Towards Autonomous Cybersecurity: An Intelligent AutoML Framework for Autonomous Intrusion Detection

Li Yang, Abdallah Shami
{"title":"Towards Autonomous Cybersecurity: An Intelligent AutoML Framework for Autonomous Intrusion Detection","authors":"Li Yang, Abdallah Shami","doi":"arxiv-2409.03141","DOIUrl":null,"url":null,"abstract":"The rapid evolution of mobile networks from 5G to 6G has necessitated the\ndevelopment of autonomous network management systems, such as Zero-Touch\nNetworks (ZTNs). However, the increased complexity and automation of these\nnetworks have also escalated cybersecurity risks. Existing Intrusion Detection\nSystems (IDSs) leveraging traditional Machine Learning (ML) techniques have\nshown effectiveness in mitigating these risks, but they often require extensive\nmanual effort and expert knowledge. To address these challenges, this paper\nproposes an Automated Machine Learning (AutoML)-based autonomous IDS framework\ntowards achieving autonomous cybersecurity for next-generation networks. To\nachieve autonomous intrusion detection, the proposed AutoML framework automates\nall critical procedures of the data analytics pipeline, including data\npre-processing, feature engineering, model selection, hyperparameter tuning,\nand model ensemble. Specifically, it utilizes a Tabular Variational\nAuto-Encoder (TVAE) method for automated data balancing, tree-based ML models\nfor automated feature selection and base model learning, Bayesian Optimization\n(BO) for hyperparameter optimization, and a novel Optimized Confidence-based\nStacking Ensemble (OCSE) method for automated model ensemble. The proposed\nAutoML-based IDS was evaluated on two public benchmark network security\ndatasets, CICIDS2017 and 5G-NIDD, and demonstrated improved performance\ncompared to state-of-the-art cybersecurity methods. This research marks a\nsignificant step towards fully autonomous cybersecurity in next-generation\nnetworks, potentially revolutionizing network security applications.","PeriodicalId":501280,"journal":{"name":"arXiv - CS - Networking and Internet Architecture","volume":"67 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Networking and Internet Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.03141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The rapid evolution of mobile networks from 5G to 6G has necessitated the development of autonomous network management systems, such as Zero-Touch Networks (ZTNs). However, the increased complexity and automation of these networks have also escalated cybersecurity risks. Existing Intrusion Detection Systems (IDSs) leveraging traditional Machine Learning (ML) techniques have shown effectiveness in mitigating these risks, but they often require extensive manual effort and expert knowledge. To address these challenges, this paper proposes an Automated Machine Learning (AutoML)-based autonomous IDS framework towards achieving autonomous cybersecurity for next-generation networks. To achieve autonomous intrusion detection, the proposed AutoML framework automates all critical procedures of the data analytics pipeline, including data pre-processing, feature engineering, model selection, hyperparameter tuning, and model ensemble. Specifically, it utilizes a Tabular Variational Auto-Encoder (TVAE) method for automated data balancing, tree-based ML models for automated feature selection and base model learning, Bayesian Optimization (BO) for hyperparameter optimization, and a novel Optimized Confidence-based Stacking Ensemble (OCSE) method for automated model ensemble. The proposed AutoML-based IDS was evaluated on two public benchmark network security datasets, CICIDS2017 and 5G-NIDD, and demonstrated improved performance compared to state-of-the-art cybersecurity methods. This research marks a significant step towards fully autonomous cybersecurity in next-generation networks, potentially revolutionizing network security applications.
迈向自主网络安全:用于自主入侵检测的智能 AutoML 框架
随着移动网络从 5G 向 6G 的快速演进,有必要开发自主网络管理系统,如零接触网络(ZTN)。然而,网络复杂性和自动化程度的提高也加剧了网络安全风险。利用传统机器学习(ML)技术的现有入侵检测系统(IDS)在降低这些风险方面显示出了有效性,但它们通常需要大量的人工操作和专家知识。为了应对这些挑战,本文提出了一种基于自动机器学习(AutoML)的自主 IDS 框架,以实现下一代网络的自主网络安全。为了实现自主入侵检测,本文提出的 AutoML 框架将数据分析管道的所有关键程序自动化,包括数据预处理、特征工程、模型选择、超参数调整和模型集合。具体来说,该框架利用表格变异自动编码器(TVAE)方法实现自动数据平衡,利用基于树的 ML 模型实现自动特征选择和基础模型学习,利用贝叶斯优化(BO)方法实现超参数优化,利用新颖的基于置信度的优化堆叠集合(OCSE)方法实现自动模型集合。在两个公共基准网络安全数据集(CICIDS2017 和 5G-NIDD)上对所提出的基于 AutoML 的 IDS 进行了评估,结果表明与最先进的网络安全方法相比,IDS 的性能有所提高。这项研究标志着在下一代网络中实现完全自主的网络安全迈出了重要一步,有可能彻底改变网络安全应用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信