Generalised Zero-Shot Learning with Domain Classification in a Joint Semantic and Visual Space

Felix, Rafael; Harwood, Ben; Sasdelli, Michele; Carneiro, Gustavo

doi:10.1109/dicta47822.2019.8945949

Cited by 13 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the test set includes known attacks, a zero-day attack, and benign data samples. This follows a generalised ZSL setting where the test set includes seen (known attacks and benign classes) or unseen (zeroday attack class) data samples [29]. This is appropriate for ML-based NIDS evaluation as it represents a real-world environment and a more practical scenario than the conventional ZSL setting.…”

Section: Proposed Methodologymentioning

confidence: 99%

From zero-shot machine learning to zero-day attack detection

Sarhan

Layeghy

Gallagher

et al. 2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Machine learning (ML) models have proved efficient in classifying data samples into their respective categories. The standard ML evaluation methodology assumes that test data samples are derived from pre-observed classes used in the training phase. However, in applications such as Network Intrusion Detection Systems (NIDSs), obtaining data samples of all attack classes to be observed is challenging. ML-based NIDSs face new attack traffic known as zero-day attacks that are not used in training due to their non-existence at the time. Therefore, this paper proposes a novel zero-shot learning methodology to evaluate the performance of ML-based NIDSs in recognising zero-day attack scenarios. In the attribute learning stage, the learning models map network data features to semantic attributes that distinguish between known attacks and benign behaviour. In the inference stage, the models construct the relationships between known and zero-day attacks to detect them as malicious. A new evaluation metric is defined as Zero-day Detection Rate (Z-DR) to measure the effectiveness of the learning model in detecting unknown attacks. The proposed framework is evaluated using two key ML models and two modern NIDS data sets. The results demonstrate that for certain zero-day attack groups discovered in this paper, ML-based NIDSs are ineffective in detecting them as malicious. Further analysis shows that attacks with a low Z-DR have a significantly distinct feature distribution and a higher Wasserstein Distance range than the other attack classes.

show abstract

Section: Proposed Methodologymentioning

confidence: 99%

From zero-shot machine learning to zero-day attack detection

Sarhan

Layeghy

Gallagher

et al. 2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…For this purpose, we have defined a new evaluation metric, which is discussed in Section 4.2. This follows the generalised ZSL setting where the test samples may belong to the seen (known attacks and benign traffic) or unseen (zero-day attack) data samples [28]. This has proven to be a more practical scenario than the conventional ZSL setting, where the test set only includes samples from the unseen class, which is difficult to guarantee from a network security perspective.…”

Section: Fig 1: Proposed Methodologymentioning

confidence: 99%

From Zero-Shot Machine Learning to Zero-Day Attack Detection

Sarhan¹,

Layeghy²,

Gallagher³

et al. 2021

Preprint

View full text Add to dashboard Cite

Machine Learning (ML) models have been proven to be efficient in the classification and prediction of test data samples to their respective categories. The standard ML methodology assumes that the test samples are derived from a set of pre-observed classes used in the training phase. Where the model extracts and learns useful patterns to detect new data samples belonging to the same data classes. However, in certain applications such as Network Intrusion Detection Systems (NIDSs), it is challenging to obtain data samples for all attack classes that the model will most likely observe in production. ML-based NIDSs face new attack traffic known as zero-day attacks, that are not used in the training of the learning models due to their non-existence at the time. Therefore, in this paper, a zero-shot learning methodology has been proposed to evaluate the ML model performance in the detection of zero-day attack scenarios. In the attribute learning stage, the ML models map the network data features to distinguish semantic attributes from known attack (seen) classes. In the inference stage, the models are evaluated in the detection of zero-day attack (unseen) classes by constructing the relationships between known attacks and zero-day attacks. A new metric is defined as Zero-day Detection Rate, which measures the effectiveness of the learning model in the inference stage. The results demonstrate that while the majority of the attack classes do not represent significant risks to organisations adopting an ML-based NIDS in a zero-day attack scenario. However, for certain attack groups identified in this paper, such systems are not effective in applying the learnt attributes of attack behaviour to detect them as malicious. Further Analysis was conducted using the Wasserstein Distance technique to measure how different such attacks are from other attack types used in the training of the ML model. The results demonstrate that sophisticated attacks with a low zero-day detection rate have a significantly distinct feature distribution compared to the other attack classes.

show abstract

“…Later, entropy-based [76], probabilistic-based [75], [87], distance-based [88], cluster-based [89] and parametric novelty detection [50] approaches have been developed to detect OOD, i.e., the unseen classes. Felix et al [90] learned a discriminative model using the latent space to identify whether a test sample belongs to a seen or unseen class. Geng et al [91] decomposed GZSL into open set recognition (OSR) [9] and ZSL tasks.…”

Section: Semantic Embedding Spacementioning

confidence: 99%

A Review of Generalized Zero-Shot Learning Methods

Pourpanah

Abdar

Luo

et al. 2022

IEEE Trans. Pattern Anal. Mach. Intell.

162

View full text Add to dashboard Cite

Generalized zero-shot learning (GZSL) aims to train a model for classifying data samples under the condition that some output classes are unknown during supervised learning. To address this challenging task, GZSL leverages semantic information of the seen (source) and unseen (target) classes to bridge the gap between both seen and unseen classes. Since its introduction, many GZSL models have been formulated. In this review paper, we present a comprehensive review on GZSL. Firstly, we provide an overview of GZSL including the problems and challenges. Then, we introduce a hierarchical categorization for the GZSL methods and discuss the representative methods in each category. In addition, we discuss the available benchmark data sets and applications of GZSL, along with a discussion on the research gaps and directions for future investigations.

show abstract

Generalised Zero-Shot Learning with Domain Classification in a Joint Semantic and Visual Space

Cited by 13 publications

References 21 publications

From zero-shot machine learning to zero-day attack detection

From zero-shot machine learning to zero-day attack detection

From Zero-Shot Machine Learning to Zero-Day Attack Detection

A Review of Generalized Zero-Shot Learning Methods

Contact Info

Product

Resources

About