Reliable Feature Selection for Adversarially Robust Cyber-Attack Detection

Cyber Europe 2022: After Action Report

European Union Agency for Cybersecurity

Published: 2022

ENISA Threat Landscape 2022

European Union Agency for Cybersecurity (ENISA)

Published: 2022

Annals of Telecommunications

Network traffic analysis using machine learning: an unsupervised approach to understand and slice your network

O. Aouedi

Published: 2022

Foundations and Practice of Security, Springer International Publishing

A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

J. Vitorino, R. Andrade, I. Praça, O. Sousa, E. Maia

Published: 2022

Annals of Telecommunications

Active feature acquisition on data streams under feature drift

C. Beyer, M. Büttner, V. Unnikrishnan, M. Schleicher, E. Ntoutsi, M. Spiliopoulou

Published: 2020

Artificial Intelligence Review

A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions

Thakkar, A., Lohiya, T.

Published: 2022

Int J Comput Appl

Network Intrusion Detection with Feature Selection Techniques using Machine-Learning Algorithms

K. Kumar, J. Singh

Published: 2016

J Big Data

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

S. M. Kasongo, Y. Sun

Published: 2020

Future Internet

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

A. Alotaibi, M. A. Rassam

Published: 2023

arxiv

被引用数 1

ACM Comput. Surv.

Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

Ihai Rosenberg, Asaf Shabtai, Yuval Elovici, Lior Rokach

Published: 2020.7.6

In recent years machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the application of machine learning, especially in non-stationary, adversarial environments, such as the cyber security domain, where actual adversaries (e.g., malware developers) exist. This paper comprehensively summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques and illuminates the risks they pose. First, the adversarial attack methods are characterized based on their stage of occurrence, and the attacker's goals and capabilities. Then, we categorize the applications of adversarial attack and defense methods in the cyber security domain. Finally, we highlight some characteristics identified in recent research and discuss the impact of recent advancements in other adversarial learning domains on future research directions in the cyber security domain. This paper is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain, map them in a unified taxonomy, and use the taxonomy to highlight future research directions.

敵対的学習敵対的サンプル特徴重要度分析

IEEE Access

Adversarial Machine Learning Applied to Intrusion and Malware Scenarios: A Systematic Review

N. Martins, J. M. Cruz, T. Cruz, P. Henriques Abreu

Published: 2020

ArXiv

Constrained Adversarial Learning and its applicability to Automated Software Testing: a systematic review

J. Vitorino, T. Dias, T. Fonseca, E. Maia, I. Praça

Published: 2023

arXiv

An Adversarial Robustness Benchmark for Enterprise Network Intrusion Detection

J. Vitorino, M. Silva, E. Maia, I. Praça

Published: 2024

Annals of Telecommunications

Investigating the practicality of adversarial evasion attacks on network intrusion detection

M. A. Merzouk, F. Cuppens, N. Boulahia-Cuppens, R. Yaich

Published: 2022

Annals of Telecommunications

A review on machine learning–based approaches for Internet traffic classification

O. Salman, I. H. Elhajj, A. Kayssi, A. Chehab

Published: 2020

2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)

Efficient Feature Selection for Intrusion Detection Systems

S. Ahmadi

Published: 2019

2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference

A Machine Learning Framework for Intrusion Detection System in IoT Networks Using an Ensemble Feature Selection Method

G. Guo

Published: 2021

2023 IEEE 13th Annual Computing and Communication Workshop and Conference

An IoT Intrusion Detection System Based on TON IoT Network Dataset

G. Guo

Published: 2023

International Journal of Intelligent Systems and Applications in Engineering

A Two-Phase Feature Selection Technique using Information Gain and XGBoost-RFE for NIDS

M. S. Habeeb, B. T. Ranga

Published: 2024

2019 International Joint Conference on Neural Networks (IJCNN)

Intrusion detection method based on information gain and ReliefF feature selection

Y. Zhang, X. Ren, J. Zhang

Published: 2019

2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism

Intrusion Detection System with Recursive Feature Elimination by Using Random Forest and Deep Learning Classifier

S. Ustebay, Z. Turgut, M. A. Aydin

Published: 2018

Engineering Proceedings

An Effective Network Intrusion Detection System Using Recursive Feature Elimination Technique

N. S. Yadav, V. P. Sharma, D. S. D. Reddy, S. Mishra

Published: 2023

Journal of Sensor and Actuator Networks

Recursive Feature Elimination with Cross-Validation with Decision Tree: Feature Selection Method for Machine Learning-Based Intrusion Detection Systems

M. Awad, S. Fraihat

Published: 2023

IEEE Access

CICIDS-2017 Dataset Feature Analysis with Information Gain for Anomaly Detection

Kurniabudi

Published: 2020

Journal of Cybersecurity and Privacy

Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey

A. McCarthy

Published: 2022

ICISSp

Toward generating a new intrusion detection dataset and intrusion traffic characterization

Iman Sharafaldin, Arash Habibi Lashkari, Ali A Ghorbani

Published: 2018

CICFlowMeter Canadian Institute for Cybersecurity

Lect. Notes Comput. Sci.

