Institute of Computing Technology, Chinese Academy IR
| SKT-IDS: Unknown attack detection method based on Sigmoid Kernel Transformation and encoder-decoder architecture | |
| Zha, Chao1,2,3; Wang, Zhiyu2; Fan, Yifei2; Zhang, Xingming2; Bai, Bing2; Zhang, Yinjie2; Shi, Sainan1,2,3; Zhang, Ruyun2 | |
| 2024-11-01 | |
| 发表期刊 | COMPUTERS & SECURITY
 |
| ISSN | 0167-4048 |
| 卷号 | 146页码:15 |
| 摘要 | Intrusion Detection Systems (IDS) are crucial in cybersecurity for monitoring network traffic and identifying potential attacks. Existing IDS research largely focuses on known attack detection, leaving a significant gap in research regarding unknown attack detection, where achieving a balance between false alarm rate (identifying normal traffic as attack traffic) and recall rate of unknown attack detection remains challenging. To address these gaps, we propose a novel IDS based on Sigmoid Kernel Transformation and Encoder-Decoder architecture, namely SKT-IDS, where SKT stands for Sigmoid Kernel Transformation. We start with pre-training an attention- based encoder for coarse-grained intrusion detection. Then, we use this encoder to build an encoder-decoder model specifically for 0-day attack detection, training it solely on known traffic using the cosine similarity loss function. To enhance detection, we introduce a Sigmoid Kernel Transformation for feature engineering, improving the discriminative ability between normal traffic and 0-day attacks. Finally, we conducted a series of ablation and comparative experiments on the NSL-KDD and CSE-CIC-IDS2018 datasets, confirming the effectiveness of our proposed method. With a false alarm rate of 1%, we achieved recall rates for unknown attack detection of 65% and 69% on the two datasets, respectively, demonstrating significant performance improvements compared to existing state-of-the-art models. |
| 关键词 | Intrusion detection Sigmoid Kernel Transformation Pre-trained encoder Encoder-decoder Cosine similarity |
| DOI | 10.1016/j.cose.2024.104056 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | Key Research and Development Program of Zhejiang Province[2023C01001] |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Information Systems |
| WOS记录号 | WOS:001298111500001 |
| 出版者 | ELSEVIER ADVANCED TECHNOLOGY |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/39618 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Zhang, Ruyun |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100049, Peoples R China 2.Zhejiang Lab, Intelligent Network Res Inst, Hangzhou 311122, Zhejiang, Peoples R China 3.Univ Chinese Acad Sci, Beijing 100049, Peoples R China |
| 推荐引用方式 GB/T 7714 | Zha, Chao,Wang, Zhiyu,Fan, Yifei,et al. SKT-IDS: Unknown attack detection method based on Sigmoid Kernel Transformation and encoder-decoder architecture[J]. COMPUTERS & SECURITY,2024,146:15. |
| APA | Zha, Chao.,Wang, Zhiyu.,Fan, Yifei.,Zhang, Xingming.,Bai, Bing.,...&Zhang, Ruyun.(2024).SKT-IDS: Unknown attack detection method based on Sigmoid Kernel Transformation and encoder-decoder architecture.COMPUTERS & SECURITY,146,15. |
| MLA | Zha, Chao,et al."SKT-IDS: Unknown attack detection method based on Sigmoid Kernel Transformation and encoder-decoder architecture".COMPUTERS & SECURITY 146(2024):15. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论