Sequential Detection of Cyber-attacks Using a Classification Filter

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

抄録

In detection systems of cyber-attacks, the trade-off between FNR (false negative rate) and FPR (false positive rate) makes it difficult to reduce both at the same time. To address this problem, sequential detection consisting of several sub-classifiers has been proposed, where negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further checking. In existing sequential detection systems, the type and structure of sub-classifiers have received a lot of attention. However, not enough attention has been paid to how to improve the purity of the positive instances reported by each sub-classifier. To fill this gap, in this study, we propose a sequential detection system based on a classification filter (SDCF), in which we introduce a classification filter (CF) for sequential detection. Specifically, as with traditional sequential detection, negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further inspection. The difference of our SDCF is that as the CF is introduced to each sub-classifier, the positive instances initially reported in the sub-classifier are sent to the CF, and only those instances with a sufficiently high probability of being positive are eventually reported as positive instances. In this way, the FPR can be optimized by the CF, while the FNR can also be reduced by further checking of the next sub-classifier. Moreover, although SDCF requires five sub-classifiers, 10 candidate models containing Artificial Neural Networks (ANN) as well as stacking Gated Recurrent Unit (SGRU) network need to be trained and validated in order to ensure the quality of all sub-classifiers. In addition, we also tried different CF values to suggest the best one. By testing two popular public datasets, NSL-KDD'99 and CICIDS-2017, the experimental results show that when CF is 0.9, our proposed method can improve the detection performance well with detection rates of 93. 94% (NSL-KDD'99) and 96.29% (CICIDS- 2017), and our SDCF can improve the detection rate by 11.81% while reducing the FPR and FNR by 18.16% and 20.97%, respectively, compared with the latest related work.

本文言語英語
ホスト出版物のタイトルProceedings - 2021 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing and International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021
出版社Institute of Electrical and Electronics Engineers Inc.
ページ659-666
ページ数8
ISBN(電子版)9781665421744
DOI
出版ステータス出版済み - 2021
イベント19th IEEE International Conference on Dependable, Autonomic and Secure Computing, 19th IEEE International Conference on Pervasive Intelligence and Computing, 7th IEEE International Conference on Cloud and Big Data Computing and 2021 International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021 - Virtual, Online, カナダ
継続期間: 10月 25 202110月 28 2021

出版物シリーズ

名前Proceedings - 2021 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing and International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021

会議

会議19th IEEE International Conference on Dependable, Autonomic and Secure Computing, 19th IEEE International Conference on Pervasive Intelligence and Computing, 7th IEEE International Conference on Cloud and Big Data Computing and 2021 International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021
国/地域カナダ
CityVirtual, Online
Period10/25/2110/28/21

!!!All Science Journal Classification (ASJC) codes

  • 人工知能
  • コンピュータ ネットワークおよび通信
  • コンピュータ サイエンスの応用
  • コンピュータ ビジョンおよびパターン認識
  • 情報システム
  • 情報システムおよび情報管理
  • 安全性、リスク、信頼性、品質管理
  • 制御と最適化

フィンガープリント

「Sequential Detection of Cyber-attacks Using a Classification Filter」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル