Intelligent penetration testing (PT) becomes a hotspot. However, the existing intelligent PT environment is static and determined, which does not fully consider the impact of dynamic defense. To improve the fidelity of the existing simulation environment, in this paper, we conduct intelligent PT in a dynamic defense environment based on reinforcement learning (RL). First, the simulation details of intelligent PT in a dynamic defense environment are introduced. Second, we incorporate dynamic defense to the nodes of the network topology. Then we evaluate our proposed method by using the Chain scenario of CyberbattleSim with and without dynamic defense. We also conduct the environment in a larger-scale network scenario. And we analyze the efficiency of different parameters of the RL algorithm. The experimental results show that the average cumulative rewards have decreased obviously in a dynamic defense environment. As the number of nodes increases, it becomes more difficult for an agent to converge in this case. Additionally, it's recommended that an agent adopts a compromise of exploration and exploitation when observing a dynamic environment.
{"title":"Intelligent Penetration Testing in Dynamic Defense Environment","authors":"Qian Yao, Yongjie Wang, Xinli Xiong, Yang Li","doi":"10.1145/3584714.3584716","DOIUrl":"https://doi.org/10.1145/3584714.3584716","url":null,"abstract":"Intelligent penetration testing (PT) becomes a hotspot. However, the existing intelligent PT environment is static and determined, which does not fully consider the impact of dynamic defense. To improve the fidelity of the existing simulation environment, in this paper, we conduct intelligent PT in a dynamic defense environment based on reinforcement learning (RL). First, the simulation details of intelligent PT in a dynamic defense environment are introduced. Second, we incorporate dynamic defense to the nodes of the network topology. Then we evaluate our proposed method by using the Chain scenario of CyberbattleSim with and without dynamic defense. We also conduct the environment in a larger-scale network scenario. And we analyze the efficiency of different parameters of the RL algorithm. The experimental results show that the average cumulative rewards have decreased obviously in a dynamic defense environment. As the number of nodes increases, it becomes more difficult for an agent to converge in this case. Additionally, it's recommended that an agent adopts a compromise of exploration and exploitation when observing a dynamic environment.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126956751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the continuous development of deep learning, deep neural networks are gradually applied to traffic classification problems. However, the large network structure and parameter number of deep neural networks hinder the application on edge computing devices. Reducing network scale helps relieve computational pressure, this paper proposes a lightweight traffic classification model to provide reliable accuracy and reduce the consumption of computing resources. In this work, we design an F1DCN network, which takes full advantage of the convolution layer parameters and the convolution kernel field of view. The lightweight approach effectively improves the classification performance and saves massive parameters. The model pruning method is applied to find the optimal structure of the network. Experiments on two public datasets show that the proposed model reduce more than 80 % parameters and 45 % FLOPS compared with traditional traffic classification methods, and maintaining more than 95 % classification accuracy.
{"title":"Pruned-F1DCN: A lightweight network model for traffic classification","authors":"Ruo nan Wang, Jin long Fei, Rong kai Zhang","doi":"10.1145/3584714.3584719","DOIUrl":"https://doi.org/10.1145/3584714.3584719","url":null,"abstract":"With the continuous development of deep learning, deep neural networks are gradually applied to traffic classification problems. However, the large network structure and parameter number of deep neural networks hinder the application on edge computing devices. Reducing network scale helps relieve computational pressure, this paper proposes a lightweight traffic classification model to provide reliable accuracy and reduce the consumption of computing resources. In this work, we design an F1DCN network, which takes full advantage of the convolution layer parameters and the convolution kernel field of view. The lightweight approach effectively improves the classification performance and saves massive parameters. The model pruning method is applied to find the optimal structure of the network. Experiments on two public datasets show that the proposed model reduce more than 80 % parameters and 45 % FLOPS compared with traditional traffic classification methods, and maintaining more than 95 % classification accuracy.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"110 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127982087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Program analysis plays an important role in ensuring the safety and correctness of Programs. Based on the cloud native security system and from the perspective of building a secure runtime application, this paper introduces the key technologies and algorithms in runtime application self-protection (RASP), puts forward a protection strategy scheme that creatively combines static taint analysis and RASP, and discusses the application of the scheme in the process of DevSecOps. Finally, the feasibility of the scheme is summarized through an example. Through the combination of program analysis technology and preset protection strategy, it provides a reference for the implementation of runtime application security protection.
