Knowledge-Driven Rapid Adaptation to New Attacks

IF 7 1区计算机科学 Q1 TELECOMMUNICATIONS IEEE Transactions on Cognitive Communications and Networking Pub Date : 2024-09-19 DOI:10.1109/TCCN.2024.3464489

Weilin Wang;Huachun Zhou;Jingfu Yan;Xiaojing Fan

{"title":"Knowledge-Driven Rapid Adaptation to New Attacks","authors":"Weilin Wang;Huachun Zhou;Jingfu Yan;Xiaojing Fan","doi":"10.1109/TCCN.2024.3464489","DOIUrl":null,"url":null,"abstract":"Networks are expected to provide ubiquitous services, introducing new and unknown attack threats. Neural Network (NN) based attack detection methods hold promise, but their practical application faces challenges of adaptability, data intensity, and privacy concerns. To overcome these obstacles, we propose a knowledge-driven approach for rapid adaptation to new attacks. First, we establish a privacy-preserving process for sharing and updating Attack Detection Knowledge (ADK), encompassing known attack detection functions and predicted class probability samples. We formulate the problem of rapid adaptation to new attacks driven by this knowledge. Next, we design the Knowledge-Driven Rapid Adaptation (KDRA) method by combining ensemble learning and meta-learning. The Base Model Selection with the Probability Difference Ranking (BMSPDR) algorithm is proposed to simplify the ensemble. Base models and predicted class probability components are extracted to generate learning tasks. To enhance detection performance, we introduce fine-tuning for the meta-model of the prototypical network on the target learning task. Finally, we construct an ADK base using public and self-generated datasets. Experimental results demonstrate that KDRA outperforms baselines in detecting new attacks not in the knowledge base and with varying detection difficulty. Comparative analysis reveals that KDRA significantly enhances detection performance and reduces adaptation time through ADK driving.","PeriodicalId":13069,"journal":{"name":"IEEE Transactions on Cognitive Communications and Networking","volume":"11 3","pages":"1996-2012"},"PeriodicalIF":7.0000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cognitive Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10684262/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Networks are expected to provide ubiquitous services, introducing new and unknown attack threats. Neural Network (NN) based attack detection methods hold promise, but their practical application faces challenges of adaptability, data intensity, and privacy concerns. To overcome these obstacles, we propose a knowledge-driven approach for rapid adaptation to new attacks. First, we establish a privacy-preserving process for sharing and updating Attack Detection Knowledge (ADK), encompassing known attack detection functions and predicted class probability samples. We formulate the problem of rapid adaptation to new attacks driven by this knowledge. Next, we design the Knowledge-Driven Rapid Adaptation (KDRA) method by combining ensemble learning and meta-learning. The Base Model Selection with the Probability Difference Ranking (BMSPDR) algorithm is proposed to simplify the ensemble. Base models and predicted class probability components are extracted to generate learning tasks. To enhance detection performance, we introduce fine-tuning for the meta-model of the prototypical network on the target learning task. Finally, we construct an ADK base using public and self-generated datasets. Experimental results demonstrate that KDRA outperforms baselines in detecting new attacks not in the knowledge base and with varying detection difficulty. Comparative analysis reveals that KDRA significantly enhances detection performance and reduces adaptation time through ADK driving.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

知识驱动快速适应新攻击

预计网络将提供无处不在的服务，从而引入新的未知攻击威胁。基于神经网络（NN）的攻击检测方法前景光明，但其实际应用面临适应性、数据强度和隐私问题的挑战。为了克服这些障碍，我们提出了一种知识驱动的方法来快速适应新的攻击。首先，我们建立了一个隐私保护过程，用于共享和更新攻击检测知识（ADK），包括已知的攻击检测函数和预测的类概率样本。我们提出了由这些知识驱动的快速适应新攻击的问题。接下来，我们将集成学习和元学习相结合，设计了知识驱动快速适应方法。提出了基于概率差排序的基模型选择算法（BMSPDR）来简化集成。提取基本模型和预测类概率分量来生成学习任务。为了提高检测性能，我们在目标学习任务上引入了对原型网络元模型的微调。最后，我们使用公共和自生成的数据集构建了一个ADK库。实验结果表明，在不同检测难度的情况下，KDRA在检测知识库之外的新攻击方面优于基线。对比分析表明，KDRA通过ADK驱动显著提高了检测性能，缩短了自适应时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Cognitive Communications and Networking Computer Science-Artificial Intelligence

CiteScore

15.50

自引率

7.00%

发文量

108

期刊介绍： The IEEE Transactions on Cognitive Communications and Networking (TCCN) aims to publish high-quality manuscripts that push the boundaries of cognitive communications and networking research. Cognitive, in this context, refers to the application of perception, learning, reasoning, memory, and adaptive approaches in communication system design. The transactions welcome submissions that explore various aspects of cognitive communications and networks, focusing on innovative and holistic approaches to complex system design. Key topics covered include architecture, protocols, cross-layer design, and cognition cycle design for cognitive networks. Additionally, research on machine learning, artificial intelligence, end-to-end and distributed intelligence, software-defined networking, cognitive radios, spectrum sharing, and security and privacy issues in cognitive networks are of interest. The publication also encourages papers addressing novel services and applications enabled by these cognitive concepts.