, which pose an increasing threat. In fact, attackers employ Adversarial Machine Learning (AML) to cause severe performance degradation and thereby evade detection systems. This promoted the need for reliable defense strategies to handle performance and ensure secure networks. This work introduces RobEns, a robust ensemble framework that aims at: (i) exploiting state-of-the-art ML-based models alongside ensemble models for IDSs in the IoT network; (ii) investigating the impact of evasion AML attacks against the provided models within a black-box scenario; and (iii) evaluating the robustness of the considered models after deploying relevant defense methods. In particular, four typical AML attacks are considered to investigate six ML-based IDSs using three benchmarking datasets. Moreover, multi-class classification scenarios are designed to assess the performance of each attack type. The experiments indicated a drastic drop in detection accuracy for some attempts. To harden the IDS even further, two defense mechanisms were derived from both data-based and model-based methods. Specifically, these methods relied on feature squeezing as well as adversarial training defense strategies. They yielded promising results, enhanced robustness, and maintained standard accuracy in the presence or absence of adversaries. The obtained results proved the efficiency of the proposed framework in robustifying IDS performance within the IoT context. In particular, the accuracy reached 100% for black-box attack scenarios while preserving the accuracy in the absence of attacks as well.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Iqbal H. Sarker

DOI: https://doi.org/10.1002/spy2.295

2023-01-12

Security and Privacy

Abstract:Due to the rising dependency on digital technology, cybersecurity has emerged as a more prominent field of research and application that typically focuses on securing devices, networks, systems, data and other resources from various cyber‐attacks, threats, risks, damages, or unauthorized access. Artificial intelligence (AI), also referred to as a crucial technology of the current Fourth Industrial Revolution (Industry 4.0 or 4IR), could be the key to intelligently dealing with these cyber issues. Various forms of AI methodologies, such as analytical, functional, interactive, textual as well as visual AI can be employed to get the desired cyber solutions according to their computational capabilities. However, the dynamic nature and complexity of real‐world situations and data gathered from various cyber sources make it challenging nowadays to build an effective AI‐based security model. Moreover, defending robustly against adversarial attacks is still an open question in the area. In this article, we provide a comprehensive view on "Cybersecurity Intelligence and Robustness," emphasizing multi‐aspects AI‐based modeling and adversarial learning that could lead to addressing diverse issues in various cyber applications areas such as detecting malware or intrusions, zero‐day attacks, phishing, data breach, cyberbullying and other cybercrimes. Thus the eventual security modeling process could be automated, intelligent, and robust compared to traditional security systems. We also emphasize and draw attention to the future aspects of cybersecurity intelligence and robustness along with the research direction within the context of our study. Overall, our goal is not only to explore AI‐based modeling and pertinent methodologies but also to focus on the resulting model's applicability for securing our digital systems and society.

Artem Dremov

DOI: https://doi.org/10.20998/2079-0023.2023.02.11

2023-12-19

Abstract:This paper aims to provide a solution for malicious network traffic detection and categorization. Remote attacks on computer systems are becoming more common and more dangerous nowadays. This is due to several factors, some of which are as follows: first of all, the usage of computer networks and network infrastructure overall is on the rise, with tools such as messengers, email, and so on. Second, alongside increased usage, the amount of sensitive information being transmitted over networks has also grown. Third, the usage of computer networks for complex systems, such as grid and cloud computing, as well as IoT and “smart” locations (e.g., “smart city”) has also seen an increase. Detecting malicious network traffic is the first step in defending against a remote attack. Historically, this was handled by a variety of algorithms, including machine learning algorithms such as clustering. However, these algorithms require a large amount of sample data to be effective against a given attack. This means that defending against zero‐day attacks or attacks with high variance in input data proves difficult for such algorithms. In this paper, we propose a semi‐supervised generative adversarial network (GAN) to train a discriminator model to categorize malicious traffic as well as identify malicious and non‐malicious traffic. The proposed solution consists of a GAN generator that creates tabular data representing network traffic from a remote attack and a classifier deep neural network for said traffic. The main goal is to achieve accurate categorization of malicious traffic with a few labeled examples. This can also, in theory, improve classification accuracy compared to fully supervised models. It may also improve the model’s performance against completely new types of attacks. The resulting model shows a prediction accuracy of 91 %, which is lower than a conventional deep learning model; however, this accuracy is achieved with a small sample of data (under 1000 labeled examples). As such, the results of this research may be used to improve computer system security, for example, by using dynamic firewall rule adjustments based on the results of incoming traffic classification. The proposed model was implemented and tested in the Python programming language and the TensorFlow framework. The dataset used for testing is the NSL‐KDD dataset.

Furqan Rustam,Wajdi Aljedaani,Mahmoud Said Elsayed,Anca Delia Jurcut

DOI: https://doi.org/10.1016/j.comnet.2024.110603

IF: 5.493

2024-01-01

Computer Networks

Abstract:Multi-environment networks, such as those in smart homes, handle both IoT and traditional IP-based traffic. Weak security protocols in IoT devices and the diverse traffic flow make these networks vulnerable to security breaches. This study delves into this pressing challenge and presents a pioneering solution—FAMTDS (Fully Automated Malicious Traffic Detection System)—designed explicitly for multi-environment networks. FAMTDS addresses the critical need for robust security measures by intelligently analyzing the amalgamation of IoT and IP-based traffic. FAMTDS comprises three pivotal stages: innovative multi-environment dataset creation, optimization of machine learning model hyperparameters, and holistic system optimization. For the multi-environment dataset, we amalgamate two prominent open-source datasets, UNSW-NB-15 and IoTID-20. Initially, crucial features are extracted from both datasets using an extra trees classifier. Subsequently, an equal number of features is generated by employing a neural network to harmonize these datasets. The resulting multi-environment dataset encompasses 19 distinct attack types, a comprehensive inclusion unprecedented in prior research on malicious traffic detection. This dataset exhibits diversity owing to its varied traffic samples, addressing a crucial gap in existing studies. To accommodate this diversity, machine learning models are deployed with fine-tuned hyperparameters. The Mouth Flame Optimizer streamlines feature extraction, feature generation, and hyperparameter tuning, automating the optimization process. FAMTDS demonstrates exceptional performance, achieving an accuracy score of 0.85 for the multi-environment dataset. We also integrated the CICDDOS2019 dataset with IoTID-20 in our multi-environment dataset, achieving a notable accuracy of 0.82 against recent attacks, thus enhancing our approach’s validation. To further validate the generalizability of our proposed approach, we applied it to zero-day attack prediction. Our method demonstrated an accuracy of 0.84 for zero-day attacks, indicating its effectiveness in detecting newly emerging threats in multi-environment networks.

Cheolhee Park,Jonghoon Lee,Youngsoo Kim,Jong-Geun Park,Hyunjin Kim,Dowon Hong

DOI: https://doi.org/10.1109/jiot.2022.3211346

IF: 10.6

2023-01-24

IEEE Internet of Things Journal

Abstract:As communication technology advances, various and heterogeneous data are communicated in distributed environments through network systems. Meanwhile, along with the development of communication technology, the attack surface has expanded, and concerns regarding network security have increased. Accordingly, to deal with potential threats, research on network intrusion detection systems (NIDSs) has been actively conducted. Among the various NIDS technologies, recent interest is focused on artificial intelligence (AI)-based anomaly detection systems, and various models have been proposed to improve the performance of NIDS. However, there still exists the problem of data imbalance, in which AI models cannot sufficiently learn malicious behavior and thus fail to detect network threats accurately. In this study, we propose a novel AI-based NIDS that can efficiently resolve the data imbalance problem and improve the performance of the previous systems. To address the aforementioned problem, we leveraged a state-of-the-art generative model that could generate plausible synthetic data for minor attack traffic. In particular, we focused on the reconstruction error and Wasserstein distance-based generative adversarial networks, and autoencoder-driven deep learning models. To demonstrate the effectiveness of our system, we performed comprehensive evaluations over various data sets and demonstrated that the proposed systems significantly outperformed the previous AI-based NIDS.

Rahman Shafique,Furqan Rustam,Gyu Sang Choi,Sarath Kumar Posa,Anca Delia Jurcut

DOI: https://doi.org/10.1109/issc61953.2024.10603221

2024-01-01

Abstract:Autonomous vehicles (AVs) are revolutionizing transportation by offering unparalleled efficiency and reshaping the way people travel. However, this technology also raises concerns due to its susceptibility to unwanted control by unau-thorized users, which can result in significant damage. The importance of in-vehicle networks has gained attention from researchers who are working to protect Controller Area Networks (CAN), an integral part of AVs. Despite the presence of various techniques proposed by researchers to protect these CANs, there are still many issues, such as addressing new, unseen attacks and protecting against AI-based attacks. To address these challenges, this study proposes an approach that can effectively handle diverse attacks, including AI-based attacks, using a machine learning approach. We utilize a dataset from our previous study, which consists of hybrid traffic comprising original attack traffic and AI-based attack traffic generated by CTGAN. The proposed approach incorporates the concept of transfer learning, where we leverage a trained CNN to extract valuable feature patterns. These CNN-based features are then used to train machine learning algorithms. Our results demonstrate that Random Forest models achieved significant success, with an accuracy score of 0.92 and very low computational training and testing times of 78.5501 and 2.2262, respectively.