{"title":"Application of static taint analysis in RASP protection strategy","authors":"Miao Ji, Ming Yin, Ying Hui Zhou","doi":"10.1145/3584714.3584723","DOIUrl":"https://doi.org/10.1145/3584714.3584723","url":null,"abstract":"Program analysis plays an important role in ensuring the safety and correctness of Programs. Based on the cloud native security system and from the perspective of building a secure runtime application, this paper introduces the key technologies and algorithms in runtime application self-protection (RASP), puts forward a protection strategy scheme that creatively combines static taint analysis and RASP, and discusses the application of the scheme in the process of DevSecOps. Finally, the feasibility of the scheme is summarized through an example. Through the combination of program analysis technology and preset protection strategy, it provides a reference for the implementation of runtime application security protection.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121422812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes a modified sensor measurement expression for moving target defense (MTD) method to detect coordinated cyber-physical attacks(CCPAs). As a new type of attack, CCPAs are considerably harmful. Through elaborately designing a coordinated cyber-attack, the negative effects of a physical attack on sensor measurements are masked and can bypass bad data detector(BDD). MTD strategy can actively perturb transmission lines’ reactances, which makes the knowledge of a power grid grasped by attackers invalid. In the paper, first, based on undetectable CCPAs production principle before MTD activation, the undetectable CCPAs’ production mechanism is analyzed after MTD activation; and then a modified sensor measurement expression for detecting CCPAs is provided after MTD activation. Extensive simulations implemented on IEEE 14-bus, IEEE 30-bus and IEEE 118-bus systems verify the simplicity and efficiency of the approach.
{"title":"Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids via a Modified Sensor Measurements Expression","authors":"Yu Jian","doi":"10.1145/3584714.3589127","DOIUrl":"https://doi.org/10.1145/3584714.3589127","url":null,"abstract":"This paper proposes a modified sensor measurement expression for moving target defense (MTD) method to detect coordinated cyber-physical attacks(CCPAs). As a new type of attack, CCPAs are considerably harmful. Through elaborately designing a coordinated cyber-attack, the negative effects of a physical attack on sensor measurements are masked and can bypass bad data detector(BDD). MTD strategy can actively perturb transmission lines’ reactances, which makes the knowledge of a power grid grasped by attackers invalid. In the paper, first, based on undetectable CCPAs production principle before MTD activation, the undetectable CCPAs’ production mechanism is analyzed after MTD activation; and then a modified sensor measurement expression for detecting CCPAs is provided after MTD activation. Extensive simulations implemented on IEEE 14-bus, IEEE 30-bus and IEEE 118-bus systems verify the simplicity and efficiency of the approach.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124245496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Under the new situation that premeditated and persistent attacks have become the norm, resource-constrained industrial control equipment uses traditional encryption protection methods with fixed encryption strength and faces challenges such as simple stacking of protection capabilities, waste of resources and weak protection capabilities. Firstly, the technical principle of dynamic change of encryption strength driven by attack threat is discussed, and then the technology of adaptive change of encryption strength driven by attack threat (TD-ESAT) is proposed. Experiments and analysis show that in the real-time operation scenario of industrial control equipment, the protection efficiency of this method is significantly improved.
{"title":"Adaptive Change Technology of Encryption Strength Driven by Network Attack Threat","authors":"lan kun, Ping Kuang, Fan Yang","doi":"10.1145/3584714.3589125","DOIUrl":"https://doi.org/10.1145/3584714.3589125","url":null,"abstract":"Under the new situation that premeditated and persistent attacks have become the norm, resource-constrained industrial control equipment uses traditional encryption protection methods with fixed encryption strength and faces challenges such as simple stacking of protection capabilities, waste of resources and weak protection capabilities. Firstly, the technical principle of dynamic change of encryption strength driven by attack threat is discussed, and then the technology of adaptive change of encryption strength driven by attack threat (TD-ESAT) is proposed. Experiments and analysis show that in the real-time operation scenario of industrial control equipment, the protection efficiency of this method is significantly improved.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128690909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Around two decades ago, we could not book plane tickets over the phone. As years go by, we invented and built multiple technological advances to make our lives more convenient than before. But this exposes us to different threats and vulnerabilities our devices bring to us. According to the National Vulnerability Database and iterated by Hoole et al., the publicly disclosed security issues are increasing rapidly, as observed in 2018. It has risen by 12.8% from the previous year. To further understand these threats, the researchers aim to provide an analysis of the common vulnerabilities and exposure database by MITRE by using a dynamic topic modelling called the BerTopic model. In addition, the research intends to produce security threat trends over the past years to see which threats have risen in the past decade.
