ASAP: Automatic Synthesis of Attack Prototypes, an online-learning, end-to-end approach

IF 4.4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Computer Networks Pub Date : 2024-09-26 DOI:10.1016/j.comnet.2024.110828
Jesús F. Cevallos M., Alessandra Rizzardi , Sabrina Sicari , Alberto Coen-Porisini
{"title":"ASAP: Automatic Synthesis of Attack Prototypes, an online-learning, end-to-end approach","authors":"Jesús F. Cevallos M.,&nbsp;Alessandra Rizzardi ,&nbsp;Sabrina Sicari ,&nbsp;Alberto Coen-Porisini","doi":"10.1016/j.comnet.2024.110828","DOIUrl":null,"url":null,"abstract":"<div><div>Zero-day attack detection and categorization is an open-research field where four main context factors need to be taken into account: novel or zero-day attacks (i) are unlabeled by definition, (ii) may correspond to out-of-distribution data, (iii) can arise concurrently, and (iv) distribution shifts in the feature space need online-learning. Given such constraints, the online detection and categorization of new cyber threats can be modeled as a heterogeneous collective anomaly detection problem, for which no online-learning solutions exist purely based on back-propagation. To this respect, this paper presents an online-learning, end-to-end back-propagation strategy for Automatically Synthesizing the potential signatures or Attack Prototypes of novel cyber threats (<span>asap</span>). The presented framework incorporates automatic feature engineering, operating over raw data from the OpenFlow monitoring API and raw bytes of traffic captures. In <span>asap</span>, specialized inductive biases enhance the training data efficiency and accommodate the inference machinery to resource-constrained scenarios such as the Internet of Things. Finally, the validity of this framework is demonstrated in a live training experiment comprising IoT traffic emulation <span><span><sup>3</sup></span></span>.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006601","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Zero-day attack detection and categorization is an open-research field where four main context factors need to be taken into account: novel or zero-day attacks (i) are unlabeled by definition, (ii) may correspond to out-of-distribution data, (iii) can arise concurrently, and (iv) distribution shifts in the feature space need online-learning. Given such constraints, the online detection and categorization of new cyber threats can be modeled as a heterogeneous collective anomaly detection problem, for which no online-learning solutions exist purely based on back-propagation. To this respect, this paper presents an online-learning, end-to-end back-propagation strategy for Automatically Synthesizing the potential signatures or Attack Prototypes of novel cyber threats (asap). The presented framework incorporates automatic feature engineering, operating over raw data from the OpenFlow monitoring API and raw bytes of traffic captures. In asap, specialized inductive biases enhance the training data efficiency and accommodate the inference machinery to resource-constrained scenarios such as the Internet of Things. Finally, the validity of this framework is demonstrated in a live training experiment comprising IoT traffic emulation 3.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
ASAP:自动合成攻击原型,一种在线学习的端到端方法
零日攻击检测和分类是一个开放研究领域,需要考虑四个主要背景因素:新攻击或零日攻击(i)根据定义是无标记的,(ii)可能对应于分布外数据,(iii)可能同时出现,(iv)特征空间的分布变化需要在线学习。鉴于这些限制,新网络威胁的在线检测和分类可被建模为一个异构集体异常检测问题,目前还不存在纯粹基于反向传播的在线学习解决方案。为此,本文提出了一种在线学习、端到端反向传播策略,用于自动合成新型网络威胁的潜在签名或攻击原型(asap)。所提出的框架包含自动特征工程,可在 OpenFlow 监控 API 的原始数据和原始字节流量捕获上运行。在 Asap 中,专门的归纳偏差提高了训练数据的效率,并使推理机制适应物联网等资源受限的场景。最后,该框架的有效性在一个包括物联网流量模拟 3 的实时训练实验中得到了验证。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
期刊最新文献
GWPF: Communication-efficient federated learning with Gradient-Wise Parameter Freezing Slice admission control in 5G wireless communication with multi-dimensional state space and distributed action space: A sequential twin actor-critic approach Quantitative analysis of segmented satellite network architectures: A maritime surveillance case study Machine learning-driven integration of terrestrial and non-terrestrial networks for enhanced 6G connectivity Evaluating integration methods of a quantum random number generator in OpenSSL for TLS
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1