The Experts below are selected from a list of 186 Experts worldwide ranked by ideXlab platform
Fan Yang - One of the best experts on this subject based on the ideXlab platform.
-
an identification strategy for Unknown Attack through the joint learning of space time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
-
An identification strategy for Unknown Attack through the joint learning of space–time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
Hiroki Takakura - One of the best experts on this subject based on the ideXlab platform.
-
Unknown Attack Detection by Multistage One-Class SVM Focusing on Communication Interval
Neural Information Processing, 2014Co-Authors: Shohei Araki, Hajime Shimada, Y Yamaguchi, Hiroki TakakuraAbstract:Cyber Attacks have been more sophisticated. Existing countermeasures, e.g, Intrusion Detection System (IDS), cannot work well for detecting their existence. Although anomaly-based IDS is considered to be promising approach to detect Unknown Attacks, it still lacks the ability to distinguish sophisticated Attacks from trivial known ones. Therefore, we applied multistage one-class Support Vector Machine (OC-SVM) to detect such serious Attacks. At the first stage, two training data are retrieved from traffic archive. The one is used for training OC-SVM and then, Attacks are obtained from the another. Also testing data from real network are examined by the same OC-SVM and Attacks are extracted. The Attacks from the traffic archive are used for training OC-SVM at the second stage and those from real network are analyzed. Finally, we can obtain Unknown Attacks which are not stored in archive.
-
ICONIP (3) - Unknown Attack Detection by Multistage One-Class SVM Focusing on Communication Interval
Neural Information Processing, 2014Co-Authors: Shohei Araki, Hajime Shimada, Y Yamaguchi, Hiroki TakakuraAbstract:Cyber Attacks have been more sophisticated. Existing countermeasures, e.g, Intrusion Detection System (IDS), cannot work well for detecting their existence. Although anomaly-based IDS is considered to be promising approach to detect Unknown Attacks, it still lacks the ability to distinguish sophisticated Attacks from trivial known ones. Therefore, we applied multistage one-class Support Vector Machine (OC-SVM) to detect such serious Attacks. At the first stage, two training data are retrieved from traffic archive. The one is used for training OC-SVM and then, Attacks are obtained from the another. Also testing data from real network are examined by the same OC-SVM and Attacks are extracted. The Attacks from the traffic archive are used for training OC-SVM at the second stage and those from real network are analyzed. Finally, we can obtain Unknown Attacks which are not stored in archive.
-
ASIAN - A comprehensive approach to detect Unknown Attacks via intrusion detection alerts
Lecture Notes in Computer Science, 1Co-Authors: Jungsuk Song, Hiroki Takakura, Hayato Ohba, Yasuo Okabe, Kenji Ohira, Yongjin KwonAbstract:Intrusion detection system(IDS) has played an important role as a device to defend our networks from cyber Attacks. However, since it still suffers from detecting an Unknown Attack, i.e., 0-day Attack, the ultimate challenge in intrusion detection field is how we can exactly identify such an Attack. This paper presents a novel approach that is quite different from the traditional detection models based on raw traffic data. The proposed method can extract Unknown activities from IDS alerts by applying data mining technique.We evaluated our method over the log data of IDS that is deployed in Kyoto University, and our experimental results show that it can extract Unknown(or under development) Attacks from IDS alerts by assigning a score to them that reflects how anomalous they are, and visualizing the scored alerts.
Huan Wang - One of the best experts on this subject based on the ideXlab platform.
-
an identification strategy for Unknown Attack through the joint learning of space time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
-
An identification strategy for Unknown Attack through the joint learning of space–time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
Cheng Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Unknown Attack Detection Based on Zero-Shot Learning
IEEE Access, 2020Co-Authors: Zhang Zhun, Liu Qihe, Qiu Shilin, Shijie Zhou, Cheng ZhangAbstract:In recent years, due to the frequent occurrence of network intrusions, more and more researchers have begun to focus on network intrusion detection. However, it is still a challenge to detect Unknown Attacks. Currently, there are two main methods of Unknown Attack detection: clustering and honeypot. But they still have unsolved problems such as difficulty in collecting Unknown Attack samples and failure to detect on time. Zero-Shot learning is proposed to deal with the problem in this article, which can recognize Unknown Attacks by learning the mapping relations between feature space and semantic space (such as attribute space). When the semantic descriptions of all Attacks (including known and Unknown Attacks) are provided, the classifier built by Zero-Shot learning can extract common semantic information among all Attacks and construct connections between known and Unknown Attacks. The classifier then utilizes the connections to classify Unknown Attacks although there are no samples for Unknown Attacks. In this article, we first propose to use Zero-Shot learning to overcome the challenge of Unknown Attack detection and illustrate the feasibility of this method. Secondly, we then propose a novel method of Zero-Shot learning based on sparse autoencoder for Unknown Attack detection. This method maps the feature of known Attacks to the semantic space, and restores the semantic space to the feature space by constrains of reconstruction error, and establishes the feature to semantic mapping, which is used to detect Unknown Attacks. Verification tests have been carried out by using the public dataset NSL_KDD. From the experiments conducted in this work, the results show that the average accuracy reaches 88.3%, which performs better than other methods.
Jingxian Liu - One of the best experts on this subject based on the ideXlab platform.
-
an identification strategy for Unknown Attack through the joint learning of space time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
-
An identification strategy for Unknown Attack through the joint learning of space–time features
Future Generation Computer Systems, 2021Co-Authors: Huan Wang, Shahid Mumtaz, Jingxian Liu, Fan YangAbstract:Abstract Deep learning (DL) can effectively extract the features of Attack behaviours and identify Unknown Attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for Unknown Attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the Attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-Attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of Unknown Attack behaviours.
