Enregistré dans:
| Auteurs principaux: | , , , , , |
|---|---|
| Format: | Preprint |
| Publié: |
2024
|
| Sujets: | |
| Accès en ligne: | https://arxiv.org/abs/2403.04193 |
| Tags: |
Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
|
| _version_ | 1866910356244267008 |
|---|---|
| author | Qiu, Zhiyin Zhou, Ding Zhai, Yahui Liu, Bo He, Lei Cao, Jiuxin |
| author_facet | Qiu, Zhiyin Zhou, Ding Zhai, Yahui Liu, Bo He, Lei Cao, Jiuxin |
| contents | Promptly discovering unknown network attacks is critical for reducing the risk of major loss imposed on system or equipment. This paper aims to develop an open-set intrusion detection model to classify known attacks as well as inferring unknown ones. To achieve this, we employ OpenMax and variational autoencoder to propose a dual detection model, VAEMax. First, we extract flow payload feature based on one-dimensional convolutional neural network. Then, the OpenMax is used to classify flows, during which some unknown attacks can be detected, while the rest are misclassified into a certain class of known flows. Finally, use VAE to perform secondary detection on each class of flows, and determine whether the flow is an unknown attack based on the reconstruction loss. Experiments performed on dataset CIC-IDS2017 and CSE-CIC-IDS2018 show our approach is better than baseline models and can be effectively applied to realistic network environments. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2403_04193 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | VAEMax: Open-Set Intrusion Detection based on OpenMax and Variational Autoencoder Qiu, Zhiyin Zhou, Ding Zhai, Yahui Liu, Bo He, Lei Cao, Jiuxin Cryptography and Security Promptly discovering unknown network attacks is critical for reducing the risk of major loss imposed on system or equipment. This paper aims to develop an open-set intrusion detection model to classify known attacks as well as inferring unknown ones. To achieve this, we employ OpenMax and variational autoencoder to propose a dual detection model, VAEMax. First, we extract flow payload feature based on one-dimensional convolutional neural network. Then, the OpenMax is used to classify flows, during which some unknown attacks can be detected, while the rest are misclassified into a certain class of known flows. Finally, use VAE to perform secondary detection on each class of flows, and determine whether the flow is an unknown attack based on the reconstruction loss. Experiments performed on dataset CIC-IDS2017 and CSE-CIC-IDS2018 show our approach is better than baseline models and can be effectively applied to realistic network environments. |
| title | VAEMax: Open-Set Intrusion Detection based on OpenMax and Variational Autoencoder |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2403.04193 |