Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Dual-Tier Adaptive One-Class Classification IDS for Emerging Cyberthreats (2403.13010v1)

Published 17 Mar 2024 in cs.CR and cs.LG

Abstract: In today's digital age, our dependence on IoT (Internet of Things) and IIoT (Industrial IoT) systems has grown immensely, which facilitates sensitive activities such as banking transactions and personal, enterprise data, and legal document exchanges. Cyberattackers consistently exploit weak security measures and tools. The Network Intrusion Detection System (IDS) acts as a primary tool against such cyber threats. However, machine learning-based IDSs, when trained on specific attack patterns, often misclassify new emerging cyberattacks. Further, the limited availability of attack instances for training a supervised learner and the ever-evolving nature of cyber threats further complicate the matter. This emphasizes the need for an adaptable IDS framework capable of recognizing and learning from unfamiliar/unseen attacks over time. In this research, we propose a one-class classification-driven IDS system structured on two tiers. The first tier distinguishes between normal activities and attacks/threats, while the second tier determines if the detected attack is known or unknown. Within this second tier, we also embed a multi-classification mechanism coupled with a clustering algorithm. This model not only identifies unseen attacks but also uses them for retraining them by clustering unseen attacks. This enables our model to be future-proofed, capable of evolving with emerging threat patterns. Leveraging one-class classifiers (OCC) at the first level, our approach bypasses the need for attack samples, addressing data imbalance and zero-day attack concerns and OCC at the second level can effectively separate unknown attacks from the known attacks. Our methodology and evaluations indicate that the presented framework exhibits promising potential for real-world deployments.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. X-iiotid: A connectivity-agnostic and device-agnostic intrusion data set for industrial internet of things. IEEE Internet of Things Journal, 9(5):3962–3977.
  2. Real-time multi-agent system for an adaptive intrusion detection system. Pattern Recognition Letters, 85:56–64.
  3. Unknown security attack detection using shallow and deep ann classifiers. Electronics, 9(12):2006.
  4. Comparative evaluation of ai-based techniques for zero-day attacks detection. Electronics, 11(23):3934.
  5. An efficient ids for slow rate http/2.0 dos attacks using one class classification. In 2023 IEEE 8th International Conference for Convergence in Technology (I2CT), pages 1–9. IEEE.
  6. usfad: a robust anomaly detector based on unsupervised stochastic forest. International Journal of Machine Learning and Cybernetics, 12:1137–1150.
  7. Iotds: A one-class classification approach to detect botnets in internet of things devices. Sensors, 19(14):3188.
  8. Before we knew it: an empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 833–844.
  9. Detecting obfuscated malware using memory feature engineering. In ICISSP, pages 177–188.
  10. A distributed framework for supporting adaptive ensemble-based intrusion detection. In 2015 IEEE International Conference on Big Data (Big Data), pages 1910–1916. IEEE.
  11. Design and testing novel one-class classifier based on polynomial interpolation with application to networking security. IEEE Access, 10:67910–67924.
  12. Divided two-part adaptive intrusion detection system. Wireless networks, 19:301–321.
  13. A density-based algorithm for discovering clusters in large spatial databases with noise. In kdd, volume 96, pages 226–231.
  14. Applying one-class classification techniques to ip flow records for intrusion detection. Baltic Journal of Modern Computing, 5(1):70–86.
  15. Ensemble based collaborative and distributed intrusion detection systems: A survey. Journal of Network and Computer Applications, 66:1–16.
  16. An adaptive ensemble machine learning model for intrusion detection. Ieee Access, 7:82512–82521.
  17. An iot intrusion detection system based on ton iot network dataset. In 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC), pages 0333–0338. IEEE.
  18. Utilising deep learning techniques for effective zero-day attack detection. Electronics, 9(10):1684.
  19. Adaptive intrusion detection with data mining. In SMC’03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme-System Security and Assurance (Cat. No. 03CH37483), volume 4, pages 3097–3103. IEEE.
  20. False alarm minimization techniques in signature-based intrusion detection systems: A survey. Computer Communications, 49:1–17.
  21. Detecting http-based application layer dos attacks on web servers in the presence of sampling. Computer Networks, 121:25–36.
  22. Carrads: Cross layer based adaptive real-time routing attack detection system for manets. Computer Networks, 54(7):1126–1141.
  23. Vibration and buckling analysis of partially cracked thin orthotropic rectangular plates in thermal environment. Thin-Walled Structures, 109:143–158.
  24. Detecting malicious urls using lexical analysis. In Network and System Security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, Proceedings 10, pages 467–482. Springer.
  25. A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Applied Soft Computing, 92:106301.
  26. Moustafa, N. (2021). A new distributed architecture for evaluating ai-based security systems at the edge: Network ton_iot datasets. Sustainable Cities and Society, 72:102994.
  27. A cloud based optimization method for zero-day threats detection using genetic algorithm and ensemble learning. Electronics, 11(11):1749.
  28. Clustering by fast search and find of density peaks. science, 344(6191):1492–1496.
  29. Adaptive and online network intrusion detection system using clustering and extreme learning machines. Journal of the Franklin Institute, 355(4):1752–1779.
  30. Robust adaptive cloud intrusion detection system using advanced deep reinforcement learning. In Security, Privacy, and Applied Cryptography Engineering: 10th International Conference, SPACE 2020, Kolkata, India, December 17–21, 2020, Proceedings 10, pages 66–85. Springer.
  31. Shane (2023). Density peak clustering.
  32. A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications, 46:164–172.
  33. An adaptable deep learning-based intrusion detection system to zero-day attacks. Journal of Information Security and Applications, 76:103516.
  34. Bat: Deep learning methods on network intrusion detection using nsl-kdd dataset. IEEE Access, 8:29575–29585.
  35. A dependable hybrid machine learning model for network intrusion detection. Journal of Information Security and Applications, 72:103405.
  36. Securing transactions: A hybrid dependable ensemble machine learning model using iht-lr and grid search. arXiv preprint arXiv:2402.14389.
  37. Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction. Journal of Big Data, 11(1):1–44.
  38. Mlstl-wsn: Machine learning-based intrusion detection using smotetomek in wsns. arXiv preprint arXiv:2402.13277.
  39. Social media zero-day attack detection using tensorflow. Electronics, 12(17):3554.
  40. Improving sensor network immunity under worm attacks: A software diversity approach. Ad Hoc Networks, 47:26–40.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets