Beny Nugraha, Krishna Yadav, Parag Patil, T. Bauschert
{"title":"通过持续学习提高对未知DDoS攻击的检测能力","authors":"Beny Nugraha, Krishna Yadav, Parag Patil, T. Bauschert","doi":"10.1109/CSR57506.2023.10224989","DOIUrl":null,"url":null,"abstract":"Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS) are popular with network security researchers due to their good detection capability and low false alarm rate especially concerning Distributed Denial of Service (DDoS) attacks. However, as the attack pattern usually changes over time, the performance of an IDS that was trained with original data degrades. Moreover, as the changing attack pattern and the emergence of unknown DDoS attacks create more unknown or unlabeled data, a supervised learning approach is not suitable. To mitigate this effect, we propose a robust continual learning method which consists of a semi-supervised approach for pseudo-labeling the unknown data and a sliding window-based retraining scheme. The proposed method is evaluated by using the custom CIC-IDS 2017 dataset, which contains both slow DDoS and flooding DDoS attacks. Three classifiers are considered, namely K-Nearest Neighbors (KNN), XGBoost, and Multilayer Perceptron (MLP). Our evaluation shows that our method is able to improve the detection performance which verifies the quality of the generated pseudo labels.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improving the Detection of Unknown DDoS Attacks through Continual Learning\",\"authors\":\"Beny Nugraha, Krishna Yadav, Parag Patil, T. Bauschert\",\"doi\":\"10.1109/CSR57506.2023.10224989\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS) are popular with network security researchers due to their good detection capability and low false alarm rate especially concerning Distributed Denial of Service (DDoS) attacks. However, as the attack pattern usually changes over time, the performance of an IDS that was trained with original data degrades. Moreover, as the changing attack pattern and the emergence of unknown DDoS attacks create more unknown or unlabeled data, a supervised learning approach is not suitable. To mitigate this effect, we propose a robust continual learning method which consists of a semi-supervised approach for pseudo-labeling the unknown data and a sliding window-based retraining scheme. The proposed method is evaluated by using the custom CIC-IDS 2017 dataset, which contains both slow DDoS and flooding DDoS attacks. Three classifiers are considered, namely K-Nearest Neighbors (KNN), XGBoost, and Multilayer Perceptron (MLP). Our evaluation shows that our method is able to improve the detection performance which verifies the quality of the generated pseudo labels.\",\"PeriodicalId\":354918,\"journal\":{\"name\":\"2023 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSR57506.2023.10224989\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSR57506.2023.10224989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving the Detection of Unknown DDoS Attacks through Continual Learning
Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS) are popular with network security researchers due to their good detection capability and low false alarm rate especially concerning Distributed Denial of Service (DDoS) attacks. However, as the attack pattern usually changes over time, the performance of an IDS that was trained with original data degrades. Moreover, as the changing attack pattern and the emergence of unknown DDoS attacks create more unknown or unlabeled data, a supervised learning approach is not suitable. To mitigate this effect, we propose a robust continual learning method which consists of a semi-supervised approach for pseudo-labeling the unknown data and a sliding window-based retraining scheme. The proposed method is evaluated by using the custom CIC-IDS 2017 dataset, which contains both slow DDoS and flooding DDoS attacks. Three classifiers are considered, namely K-Nearest Neighbors (KNN), XGBoost, and Multilayer Perceptron (MLP). Our evaluation shows that our method is able to improve the detection performance which verifies the quality of the generated pseudo labels.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