{"title":"Analysis of Common Vulnerabilities and Exposures to Produce Security Trends","authors":"Norman Santiago, Janelli Mendez","doi":"10.1145/3584714.3584718","DOIUrl":"https://doi.org/10.1145/3584714.3584718","url":null,"abstract":"Around two decades ago, we could not book plane tickets over the phone. As years go by, we invented and built multiple technological advances to make our lives more convenient than before. But this exposes us to different threats and vulnerabilities our devices bring to us. According to the National Vulnerability Database and iterated by Hoole et al., the publicly disclosed security issues are increasing rapidly, as observed in 2018. It has risen by 12.8% from the previous year. To further understand these threats, the researchers aim to provide an analysis of the common vulnerabilities and exposure database by MITRE by using a dynamic topic modelling called the BerTopic model. In addition, the research intends to produce security threat trends over the past years to see which threats have risen in the past decade.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127058628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the rapid development of modern society and economy, Internet has been widely used in all walks of life, and plays an irreplaceable important role. At the same time, the quality of computer network service has been put forward more specific requirements. How to realize network QoS assurance is always a hot research topic in the Internet field. This paper analyzes the defects of the current comprehensive evaluation of network QoS. Considering the shortcomings of traditional data processing methods will be infinitely magnified in the face of a large amount of data and various types of data, the author uses SAE network model to reduce data dimension and extract features. Then the improved GRA-TOPSIS model is used to comprehensively evaluate the network QoS. Finally, the improved Gray GM(1,1) model is used to predict the network performance, which provides a new idea for multi-level and multi-criteria evaluation and prediction.
{"title":"Evaluation and Prediction of Network QoS Based on Multidimensional Data","authors":"Ming wei Sun, Qing wei Zhang, Hai yuan Zhao","doi":"10.1145/3584714.3584724","DOIUrl":"https://doi.org/10.1145/3584714.3584724","url":null,"abstract":"With the rapid development of modern society and economy, Internet has been widely used in all walks of life, and plays an irreplaceable important role. At the same time, the quality of computer network service has been put forward more specific requirements. How to realize network QoS assurance is always a hot research topic in the Internet field. This paper analyzes the defects of the current comprehensive evaluation of network QoS. Considering the shortcomings of traditional data processing methods will be infinitely magnified in the face of a large amount of data and various types of data, the author uses SAE network model to reduce data dimension and extract features. Then the improved GRA-TOPSIS model is used to comprehensively evaluate the network QoS. Finally, the improved Gray GM(1,1) model is used to predict the network performance, which provides a new idea for multi-level and multi-criteria evaluation and prediction.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"275 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134344058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wei Liu, Hua Xiao Hao, Lan Ai Wan, Kai Xu, Mu Han, Long Xiao Zhu
To address the problems that homomorphic encryption cannot achieve secret sharing and existing Paillier cryptosystems cannot resist quantum attacks and are not suitable for scenarios where encrypted data is only uploaded by the data owner, this paper designs an NTRU (number theory research unit) based symmetric additive homomorphic encryption-proxy rekey (PAHE-PRK) scheme using the ideas of proxy rekeying and symmetric encryption based on the approximate convention number problem and the ring fault-tolerant learning problem. research unit) Proxy ReKey-based Symmetric Additive Homomorphic Encryption scheme (Partially Additive Homomorphic Encryption-Proxy ReKey, PAHE-PRK). The proxy can not only perform homomorphic computation on the original ciphertext, but also re-encrypt the homomorphic key so that the trusted user can obtain the homomorphic key to decrypt the ciphertext, thus achieving secret sharing and privacy protection. Finally, the performance and security of the proposed scheme are discussed in comparison with the traditional Paillier cryptosystem and the proxy re-encryption scheme based on the fault-tolerant learning problem, showing that the proposed scheme is faster in encryption and decryption, has less computation and storage overhead, and is resistant to the indistinguishability under chosen plaintext attack (IND-CPA).
