Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques-Reference-Cited by-同舟云学术

Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques

Published:2023-01-23 Issue:3 Volume:12 Page:573
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Ibrahim Hairab Belal¹^ORCID,Aslan Heba K.²³,Elsayed Mahmoud Said³^ORCID,Jurcut Anca D.⁴^ORCID,Azer Marianne A.¹⁵^ORCID

Affiliation:

1. School of Information Technology and Computer Science, Nile University, Cairo 12677, Egypt

2. Informatics Department, Electronics Research Institute, Cairo 12622, Egypt

3. Center of Informatics Science, Faculty of Information Technology and Computer Science, Nile University, Giza 12588, Egypt

4. School of Computer Science, University College Dublin, 7777 Belfield, Ireland

5. National Telecommunication Institute, Cairo 11765, Egypt

Abstract

The rapid development of cyberattacks in the field of the Internet of things (IoT) introduces new security challenges regarding zero-day attacks. Intrusion-detection systems (IDS) are usually trained on specific attacks to protect the IoT application, but the attacks that are yet unknown for IDS (i.e., zero-day attacks) still represent challenges and concerns regarding users’ data privacy and security in those applications. Anomaly-detection methods usually depend on machine learning (ML)-based methods. Under the ML umbrella are classical ML-based methods, which are known to have low prediction quality and detection rates with regard to data that it has not yet been trained on. DL-based methods, especially convolutional neural networks (CNNs) with regularization methods, address this issue and give a better prediction quality with unknown data and avoid overfitting. In this paper, we evaluate and prove that the CNNs have a better ability to detect zero-day attacks, which are generated from nonbot attackers, compared to classical ML. We use classical ML, normal, and regularized CNN classifiers (L1, and L2 regularized). The training data consists of normal traffic data, and DDoS attack data, as it is the most common attack in the IoT. In order to give the full picture of this evaluation, the testing phase of those classifiers will include two scenarios, each having data with different attack distribution. One of these is the backdoor attack, and the other is the scanning attack. The results of the testing proves that the regularized CNN classifiers still perform better than the classical ML-based methods in detecting zero-day IoT attacks.

Funder

University College Dublin

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/3/573/pdf

Reference46 articles.

1. Alqarawi, G., Alkhalifah, B., Alharbi, N., and El Khediri, S. (2022). Internet-of-Things Security and Vulnerabilities: Case Study. J. Appl. Secur. Res., 1–17. Available online: https://www.tandfonline.com/doi/citedby/10.1080/19361610.2022.2031841?scroll=top&needAccess=true&role=tab.

2. Elsayed, M.S., Le-Khac, N.A., Dev, S., and Jurcut, A.D. (2020, January 15–18). Ddosnet: A deep-learning model for detecting network attacks. Proceedings of the 2020 IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), Cork, Ireland.

3. Hairab, B.I., and Azer, M.A. (2021, January 15–16). A Distributed Intrusion Detection System for Ad Hoc Networks. Proceedings of the 2021 16th International Conference on Computer Engineering and Systems (ICCES), Cairo, Egypt.

4. A Flow Based Anomaly Detection Approach with Feature Selection Method Against DDoS Attacks in SDNs;Azer;IEEE Trans. Cogn. Commun. Netw.,2022

5. Elsayed, M.S., Le-Khac, N.A., Dev, S., and Jurcut, A.D. (2020, January 20–22). Detecting abnormal traffic in large-scale networks. Proceedings of the 2020 International Symposium on Networks, Computers and Communications (ISNCC), Montreal, QC, Canada.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. IoT Intrusion Detection: A Review of ML and DL-Based Approaches;2024 4th International Conference on Innovative Research in Applied Science, Engineering and Technology (IRASET);2024-05-16

2. Fog-Enabled Intrusion Detection Method Integrating Bi-LSTM and Multi-Head Self-Attention for IoT;2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD);2024-05-08

3. IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm;Electronics;2024-03-12

4. Anomaly Detection for IOT Systems Using Active Learning;Applied Sciences;2023-11-04

5. Zero-Day Guardian: A Dual Model Enabled Federated Learning Framework for Handling Zero-Day Attacks in 5G Enabled IIoT;IEEE Transactions on Consumer Electronics;2023