当前位置:
X-MOL 学术
›
EURASIP J. Info. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Transfer learning for detecting unknown network attacks
EURASIP Journal on Information Security Pub Date : 2019-02-21 , DOI: 10.1186/s13635-019-0084-4 Juan Zhao , Sachin Shetty , Jan Wei Pan , Charles Kamhoua , Kevin Kwiat
EURASIP Journal on Information Security Pub Date : 2019-02-21 , DOI: 10.1186/s13635-019-0084-4 Juan Zhao , Sachin Shetty , Jan Wei Pan , Charles Kamhoua , Kevin Kwiat
Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the network behaviors and training a classification model. These models usually require large labeled datasets; however, the rapid pace and unpredictability of cyber attacks make this labeling impossible in real time. To address these problems, we proposed utilizing transfer learning for detecting new and unseen attacks by transferring the knowledge of the known attacks. In our previous work, we have proposed a transfer learning-enabled framework and approach, called HeTL, which can find the common latent subspace of two different attacks and learn an optimized representation, which was invariant to attack behaviors’ changes. However, HeTL relied on manual pre-settings of hyper-parameters such as relativeness between the source and target attacks. In this paper, we extended this study by proposing a clustering-enhanced transfer learning approach, called CeHTL, which can automatically find the relation between the new attack and known attack. We evaluated these approaches by stimulating scenarios where the testing dataset contains different attack types or subtypes from the training set. We chose several conventional classification models such as decision trees, random forests, KNN, and other novel transfer learning approaches as strong baselines. Results showed that proposed HeTL and CeHTL improved the performance remarkably. CeHTL performed best, demonstrating the effectiveness of transfer learning in detecting new network attacks.
中文翻译:
转移学习以检测未知网络攻击
在当今日益相互联系的社会中,网络攻击是一个严重的问题。最近的研究通过学习网络行为的模式并训练分类模型,将常规机器学习应用于网络攻击检测。这些模型通常需要大型的标记数据集。但是,网络攻击的迅速和不可预测性使实时标记成为不可能。为了解决这些问题,我们建议利用转移学习通过转移已知攻击的知识来检测新的和未见的攻击。在我们之前的工作中,我们提出了一种支持转移学习的框架和方法,称为HeTL,它可以找到两种不同攻击的共同潜在子空间,并学习一种优化的表示形式,该表示形式不会改变攻击行为。然而,HeTL依赖于手动设置超参数,例如源和目标攻击之间的相对性。在本文中,我们通过提出一种称为CeHTL的群集增强型转移学习方法来扩展此研究,该方法可以自动找到新攻击与已知攻击之间的关系。我们通过刺激测试数据集包含来自训练集中的不同攻击类型或子类型的场景来评估这些方法。我们选择了几种常规分类模型,例如决策树,随机森林,KNN和其他新颖的转移学习方法作为强基准。结果表明,提出的HeTL和CeHTL可以显着提高性能。CeHTL表现最佳,证明了转移学习在检测新网络攻击方面的有效性。
更新日期:2020-04-16
中文翻译:
转移学习以检测未知网络攻击
在当今日益相互联系的社会中,网络攻击是一个严重的问题。最近的研究通过学习网络行为的模式并训练分类模型,将常规机器学习应用于网络攻击检测。这些模型通常需要大型的标记数据集。但是,网络攻击的迅速和不可预测性使实时标记成为不可能。为了解决这些问题,我们建议利用转移学习通过转移已知攻击的知识来检测新的和未见的攻击。在我们之前的工作中,我们提出了一种支持转移学习的框架和方法,称为HeTL,它可以找到两种不同攻击的共同潜在子空间,并学习一种优化的表示形式,该表示形式不会改变攻击行为。然而,HeTL依赖于手动设置超参数,例如源和目标攻击之间的相对性。在本文中,我们通过提出一种称为CeHTL的群集增强型转移学习方法来扩展此研究,该方法可以自动找到新攻击与已知攻击之间的关系。我们通过刺激测试数据集包含来自训练集中的不同攻击类型或子类型的场景来评估这些方法。我们选择了几种常规分类模型,例如决策树,随机森林,KNN和其他新颖的转移学习方法作为强基准。结果表明,提出的HeTL和CeHTL可以显着提高性能。CeHTL表现最佳,证明了转移学习在检测新网络攻击方面的有效性。
京公网安备 11010802027423号