{"title":"Towards Autonomous Cybersecurity: An Intelligent AutoML Framework for Autonomous Intrusion Detection","authors":"Li Yang, Abdallah Shami","doi":"arxiv-2409.03141","DOIUrl":null,"url":null,"abstract":"The rapid evolution of mobile networks from 5G to 6G has necessitated the\ndevelopment of autonomous network management systems, such as Zero-Touch\nNetworks (ZTNs). However, the increased complexity and automation of these\nnetworks have also escalated cybersecurity risks. Existing Intrusion Detection\nSystems (IDSs) leveraging traditional Machine Learning (ML) techniques have\nshown effectiveness in mitigating these risks, but they often require extensive\nmanual effort and expert knowledge. To address these challenges, this paper\nproposes an Automated Machine Learning (AutoML)-based autonomous IDS framework\ntowards achieving autonomous cybersecurity for next-generation networks. To\nachieve autonomous intrusion detection, the proposed AutoML framework automates\nall critical procedures of the data analytics pipeline, including data\npre-processing, feature engineering, model selection, hyperparameter tuning,\nand model ensemble. Specifically, it utilizes a Tabular Variational\nAuto-Encoder (TVAE) method for automated data balancing, tree-based ML models\nfor automated feature selection and base model learning, Bayesian Optimization\n(BO) for hyperparameter optimization, and a novel Optimized Confidence-based\nStacking Ensemble (OCSE) method for automated model ensemble. The proposed\nAutoML-based IDS was evaluated on two public benchmark network security\ndatasets, CICIDS2017 and 5G-NIDD, and demonstrated improved performance\ncompared to state-of-the-art cybersecurity methods. This research marks a\nsignificant step towards fully autonomous cybersecurity in next-generation\nnetworks, potentially revolutionizing network security applications.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"67 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Networking and Internet Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.03141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The rapid evolution of mobile networks from 5G to 6G has necessitated the
development of autonomous network management systems, such as Zero-Touch
Networks (ZTNs). However, the increased complexity and automation of these
networks have also escalated cybersecurity risks. Existing Intrusion Detection
Systems (IDSs) leveraging traditional Machine Learning (ML) techniques have
shown effectiveness in mitigating these risks, but they often require extensive
manual effort and expert knowledge. To address these challenges, this paper
proposes an Automated Machine Learning (AutoML)-based autonomous IDS framework
towards achieving autonomous cybersecurity for next-generation networks. To
achieve autonomous intrusion detection, the proposed AutoML framework automates
all critical procedures of the data analytics pipeline, including data
pre-processing, feature engineering, model selection, hyperparameter tuning,
and model ensemble. Specifically, it utilizes a Tabular Variational
Auto-Encoder (TVAE) method for automated data balancing, tree-based ML models
for automated feature selection and base model learning, Bayesian Optimization
(BO) for hyperparameter optimization, and a novel Optimized Confidence-based
Stacking Ensemble (OCSE) method for automated model ensemble. The proposed
AutoML-based IDS was evaluated on two public benchmark network security
datasets, CICIDS2017 and 5G-NIDD, and demonstrated improved performance
compared to state-of-the-art cybersecurity methods. This research marks a
significant step towards fully autonomous cybersecurity in next-generation
networks, potentially revolutionizing network security applications.