Host-Based Intrusion Detection Model Using Siamese Network

Park, Daekyeong; Kim, Sang Soo; Kwon, Hyukjin; Shin, Dongil; Shin, Dongkyoo

doi:10.1109/access.2021.3082160

Cited by 28 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Poor detection accuracy and execution efficiency on small samples Park et al [20] Building twin convolutional neural networks using small-sample learning methods to extract time-dependent dynamic features in traffic Relatively low detection performance Zhou et al [21] Proposed an incremental long short-term memory-based method to detect attacks Weak detection of stealth attacks Ashraf et al [22] Detecting attacks based on long short-term memory networks and autoencoders Serial spatio-temporal feature extraction is susceptible to the impact of the previous sub-model Liu et al. [23] Collaborative intrusion detection based on blockchain and federated learning High communication overhead Chen et al [24] Increase the weight of important nodes based on the attention mechanism to reduce the overhead of federated intrusion detection Depends on the consistency and stability of the global model Attota et al [25] Improving learning efficiency for different classes of attacks using multi-view ensemble learning computational and communication overheads impact nodes…”

Section: Internet Of Vehicle Intrusion Detectionmentioning

confidence: 99%

“…Hu et al [19] implemented a wireless network intrusion detection system using adaptive synthetic sampling and a convolutional neural network implemented by a split convolutional module to increase the diversity of spatial features and reduce the impact of inter-channel information redundancy on the model. Park et al [20] convert network traffic into grayscale maps and build twinned convolutional neural networks based on small sample-learning methods to determine the type of attack based on the similarity scores of attack samples. To capture the timedependent dynamic features in network traffic, Zhou et al [21] proposed an incremental long and short-term memory network intrusion detection method that introduces state changes into LSTM and processes dynamic information in network data by obtaining the state of the LSTM implicit layer.…”

Section: Intrusion Detection Based On Deep Learningmentioning

confidence: 99%

See 1 more Smart Citation

FL-MAAE: An Intrusion Detection Method for the Internet of Vehicles Based on Federated Learning and Memory-Augmented Autoencoder

Xing

Wang

et al. 2023

Electronics

View full text Add to dashboard Cite

The Internet of Vehicles (IoV) is a network system that enables wireless communication and information exchange between vehicles and other traffic participants. Intrusion detection plays a very important role in the IoV. However, with the development of the IoV, unknown attack behaviors may appear. The lack of analysis and collection of these attack behavior has led to an imbalance in the sample data categories of the IoV intrusion detection, which causes the problem of low detection accuracy. At the same time, the intrusion detection model usually needs to upload data to the cloud for training, which will introduce the privacy risk due to of the leakage of vehicle users’ information. In this paper, we propose an intrusion detection method for the IoV based on federated learning and memory-augmented autoencoder (FL-MAAE). We add a memory module to the autoencoder model to enhance its ability to store the behavior feature patterns of the IoV, make it robust to imbalanced samples, and use the reconstruction error as the evaluation index, so as to detect unknown attacks in the IoV. We propose a federated learning based training method for the IoV intrusion detection model. Local training of intrusion detection models in roadside units can effectively protect the privacy of data resources. We also designed an aggregation method based on the performance contribution of participants to improve the reliability of model aggregation. We conducted experiments on the NSL-KDD intrusion detection dataset to evaluate the performance of the proposed method. Experimental results show that our method has the best intrusion detection performance. In the case of contaminated samples, the accuracy and F1 score of the proposed method are 9.6% and 7.39% higher than those of the comparison methods on average.

show abstract

Section: Internet Of Vehicle Intrusion Detectionmentioning

confidence: 99%

Section: Intrusion Detection Based On Deep Learningmentioning

confidence: 99%

FL-MAAE: An Intrusion Detection Method for the Internet of Vehicles Based on Federated Learning and Memory-Augmented Autoencoder

Xing

Wang

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…Keeping the focus on HIDS in [73], Gas-sais et al propose a framework for intrusion detection in IoT which combines user and kernel space using AI techniques to automatically get devices behavior, process the data into numeric arrays to train several machine learning algorithms, and raise alerts whenever an intrusion is found. In [74] and [75] the authors focus the attention on Cloud Environment by detecting Anomalies while [76] propose a Siamese-CNN to determine the attack type converting it to an image. Analyzing the Network-based approaches, in [77], the authors present a NIDS model that employs a non-symmetric deep AutoEncoder and a Random Forest classifier.…”

Section: ) Artificial Intelligence In Idssmentioning

confidence: 99%

Explainable Artificial Intelligence in CyberSecurity: A Survey

et al. 2022

View full text Add to dashboard Cite

Nowadays, Artificial Intelligence (AI) is widely applied in every area of human being's daily life. Despite the AI benefits, its application suffer from the opacity of complex internal mechanisms and doesn't satisfy by design the principles of Explainable Artificial Intelligence (XAI). The lack of transparency further exacerbates the problem in the field of Cybersecurity because entrusting crucial decisions to a system that cannot explain itself presents obvious dangers. There are several methods in the literature capable of providing explainability of AI results. Anyway, the application of XAI in Cybersecurity can be a doubleedged sword. It substantially improves the Cybersecurity practices but simultaneously leaves the system vulnerable to adversary attacks. Therefore, there is a need to analyze the state-of-the-art of XAI methods in Cybersecurity to provide a clear vision for future research. This study presents an in-depth examination of the application of XAI in Cybersecurity. It considers more than 300 papers to comprehensively analyze the main Cybersecurity application fields, like Intrusion Detection Systems,Malware detection, Phishing and Spam detection, BotNets detection, Fraud detection, Zero-Day vulnerabilities, Digital Forensics and Crypto-Jacking . Specifically, this study focuses on the explainability methods adopted or proposed in these fields, pointing out promising works and new challenges.

show abstract

“…99.16% accuracy is achieved on the UNSW-NB dataset and 99.99% on the CICIDS dataset. Park et al (2021) proposes a technique called HIIDS, which is hybrid intelligent IDS. This technique learns important and most relevant features from the dataset.…”

Section: Related Workmentioning

confidence: 99%

Machine Learning-Based Intrusion Detection System: An Experimental Comparison

Hidayat,

Ali,

Arshad

2022

JCCE

View full text Add to dashboard Cite

Recently, networks are moving toward automation and getting more and more intelligent. With the advent of big data and cloud computing technologies, lots and lots of data are being produced on the internet. Every day, petabytes of data are produced from websites, social media sites, or the internet. As more and more data are produced, a continuous threat of network attacks is also growing. An intrusion detection system (IDS) is used to detect such types of attacks in the network. IDS inspects packet headers and data and decides whether the traffic is anomalous or normal based on the contents of the packet. In this research, ML techniques are being used for intrusion detection purposes. Feature selection is also used for efficient and optimal feature selection. The research proposes a hybrid feature selection technique composed of the Pearson correlation coefficient and random forest model. For the machine learning (ML) model, decision tree, AdaBoost, and K-nearesrt neighbor are trained and tested on the TON_IoT dataset. The dataset is new and contains new and recent attack types and features. For deep learning (DL), multilayer perceptron (MLP) and long short-term memory are trained and tested. Evaluation is done on the basis of accuracy, precision, and recall. It is concluded from the results that the decision tree for ML and MLP for DL provides optimal accuracy with fewer false-positive and false-negative rates. It is also concluded from the results that the ML techniques are effective for detecting intrusion in the networks.

show abstract

Host-Based Intrusion Detection Model Using Siamese Network

Cited by 28 publications

References 23 publications

FL-MAAE: An Intrusion Detection Method for the Internet of Vehicles Based on Federated Learning and Memory-Augmented Autoencoder

FL-MAAE: An Intrusion Detection Method for the Internet of Vehicles Based on Federated Learning and Memory-Augmented Autoencoder

Explainable Artificial Intelligence in CyberSecurity: A Survey

Machine Learning-Based Intrusion Detection System: An Experimental Comparison

Contact Info

Product

Resources

About