Improving Intrusion Detection Systems using Zero-Shot Recognition via Graph Embeddings

Zerhoudi, Saber; Garchery, Mathieu

doi:10.1109/compsac48688.2020.0-165

Cited by 9 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these works use the classical sub-efficient graph structure where nodes represent users and flows are the edges of the graph. Saber Zerhoudi et al [18] suggested enhancing intrusion detection systems using zero-shot learning. Their framework aims to improve insider threat detection performance for cases where historical user data is unavailable.…”

Section: Related Workmentioning

confidence: 99%

“…The works in [11,13,16,18] use the classical graph representation which characterizes the users as nodes and communication flows as edges. This structure has several drawbacks, for example, it can be evaded since it is based on IP addresses, a pre-processing phase is required to make it consumable by GNN algorithms, and it does not provide relevant topological information about distributed or multi-steps attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Network Representation for GNN-Based Intrusion Detection

Friji

Olivereau

Sarkiss

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The last decades have seen a growth in the number of cyberattacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers' activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes' features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems' performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Efficient Network Representation for GNN-Based Intrusion Detection

Friji

Olivereau

Sarkiss

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Altae-Tran et al [25] proposed Iter-RefLSTM to allow better embedding functions to be designed and achieved accurate prediction of molecular toxicity with a small dataset through the use of one-shot learning. Zerhoudi et al [39] supplemented the dataset with semantic descriptions and used the graph embedding method to encode these semantic descriptions. e authors expanded the traditional IDS to realize zero-shot detection.…”

Section: Model Algorithmsmentioning

confidence: 99%

“…ere are recent incidents in which insiders have circumvented network security abound and insider threats have therefore received widespread attention. Zerhoudi et al [39] used graph embedding to integrate ZSL into an existing IDS for insider threat detection, and the overall architecture is shown in Figure 8. e lower part of the figure is the baseline system, and the upper part is an extension of the baseline system based on ZSL.…”

Section: Zero-shot Recognition With Graph Embeddingmentioning

confidence: 99%

A Survey of Few-Shot Learning: An Effective Method for Intrusion Detection

Duan

Tong

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Few-shot learning (FSL) is a core topic in the domain of machine learning (ML), in which the focus is on the use of small datasets to train the model. In recent years, there have been many important data-driven ML applications for intrusion detection. Despite these great achievements, however, gathering a large amount of reliable data remains expensive and time-consuming, or even impossible. In this regard, FSL has been shown to have advantages in terms of processing small, abnormal data samples in the huge application space of intrusion detection. FSL can improve ML for scarce data at three levels: the data, the model, and the algorithm levels. Previous knowledge plays an important role in all three approaches. Many promising methods such as data enrichment, the graph neural network model, and multitask learning have also been developed. In this paper, we present a comprehensive review of the latest research progress in the area of FSL. We first introduce the theoretical background to ML and FSL and then describe the general features, advantages, and main methods of FSL. FSL methods such as embedded learning, multitask learning, and generative models are applied to intrusion detection to improve the detection accuracy effectively. Then, the application of FSL to intrusion detection is reviewed in detail, including enriching the dataset by extracting intermediate features, using graph embedding and meta-learning methods to improve the model. Finally, the difficulties of this approach and its prospects for development in the field of intrusion detection are identified based on the previous discussion.

show abstract

“…In this paper written by [79], an intrusion detection system has been designed using zero-shot learning to improve insider threat detection performance for cases where user historical data is unavailable. In order to address this issue, they use graph embedding techniques to learn user vector representations that encode their position and relations in the organization's structure.…”

Section: Few-shot Learningmentioning

confidence: 99%

Intrusion Detection in IoT Network using Few-Shot Class Incremental Learning

Hosseini

View full text Add to dashboard Cite

The Internet of Things (IoT) is one of the most rapidly evolving technologies, impacting various industrial sectors. With its immense potential, IoT comes with crucial security concerns, and we face high-volume and diverse attacks that must be addressed in short periods, emphasizing the importance of utilizing intrusion detection solutions in IoT networks. In the initial stage of an intrusion detection system, when there are sufficient samples available from the known attack classes, classic network intrusion detection methods can deliver good performance. However, the learned knowledge is no longer suitable for new types of attacks with just a few samples. On the other hand, due to the limited computing ability of edge devices in distributed IoT, only a small scale of data can be used for model training. Therefore, designing a lightweight learning scheme targeting small-scale training data is essential to train or update the model more effectively in resource-constrained devices. We propose a novel model based on Few−Shot Class Incremental Learning (FSCIL) for network intrusion detection in IoT networks. This model has been used in incremental image classification tasks, and to the best of our knowledge, this is the first time that this model has been used in network intrusion detection. We compare the proposed method with some state-of-the-art methods, and experimental analysis shows that our model outperforms others.

show abstract

Improving Intrusion Detection Systems using Zero-Shot Recognition via Graph Embeddings

Cited by 9 publications

References 12 publications

Efficient Network Representation for GNN-Based Intrusion Detection

Efficient Network Representation for GNN-Based Intrusion Detection

A Survey of Few-Shot Learning: An Effective Method for Intrusion Detection

Intrusion Detection in IoT Network using Few-Shot Class Incremental Learning

Contact Info

Product

Resources

About