Ulya Sabeel;Shahram Shah Heydari;Khalil El-Khatib;Khalid Elgazzar
{"title":"Incremental Adversarial Learning for Polymorphic Attack Detection","authors":"Ulya Sabeel;Shahram Shah Heydari;Khalil El-Khatib;Khalid Elgazzar","doi":"10.1109/TMLCN.2024.3418756","DOIUrl":null,"url":null,"abstract":"AI-based Network Intrusion Detection Systems (NIDS) provide effective mechanisms for cybersecurity analysts to gain insights and thwart several network attacks. Although current IDS can identify known/typical attacks with high accuracy, current research shows that such systems perform poorly when facing atypical and dynamically changing (polymorphic) attacks. In this paper, we focus on improving detection capability of the IDS for atypical and polymorphic network attacks. Our system generates adversarial polymorphic attacks against the IDS to examine its performance and incrementally retrains it to strengthen its detection of new attacks, specifically for minority attack samples in the input data. The employed attack quality analysis ensures that the adversarial atypical/polymorphic attacks generated through our system resemble original network attacks. We showcase the high performance of the IDS that we have proposed by training it using the CICIDS2017 and CICIoT2023 benchmark datasets and evaluating its performance against several atypical/polymorphic attack flows. The results indicate that the proposed technique, through adaptive training, learns the pattern of dynamically changing atypical/polymorphic attacks, identifies such attacks with approximately 90% balanced accuracy for most of the cases, and surpasses various state-of-the-art detection and class balancing techniques.","PeriodicalId":100641,"journal":{"name":"IEEE Transactions on Machine Learning in Communications and Networking","volume":"2 ","pages":"869-887"},"PeriodicalIF":0.0000,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10570491","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Machine Learning in Communications and Networking","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10570491/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
AI-based Network Intrusion Detection Systems (NIDS) provide effective mechanisms for cybersecurity analysts to gain insights and thwart several network attacks. Although current IDS can identify known/typical attacks with high accuracy, current research shows that such systems perform poorly when facing atypical and dynamically changing (polymorphic) attacks. In this paper, we focus on improving detection capability of the IDS for atypical and polymorphic network attacks. Our system generates adversarial polymorphic attacks against the IDS to examine its performance and incrementally retrains it to strengthen its detection of new attacks, specifically for minority attack samples in the input data. The employed attack quality analysis ensures that the adversarial atypical/polymorphic attacks generated through our system resemble original network attacks. We showcase the high performance of the IDS that we have proposed by training it using the CICIDS2017 and CICIoT2023 benchmark datasets and evaluating its performance against several atypical/polymorphic attack flows. The results indicate that the proposed technique, through adaptive training, learns the pattern of dynamically changing atypical/polymorphic attacks, identifies such attacks with approximately 90% balanced accuracy for most of the cases, and surpasses various state-of-the-art detection and class balancing techniques.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