Errors in the CICIDS2017 dataset and the significant differences in detection performances it makes

M. Lanvin, P.-F. Gimenez, Y. Han, F. Majorczyk, L. Me, E. Totel

Published: 2023

2022 IEEE Conference on Communications and Network Security (CNS)

Error prevalence in NIDS datasets: A case study on CIC-IDS-2017 and CSE-CIC-IDS-2018

L. Liu, G. Engelen, T. Lynar, D. Essam, W. Joosen

Published: 2022

Applied Sciences

Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic

A. Ferriyan, A. H. Thamrin, K. Takeda, J. Murai

Published: 2021

AllFlowMeter HIKARI2022

A. Ferriyan, A. H. Thamrin, K. Takeda, J. Murai

Induction of Decision Trees

J. R. Quinlan

Published: 1986

International Journal of Computer Applications in Technology

Feature Ranking in Intrusion Detection Dataset using Combination of Filtering Methods

Z. Karimi, M. Riahi Kashani, A. Harounabadi

Published: 2013

Int Sch Res Notices

A Novel Feature Selection Technique for Text Classification Using Naïve Bayes

S. Dey Sarkar, S. Goswami, A. Agarwal, J. Aktar

Published: 2014

Gene Selection for Cancer Classification using Support Vector Machines

I. Guyon, J. Weston, S. Barnhill

Published: 2002

International journal of business

Mean Absolute Deviation: Analysis and Applications

K. M. F. Elsayed

Published: 2015

Expert Syst Appl

Dispersion Ratio based Decision Tree Model for Classification

S. Roy, S. Mondal, A. Ekbal, M. S. Desarkar

Published: 2019

Annals of Telecommunications

Towards Adversarial Realism and Robust Learning for IoT Intrusion Detection and Classification

J. Vitorino, I. Praça, E. Maia

Published: 2023

arxiv

被引用数 1

Future Internet

Adaptative Perturbation Patterns: Realistic Adversarial Learning for Robust Intrusion Detection

João Vitorino, Nuno Oliveira, Isabel Praça

Published: 2022.3.9

Adversarial attacks pose a major threat to machine learning and to the systems that rely on it. In the cybersecurity domain, adversarial cyber-attack examples capable of evading detection are especially concerning. Nonetheless, an example generated for a domain with tabular data must be realistic within that domain. This work establishes the fundamental constraint levels required to achieve realism and introduces the Adaptative Perturbation Pattern Method (A2PM) to fulfill these constraints in a gray-box setting. A2PM relies on pattern sequences that are independently adapted to the characteristics of each class to create valid and coherent data perturbations. The proposed method was evaluated in a cybersecurity case study with two scenarios: Enterprise and Internet of Things (IoT) networks. Multilayer Perceptron (MLP) and Random Forest (RF) classifiers were created with regular and adversarial training, using the CIC-IDS2017 and IoT-23 datasets. In each scenario, targeted and untargeted attacks were performed against the classifiers, and the generated examples were compared with the original network traffic flows to assess their realism. The obtained results demonstrate that A2PM provides a scalable generation of realistic adversarial examples, which can be advantageous for both adversarial training and attacks.

データ生成ロバスト性評価 DDoS攻撃

arxiv

被引用数 2

SoK: Realistic Adversarial Attacks and Defenses for Intelligent Network Intrusion Detection

João Vitorino, Isabel Praça, Eva Maia

Published: 2023.8.14

Machine Learning (ML) can be incredibly valuable to automate anomaly detection and cyber-attack classification, improving the way that Network Intrusion Detection (NID) is performed. However, despite the benefits of ML models, they are highly susceptible to adversarial cyber-attack examples specifically crafted to exploit them. A wide range of adversarial attacks have been created and researchers have worked on various defense strategies to safeguard ML models, but most were not intended for the specific constraints of a communication network and its communication protocols, so they may lead to unrealistic examples in the NID domain. This Systematization of Knowledge (SoK) consolidates and summarizes the state-of-the-art adversarial learning approaches that can generate realistic examples and could be used in real ML development and deployment scenarios with real network traffic flows. This SoK also describes the open challenges regarding the use of adversarial ML in the NID domain, defines the fundamental properties that are required for an adversarial example to be realistic, and provides guidelines for researchers to ensure that their future experiments are adequate for a real communication network.

敵対的訓練バックドア攻撃防御手法

Mach Learn

Random forests

L. Breiman

Published: 2001

Proceedings of the 22nd ACM International Conference on Knowledge Discovery and Data Mining (SIGKDD)

Xgboost: A scalable tree boosting system

T. Chen, C. Guestrin

Published: 2016

Advances in neural information processing systems

Lightgbm: A highly efficient gradient boosting decision tree

Guolin Ke, Qi Meng, Thomas Finley, Taifeng Wang, Wei Chen, Weidong Ma, Qiwei Ye, Tie-Yan Liu

Published: 2017

Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Intelligible Models for Classification and Regression

Y. Lou, R. Caruana, J. Gehrke

Published: 2012

InterpretML: A Unified Framework for Machine Learning Interpretability

H. Nori, S. Jenkins, P. Koch, R. Caruana

Published: 2019