Md Mashrur Arifin,Md Shoaib Ahmed,Tanmai Kumar Ghosh,Ikteder Akhand Udoy,Jun Zhuang,Jyh-haw Yeh

2024-09-20

Abstract:With the proliferation of Artificial Intelligence, there has been a massive increase in the amount of data required to be accumulated and disseminated digitally. As the data are available online in digital landscapes with complex and sophisticated infrastructures, it is crucial to implement various defense mechanisms based on cybersecurity. Generative Adversarial Networks (GANs), which are deep learning models, have emerged as powerful solutions for addressing the constantly changing security issues. This survey studies the significance of the deep learning model, precisely on GANs, in strengthening cybersecurity defenses. Our survey aims to explore the various works completed in GANs, such as Intrusion Detection Systems (IDS), Mobile and Network Trespass, BotNet Detection, and Malware Detection. The focus is to examine how GANs can be influential tools to strengthen cybersecurity defenses in these domains. Further, the paper discusses the challenges and constraints of using GANs in these areas and suggests future research directions. Overall, the paper highlights the potential of GANs in enhancing cybersecurity measures and addresses the need for further exploration in this field.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Ayodeji Oseni,Nour Moustafa,Helge Janicke,Peng Liu,Zahir Tari,Athanasios Vasilakos

DOI: https://doi.org/10.48550/arXiv.2102.04661

2021-02-09

Cryptography and Security

Abstract:The increased adoption of Artificial Intelligence (AI) presents an opportunity to solve many socio-economic and environmental challenges; however, this cannot happen without securing AI-enabled technologies. In recent years, most AI models are vulnerable to advanced and sophisticated hacking techniques. This challenge has motivated concerted research efforts into adversarial AI, with the aim of developing robust machine and deep learning models that are resilient to different types of adversarial scenarios. In this paper, we present a holistic cyber security review that demonstrates adversarial attacks against AI applications, including aspects such as adversarial knowledge and capabilities, as well as existing methods for generating adversarial examples and existing cyber defence models. We explain mathematical AI models, especially new variants of reinforcement and federated learning, to demonstrate how attack vectors would exploit vulnerabilities of AI models. We also propose a systematic framework for demonstrating attack techniques against AI applications and reviewed several cyber defences that would protect AI applications against those attacks. We also highlight the importance of understanding the adversarial goals and their capabilities, especially the recent attacks against industry applications, to develop adaptive defences that assess to secure AI applications. Finally, we describe the main challenges and future research directions in the domain of security and privacy of AI technologies.

Malik AL-Essa,Giuseppina Andresini,Annalisa Appice,Donato Malerba

DOI: https://doi.org/10.1007/s10994-023-06470-2

IF: 5.414

2024-01-14

Machine Learning

Abstract:Ensemble learning is a strategy commonly used to fuse different base models by creating a model ensemble that is expected more accurate on unseen data than the base models. This study describes a new cyber-threat detection method, called PANACEA , that uses ensemble learning coupled with adversarial training in deep learning, in order to gain accuracy with neural models trained in cybersecurity problems. The selection of the base models is one of the main challenges to handle, in order to train accurate ensembles. This study describes a model ensemble pruning approach based on eXplainable AI (XAI) to increase the ensemble diversity and gain accuracy in ensemble classification. We base on the idea that being able to identify base models that give relevance to different input feature sub-spaces may help in improving the accuracy of an ensemble trained to recognise different signatures of different cyber-attack patterns. To this purpose, we use a global XAI technique to measure the ensemble model diversity with respect to the effect of the input features on the accuracy of the base neural models combined in the ensemble. Experiments carried out on four benchmark cybersecurity datasets (three network intrusion detection datasets and one malware detection dataset) show the beneficial effects of the proposed combination of adversarial training, ensemble learning and XAI on the accuracy of multi-class classifications of cyber-data achieved by the neural model ensemble.

computer science, artificial intelligence

Jian-hua LI

DOI: https://doi.org/10.1631/fitee.1800573

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:There is a wide range of interdisciplinary intersections between cyber security and artificial intelligence (AI). On one hand, AI technologies, such as deep learning, can be introduced into cyber security to construct smart models for implementing malware classification and intrusion detection and threating intelligence sensing. On the other hand, AI models will face various cyber threats, which will disturb their sample, learning, and decisions. Thus, AI models need specific cyber security defense and protection technologies to combat adversarial machine learning, preserve privacy in machine learning, secure federated learning, etc. Based on the above two aspects, we review the intersection of AI and cyber security. First, we summarize existing research efforts in terms of combating cyber attacks using AI, including adopting traditional machine learning methods and existing deep learning solutions. Then, we analyze the counterattacks from which AI itself may suffer, dissect their characteristics, and classify the corresponding defense methods. Finally, from the aspects of constructing encrypted neural network and realizing a secure federated deep learning, we expatiate the existing research on how to build a secure AI system.

Ehsan Nowroozi,Mohammadreza Mohammadi,Erkay Savas,Mauro Conti,Yassine Mekdad

DOI: https://doi.org/10.48550/arXiv.2209.12195

2023-04-17

Abstract:In the past few years, Convolutional Neural Networks (CNN) have demonstrated promising performance in various real-world cybersecurity applications, such as network and multimedia security. However, the underlying fragility of CNN structures poses major security problems, making them inappropriate for use in security-oriented applications including such computer networks. Protecting these architectures from adversarial attacks necessitates using security-wise architectures that are challenging to attack. In this study, we present a novel architecture based on an ensemble classifier that combines the enhanced security of 1-Class classification (known as 1C) with the high performance of conventional 2-Class classification (known as 2C) in the absence of <a class="link-external link-http" href="http://attacks.Our" rel="external noopener nofollow">this http URL</a> architecture is referred to as the 1.5-Class (SPRITZ-1.5C) classifier and constructed using a final dense classifier, one 2C classifier (i.e., CNNs), and two parallel 1C classifiers (i.e., auto-encoders). In our experiments, we evaluated the robustness of our proposed architecture by considering eight possible adversarial attacks in various scenarios. We performed these attacks on the 2C and SPRITZ-1.5C architectures separately. The experimental results of our study showed that the Attack Success Rate (ASR) of the I-FGSM attack against a 2C classifier trained with the N-BaIoT dataset is 0.9900. In contrast, the ASR is 0.0000 for the SPRITZ-1.5C classifier.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

Will Serrano

DOI: https://doi.org/10.1016/j.future.2024.107543

IF: 7.307

2024-10-07

Future Generation Computer Systems

Abstract:The cyber ecosystem presents two interesting properties. Attackers and defenders are normally the same entity; a detailed knowledge of defensive strategies optimises an attack whereas a good defence, based on a layered structure also includes attacks. In addition, Artificial Intelligence (AI) provides new techniques and tools to both attackers and defenders such as Generative Adversarial Networks (GANs) based on Generators and Discriminators for impersonation or Deep Learning (DL) for exhaustive scanning. To address this dilemma, this article presents CyberAIBot: Artificial Intelligence in an Intrusion Detection System for CyberSecurity in the Internet of Things (IoT) aimed at Operational Technology (OT) and Information Technology (IT) network traffic. CyberAIBot is based on a Deep Learning management structure in a private or local edge cloud computing approach where AI makes decisions as close as possible to the source of data. CyberAIBot gradually detects, learns, and adapts to different cyber attacks. In detail, CyberAIBot uses Deep Learning (DL) technical clusters trained in specific attacks and a Deep Learning (DL) management cluster specialises in taking management decisions rather than technical evaluations. This management cluster supervises conflicting classifications from the deep learning technical clusters. CyberAIbot is trained against several datasets and its performance is evaluated between two classification algorithms, the Long Short-Term Memory (LSTM) networks and Support Vector Machines (SVMs). The SVM DL clusters learn faster (average 15x) although the LSTM DL clusters perform better (average 30%). The LSTM DL management cluster performs better than the SVM DL management cluster although it recognises fewer traffic types. The total number of data points analysed by CyberAIBot is 5.52E+08, equivalent to the distance between the planet Earth to the Moon in meters.

computer science, theory & methods

Qasem Abu Al-Haija,Ahmad Al-Badawi

DOI: https://doi.org/10.3390/s22010241

2021-12-29

Abstract:Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.