{"title":"A symmetric additive homomorphic encryption scheme based on NTRU proxy rekeys","authors":"Wei Liu, Hua Xiao Hao, Lan Ai Wan, Kai Xu, Mu Han, Long Xiao Zhu","doi":"10.1145/3584714.3584720","DOIUrl":"https://doi.org/10.1145/3584714.3584720","url":null,"abstract":"To address the problems that homomorphic encryption cannot achieve secret sharing and existing Paillier cryptosystems cannot resist quantum attacks and are not suitable for scenarios where encrypted data is only uploaded by the data owner, this paper designs an NTRU (number theory research unit) based symmetric additive homomorphic encryption-proxy rekey (PAHE-PRK) scheme using the ideas of proxy rekeying and symmetric encryption based on the approximate convention number problem and the ring fault-tolerant learning problem. research unit) Proxy ReKey-based Symmetric Additive Homomorphic Encryption scheme (Partially Additive Homomorphic Encryption-Proxy ReKey, PAHE-PRK). The proxy can not only perform homomorphic computation on the original ciphertext, but also re-encrypt the homomorphic key so that the trusted user can obtain the homomorphic key to decrypt the ciphertext, thus achieving secret sharing and privacy protection. Finally, the performance and security of the proposed scheme are discussed in comparison with the traditional Paillier cryptosystem and the proxy re-encryption scheme based on the fault-tolerant learning problem, showing that the proposed scheme is faster in encryption and decryption, has less computation and storage overhead, and is resistant to the indistinguishability under chosen plaintext attack (IND-CPA).","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"422 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126989000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Leila Ameli, Md Shah Alam Chowdhury, Farnaz Farid, Abubakar Bello, Fariza Sabrina, Alana Maurushat
In today's world, Cyberspace plays an essential part in an individual's life. Many people heavily depend on social media to get information and read the news. Such excessive reliance on Cyberspace, specifically on social media, has created vast room for many cybercrimes, such as the rapid spread of Fake News and misinformation. Additionally, the possibility of generating fake compelling content has become more accessible. Thanks to the rapid growth of the Internet and the adaption of Artificial Intelligence (AI) technologies. AI technologies are a two-edged sword. They are capable of positive improvements, e.g. detecting misinformation, fake or altered images and videos, identifying bots, and processing and retaining information better than humans. On the other hand, when used by malicious actors, there is a significant threat to the digital, physical, and political landscape. Additionally, the increasing use of social media platforms, specifically Facebook and Twitter, has allowed the public to spread opinions and information quickly, whether factual or not. Therefore, there is a need for further research and collaboration to understand how to identify and combat the spread of fake news and disinformation and prevent the malicious use of AI technologies whilst preventing infringement of privacy guidelines. To this end, in this study, we propose a conceptual framework to classify and detect fake news. The three-tier framework features characterisation and feature extraction, classification and detection, and the final feature is defence.
{"title":"AI and Fake News: A Conceptual Framework for Fake News Detection","authors":"Leila Ameli, Md Shah Alam Chowdhury, Farnaz Farid, Abubakar Bello, Fariza Sabrina, Alana Maurushat","doi":"10.1145/3584714.3584722","DOIUrl":"https://doi.org/10.1145/3584714.3584722","url":null,"abstract":"In today's world, Cyberspace plays an essential part in an individual's life. Many people heavily depend on social media to get information and read the news. Such excessive reliance on Cyberspace, specifically on social media, has created vast room for many cybercrimes, such as the rapid spread of Fake News and misinformation. Additionally, the possibility of generating fake compelling content has become more accessible. Thanks to the rapid growth of the Internet and the adaption of Artificial Intelligence (AI) technologies. AI technologies are a two-edged sword. They are capable of positive improvements, e.g. detecting misinformation, fake or altered images and videos, identifying bots, and processing and retaining information better than humans. On the other hand, when used by malicious actors, there is a significant threat to the digital, physical, and political landscape. Additionally, the increasing use of social media platforms, specifically Facebook and Twitter, has allowed the public to spread opinions and information quickly, whether factual or not. Therefore, there is a need for further research and collaboration to understand how to identify and combat the spread of fake news and disinformation and prevent the malicious use of AI technologies whilst preventing infringement of privacy guidelines. To this end, in this study, we propose a conceptual framework to classify and detect fake news. The three-tier framework features characterisation and feature extraction, classification and detection, and the final feature is defence.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115990370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.
{"title":"Anomaly detection of traffic session based on graph neural network","authors":"Peng Du, Chengwei Peng, Peng Xiang, Qingshan Li","doi":"10.1145/3584714.3584715","DOIUrl":"https://doi.org/10.1145/3584714.3584715","url":null,"abstract":"In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"446 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122889145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: