AI/ML for Network Security

Jacobs, Arthur Selle; Beltiukov, Roman; Willinger, Walter; Ferreira, Ronaldo A.; Gupta, Arpit; Granville, Lisandro Zambenedetti

doi:10.1145/3548606.3560609

Cited by 47 publications

(14 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most publications describe the features that were excluded, for that reason, but features like TTL can easily be overlooked by the authors. For example, a strong correlation between the packets' TTL value and traffic type was observed for the CIC-IDS-2017 dataset in [57].…”

Section: Class Imbalancementioning

confidence: 98%

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

Schrötter,

Niemann,

Schnor

2024

Information

View full text Add to dashboard Cite

Over the last few years, a plethora of papers presenting machine-learning-based approaches for intrusion detection have been published. However, the majority of those papers do not compare their results with a proper baseline of a signature-based intrusion detection system, thus violating good machine learning practices. In order to evaluate the pros and cons of the machine-learning-based approach, we replicated a research study that uses a deep neural network model for intrusion detection. The results of our replicated research study expose several systematic problems with the used datasets and evaluation methods. In our experiments, a signature-based intrusion detection system with a minimal setup was able to outperform the tested model even under small traffic changes. Testing the replicated neural network on a new dataset recorded in the same environment with the same attacks using the same tools showed that the accuracy of the neural network dropped to 54%. Furthermore, the often-claimed advantage of being able to detect zero-day attacks could not be seen in our experiments.

show abstract

Section: Class Imbalancementioning

confidence: 98%

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

Schrötter,

Niemann,

Schnor

2024

Information

View full text Add to dashboard Cite

show abstract

“…There are also different criteria to categorize XAI techniques. 5 For example, whether the model is self-explainable, 6,7,8 or post hoc explanation is applied on a given model 2 ; whether to surrogate a complicated model with a simpler or even self-explainable one 9 ; and whether to explain individual data samples 10 or explain the model's overall behavior. 11,12,13,14 One of the XAI techniques that have been tailored to cybersecurity problems with domain-specific knowledge is Trustee.…”

Section: Prior Workmentioning

confidence: 99%

“…11,12,13,14 One of the XAI techniques that have been tailored to cybersecurity problems with domain-specific knowledge is Trustee. 9 It learned high-fidelity and low-complexity DTs for network security problems. The DT is easy to interpret and can be used to identify the most important features for making predictions, as well as to understand the decision-making process used by the model.…”

Section: Prior Workmentioning

confidence: 99%

“…Figure 1 shows a learned explanation DT with respect to the DNS cache poisoning detection NN. We used TRUSTEE, 9 a framework to explain machine learning models, to generate the DT. From the DT, a security analyst can gain the following insights of the tutor NN.…”

Section: Explanation Dtmentioning

confidence: 99%

“…In particular, the DT explanations provided by TRUSTEE are located near the right end of the spectrum due to the fact that TRUSTEE requires the decision rules in DTs "to be largely in agreement with the experts' domain knowledge." 9 In contrast, the Shapley value explanations provided by SHAP are located near the left end of the spectrum since the Shapley value of each feature is determined by the feature's average marginal contribution, which is calculated based on the output (that is, probabilities of each of the classes/labels involved in the classification task) of the black-box model itself. In other words, the explanations on the left end tend to illustrate the inner workings of the black-box model.…”

Section: Artificial Intelligence/machine Learningmentioning

confidence: 99%

See 2 more Smart Citations