Zero-Shot Learning for Intrusion Detection via Attribute Representation

Li, Zhipeng; Shen, Pengbo; Liu, Jiang

doi:10.1007/978-3-030-36708-4_29

Cited by 10 publications

(6 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, for a Java-Meterpreter, and Meterpreter type's other unknown attacks, its capability may not be satisfactory. In [32], Zhang et al, proposed sparse autoencoders based ZSL method for novel attack detection. It maps known feature space to semantic space, and try to restore the feature space using reconstruction error constraint.…”

Section: Related Work and Backgroundmentioning

confidence: 99%

“…They are developed by using dynamic features like registry key operations, API invocation, files extension, file directory operation, drop files monitoring, files operations and embedded strings. Intrusion Detection (ALNID) [31], Graph Embeddings [32], Deep Attribute Prediction (DeepAP) [33], and Grassmannian [24]. ZSL can be classified as Inductive ZSL and Transductive ZSL subject to the available information.…”

Section: Features and Their Visualizationmentioning

confidence: 99%

See 1 more Smart Citation

Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

et al. 2022

View full text Add to dashboard Cite

Ransomware attacks are hazardous cyber-attacks that use cryptographic methods to hold victims' data until the ransom is paid. Zero-day ransomware attacks try to exploit new vulnerabilities and are considered a severe threat to existing security solutions and internet resources. In the case of zero-day attacks, training data is not available before the attack takes place. Therefore, we exploit Zero-shot Learning (ZSL) capabilities that can effectively deal with unseen classes compared to the traditional machine learning techniques. ZSL is a two-stage process comprising of: attribute learning (AL) and Inference Stage (IS). In this regard, this work presents a new Deep Contractive Autoencoder based Attribute Learning (DCAE-ZSL) technique as well as an IS method based on Heterogeneous Voting Ensemble (DCAE-ZSL-HVE). In the proposed DCAE-ZSL approach, Contractive Autoencoder (CAE) is employed to extract core features of known and unknown ransomware. The regularization term of CAE helps in penalizing the classifier's sensitivity against the small dissimilarities in the latent space. On the other hand, in case of the IS, four combination rules Global Majority (GM), Local Majority (LM), Cumulative vote-against based Global Majority (CVAGM), Cumulative vote-for based Global Majority (CVFGM) are utilized to find the final prediction. It is empirically shown that in comparison to conventional machine learning techniques, models trained on contractive embedding show reasonable performance against zeroday attacks. Furthermore, it is shown that the exploitation of these core features through the proposed voting based ensemble (DCAE-ZSL-HVE) has demonstrated significant improvement in detecting zero-day attacks (recall=0.95) and reducing False Negative (FN= 6).

show abstract

Section: Related Work and Backgroundmentioning

confidence: 99%

Section: Features and Their Visualizationmentioning

confidence: 99%

Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The core challenge of ZSOS is how to make the model use limited information of seen classes to understand and segment objects of unseen classes. Typically, this involves combining the visual features of the image with the semantic information of the object [15]. To this end, researchers usually rely on rich semantic descriptions, such as text descriptions of categories or attribute labels, to build a bridge between visual features and semantic concepts.…”

Section: Target Segmentation Technology For Zero Samplesmentioning

confidence: 99%

Target Detection and Segmentation Technology for Zero-shot Learning

Lou,

Chen,

Guo

et al. 2024

FCIS

View full text Add to dashboard Cite

Zero-shot learning (ZSL) in the field of computer vision refers to enabling the model to recognize and understand categories that have not been encountered during the training phase. It is particularly critical for object detection and segmentation tasks, because these tasks require the model to have good generalization capabilities to unknown categories. Object detection requires the model to determine the location of the object, while segmentation further requires the precise demarcation of the object's boundaries. In ZSL research, knowledge representation and transfer are core issues. Researchers have tried to use semantic attributes as a knowledge bridge to connect categories seen during the training phase and categories not seen during the testing phase. These attributes may be color, shape, etc., but this method requires accurate attribute annotation, which is often not easy to achieve in practice. Therefore, researchers have begun to explore the use of non-visual information such as knowledge maps and text descriptions to enrich the recognition capabilities of models, but this also introduces the challenge of information integration and alignment. At present, ZSL has made certain progress in target detection and segmentation tasks, but there is still a significant gap compared with traditional supervised learning. This is mainly due to the limited ability of ZSL models to generalize to new categories. To this end, researchers have begun to explore combining ZSL with other technologies, such as generative adversarial networks (GANs) and reinforcement learning, to enhance the model's detection and segmentation capabilities for new categories. Future research needs to focus on several aspects. The first is how to design a more effective knowledge representation and transfer mechanism so that the model can better utilize existing knowledge. The second step is to develop new algorithms to improve the performance of ZSL in complex environments. In addition, research should focus on how to reduce the dependence on computing resources so that the ZSL method can run effectively in resource-limited environments. In summary, the research on target detection and segmentation technology of zero-shot learning is a cutting-edge topic in the field of computer vision. Despite the challenges, with the deepening of research, we expect these technologies to contribute to improving the generalization ability and intelligence level of computer vision systems.

show abstract

“…Li et al [26] focused on attribute learning methods to detect unknown attack types. The authors followed a ZSL method to design an NIDS to overcome the limitations in anomaly detection faced by current methods.…”

Section: Related Workmentioning

confidence: 99%

From zero-shot machine learning to zero-day attack detection

Sarhan

Layeghy

Gallagher

et al. 2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Machine learning (ML) models have proved efficient in classifying data samples into their respective categories. The standard ML evaluation methodology assumes that test data samples are derived from pre-observed classes used in the training phase. However, in applications such as Network Intrusion Detection Systems (NIDSs), obtaining data samples of all attack classes to be observed is challenging. ML-based NIDSs face new attack traffic known as zero-day attacks that are not used in training due to their non-existence at the time. Therefore, this paper proposes a novel zero-shot learning methodology to evaluate the performance of ML-based NIDSs in recognising zero-day attack scenarios. In the attribute learning stage, the learning models map network data features to semantic attributes that distinguish between known attacks and benign behaviour. In the inference stage, the models construct the relationships between known and zero-day attacks to detect them as malicious. A new evaluation metric is defined as Zero-day Detection Rate (Z-DR) to measure the effectiveness of the learning model in detecting unknown attacks. The proposed framework is evaluated using two key ML models and two modern NIDS data sets. The results demonstrate that for certain zero-day attack groups discovered in this paper, ML-based NIDSs are ineffective in detecting them as malicious. Further analysis shows that attacks with a low Z-DR have a significantly distinct feature distribution and a higher Wasserstein Distance range than the other attack classes.

show abstract

Zero-Shot Learning for Intrusion Detection via Attribute Representation

Cited by 10 publications

References 19 publications

Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

Target Detection and Segmentation Technology for Zero-shot Learning

From zero-shot machine learning to zero-day attack detection

Contact Info

Product

Resources

About