Tian Liu,Yunfei Song,Ming Hu,Jun Xia,Jianning Zhang,Mingsong Chen

DOI: https://doi.org/10.1142/s0218126621500250

2020-01-01

Journal of Circuits Systems and Computers

Abstract:Since Deep Neural Networks (DNNs) have been more and more widely used in safety-critical Intelligent System (IS) applications, the robustness of DNNs becomes a great concern in IS design. Due to the vulnerability of DNN models, adversarial examples generated by malicious attacks may result in disasters. Although there are plenty of defense methods for these adversarial attacks, existing methods can only resist special adversarial attacks. Meanwhile, the accuracy of existing methods degrades dramatically when they process nature examples. To address this problem, we propose an effective Cooperative Defensive Architecture (CDA) that can enhance the robustness of IS devices by integrating heterogeneous base classifiers. Because of the parallel mechanism in ensemble learning, the compressed heterogeneous base classifiers do not increase the prediction time on device. Comprehensive experimental results show that the modified DNNs by our approach cannot only resist adversarial examples more effectively than original model, but also achieve a high accuracy when they process nature examples.

Huiyao Dong,Igor Kotenko

DOI: https://doi.org/10.1016/j.future.2024.04.005

IF: 7.307

2024-04-22

Future Generation Computer Systems

Abstract:As a system allowing intra-network devices to automatically communicate over the Internet, the Internet of Things (IoT) faces increasing popularity in modern applications and security threats – particularly network intrusions that target both networks and devices. A major threat is network attacks that attempt to obtain unauthorised access and damage the networks or systems. To effectively safeguard against these attacks, it is essential to use efficient hybrid intrusion detection systems with advanced techniques. Deep learning-based algorithms, such as Autoencoders (AEs), have been recognised as efficient methods for intrusion detection. However, it is crucial to further analyse the impact of different structures on detection performance. This paper proposes a method combining AE for data reconstruction and anomaly detection and multi-task learning (MTL)-structured models for IoT traffic classification. Additionally, we suggest a hybrid resampling technique with the Synthetic Minority Over-Sampling Technique and Generative Adversarial Network (SMOTE-GAN) for enhanced training and conduct a comparative analysis of different neural networks with AEs. The experimental results on two publicly available datasets demonstrate the effectiveness and practicality of the proposed AE-MTL approach comparing with single-task learning. Additionally, while the performance varies on different datasets, Long Short-Term Memory (LSTM), Gated Recurrent Units (GRU) and Convolutional Neural Network (CNN) have improved the detection of minor classes.

computer science, theory & methods

Junpeng He,Lingfeng Yao,Xiong Li,Muhammad Khurram Khan,Weina Niu,Xiaosong Zhang,Fagen Li

DOI: https://doi.org/10.1007/s10489-024-05290-8

IF: 5.3

2024-02-27

Applied Intelligence

Abstract:Malicious traffic on the Internet has become an increasingly serious problem, and several artificial intelligence (AI)-based malicious traffic detection methods have been proposed. Generally, AI-based methods need numerous benign and specific types of malicious traffic training instances to achieve better detection results. However, for attacks with only a few instances, known as the few-shot attacks, these methods often perform poorly, and how to train a model for detecting few-shot attacks is a huge challenge. For this problem, we propose a novel intrusion detection system based on generative adversarial networks and model-agnostic meta-learning. The system adopts a hybrid detection mechanism where an anomaly-based classifier determines whether incoming traffic is malicious and a signature-based classifier identifies the class of malicious traffic. In the system, the samples of few-shot attacks are augmented by maximizing the use of meta-knowledge and then applied to assist the detection of few-shot attacks to obtain better detection results. The experiments show that for CSE-CIC-IDS2018 and Bot-IoT datasets, this system can detect malicious traffic with 94.3%/1.8% TPR/FPR and 99.8%/0.1% TPR/FPR, respectively, and also can identify the class of the few-shot attacks with 95.2% and 91.9% accuracy, respectively. Compared with other related methods, the system improves the accuracy of identifying few-shot attacks on these two datasets by at least 2.2% and 1.5%, respectively. Additionally, a parameter visualization process is designed, which shows the fast-adaptive property and better generalization capability of the system.

computer science, artificial intelligence