A Survey of Unsupervised Learning Algorithms for Zero-Day Attacks in Intrusion Detection Systems

The International FLAIRS Conference Proceedings Pub Date : 2023-05-08 DOI:10.32473/flairs.36.133182

Sunkanmi Oluwadare, Zag ElSayed

{"title":"A Survey of Unsupervised Learning Algorithms for Zero-Day Attacks in Intrusion Detection Systems","authors":"Sunkanmi Oluwadare, Zag ElSayed","doi":"10.32473/flairs.36.133182","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) are systems that are used to monitor networks for malicious events, abnormal activities, and policy violations. They are systems that are capable of detecting and classifying network attacks based on behaviors or signatures of previously known attacks based on markers. However, since network attacks are constantly evolving and it is almost impossible to infuse all possible combinations and signatures of the attacks, the effectiveness of Machine Learning based IDS is often challenged and called into play as a result of novel attacks generated, known as Zero-day attacks. This has facilitated the need to have intelligent-based IDS that could detect anomalies without relying on a detailed signature repository. In this paper, we present a literature-based survey of popular deep learning algorithms and evaluated their capabilities, strengths, limitations, and resource requirements for detecting anomalies and Zero-Day attacks. Based on our evaluation, we propose Long Short-Term (LSTM) networks and Autoencoder networks as the best algorithms for further analysis in intrusion detection.","PeriodicalId":302103,"journal":{"name":"The International FLAIRS Conference Proceedings","volume":"07 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International FLAIRS Conference Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32473/flairs.36.133182","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Intrusion detection systems (IDS) are systems that are used to monitor networks for malicious events, abnormal activities, and policy violations. They are systems that are capable of detecting and classifying network attacks based on behaviors or signatures of previously known attacks based on markers. However, since network attacks are constantly evolving and it is almost impossible to infuse all possible combinations and signatures of the attacks, the effectiveness of Machine Learning based IDS is often challenged and called into play as a result of novel attacks generated, known as Zero-day attacks. This has facilitated the need to have intelligent-based IDS that could detect anomalies without relying on a detailed signature repository. In this paper, we present a literature-based survey of popular deep learning algorithms and evaluated their capabilities, strengths, limitations, and resource requirements for detecting anomalies and Zero-Day attacks. Based on our evaluation, we propose Long Short-Term (LSTM) networks and Autoencoder networks as the best algorithms for further analysis in intrusion detection.

查看原文本刊更多论文

入侵检测系统中零日攻击的无监督学习算法研究

入侵检测系统(IDS)是用于监视网络中的恶意事件、异常活动和策略违反的系统。它们是能够根据基于标记的先前已知攻击的行为或签名来检测和分类网络攻击的系统。然而，由于网络攻击不断发展，几乎不可能注入攻击的所有可能组合和签名，因此基于机器学习的IDS的有效性经常受到挑战，并由于产生新的攻击(称为零日攻击)而发挥作用。这促进了对基于智能的IDS的需求，这种IDS可以检测异常，而不依赖于详细的签名存储库。在本文中，我们对流行的深度学习算法进行了基于文献的调查，并评估了它们在检测异常和零日攻击方面的能力、优势、局限性和资源需求。基于我们的评估，我们提出了长短期(LSTM)网络和自动编码器网络作为入侵检测中进一步分析的最佳算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The International FLAIRS Conference Proceedings

自引率

0.00%

发文量