Towards Fine-Grained Unknown Class Detection Against the Open-Set Attack Spectrum With Variable Legitimate Traffic

被引：0

作者：

Zhao, Ziming ^{[1
]}

Li, Zhaoxuan ^{[2
,3
]}

Xie, Xiaofei ^{[4
]}

Yu, Jiongchi ^{[4
]}

Zhang, Fan ^{[1
,5
]}

Zhang, Rui ^{[2
,3
]}

Chen, Binbin ^{[6
,7
]}

Luo, Xiangyang ^{[8
]}

Hu, Ming ^{[9
]}

Ma, Wenrui ^{[10
]}

机构：

[1] Zhejiang Univ, Coll Comp Sci & Technol, Hangzhou 310027, Peoples R China

[2] Chinese Acad Sci, Inst Informat Engn, State Key Lab Informat Secur, Beijing 100093, Peoples R China

[3] UCAS, Sch Cyber Secur, Beijing 100049, Peoples R China

[4] Singapore Management Univ, Sch Comp & Informat Syst, Singapore 188065, Singapore

[5] Zhengzhou Xinda Inst Adv Technol, Zhengzhou 450000, Peoples R China

[6] Adv Digital Sci Ctr, Singapore 138632, Singapore

[7] Singapore Univ Technol & Design, Informat Syst Technol & Design ISTD Pillar, Singapore 487372, Singapore

[8] Henan Prov Key Lab Cyberspace Situat Awareness, Zhengzhou 450001, Peoples R China

[9] Nanyang Technol Univ, Sch Comp Sci & Engn, Singapore 639798, Singapore

[10] Zhejiang Gongshang Univ, Sch Comp Sci & Technol, Hangzhou 310018, Peoples R China

来源：

IEEE-ACM TRANSACTIONS ON NETWORKING | 2024年 / 32卷 / 05期

基金：

中国国家自然科学基金; 新加坡国家研究基金会;

关键词：

Adaptation models; Computer crime; Servers; Electronic mail; Computer science; Training; Proposals; Intrusion detection system; fine-grained unknown class detection; isolation forest; NETWORK; CLASSIFICATION;

D O I：

10.1109/TNET.2024.3413789

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Anomaly-based network intrusion detection systems (NIDSs) are essential for ensuring cybersecurity. However, the security communities realize some limitations when they put most existing proposals into practice. The challenges are mainly concerned with fine-grained unknown attack detection and ever-changing legitimate traffic adaptation. To tackle these problem, we present three key design norms. The core idea is to construct a model to split the data distribution hyperplane and leverage the concept of isolation, as well as advance the incremental model update. We utilize the isolation tree as the backbone to design our model, named, to echo back three norms. By analyzing the popular dataset of network intrusion traces, we show that significantly outperforms the state-of-the-art methods. Further, we perform an initial deployment of by working with the Internet Service Provider (ISP) to detect distributed denial of service (DDoS) attacks. With real-world tests and manual analysis, we demonstrate the effectiveness of to identify previously-unseen attacks in a fine-grained manner.

引用

页码：3945 / 3960

页数：16

共 50 条

[1] Alrawi O, 2021, PROCEEDINGS OF THE 30TH USENIX SECURITY SYMPOSIUM, P3505
[2] Aryal Sunil, 2014, Advances in Knowledge Discovery and Data Mining. 18th Pacific-Asia Conference, PAKDD 2014. Proceedings: LNCS 8444, P510, DOI 10.1007/978-3-319-06605-9_42
[3] Barbero F, 2022, P IEEE S SECUR PRIV, P805, DOI [10.1109/SP46214.2022.00068, 10.1109/SP46214.2022.9833659]
[4] FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications
Barradas, Diogo
Santos, Nuno
Rodrigues, Luis
Signorello, Salvatore
Ramos, Fernando M., V
Madeira, Andre
[J]. 28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021), 2021,
[5] Canadian Institute for Cybersecurity, 2018, Intrusion Detection System (IDS) 2018 Dataset
[6] Towards Making Systems Forget with Machine Unlearning
Cao, Yinzhi
Yang, Junfeng
[J]. 2015 IEEE SYMPOSIUM ON SECURITY AND PRIVACY SP 2015, 2015, : 463 - 480
[7] Draper-Gil Gerard, 2016, ICISSP 2016. 2nd International Conference on Information Systems Security and Privacy. Proceedings, P407
[8] Lifelong Anomaly Detection Through Unlearning
Du, Min
Chen, Zhi
Liu, Chang
Oak, Rajvardhan
Song, Dawn
[J]. PROCEEDINGS OF THE 2019 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'19), 2019, : 1283 - 1297
[9] Ester M., 1996, P 2 INT C KNOWL DISC, P226, DOI DOI 10.5555/3001460.3001507
[10] FireEye, 2020, M TRENDS REPORTS INS

← 1 2 3 4 5 →