3,394 research outputs found
Online Data Stream Learning and Classification with Limited Labels
Mining data streams such as Internet traffic andnetwork security is complex. Due to the difficulty of storage, datastreams analytics need to be done in one scan. This limits thetime to observe stream feature and hence, further complicatesthe data mining processes. Traditional supervised data miningwith batch training natural is not suitable to mine data streams.This paper proposes an algorithm for online data streamclassification and learning with limited labels using selective selftrainingsemi-supervised classification. The experimental resultsshow it is able to achieve up to 99.6% average accuracy for 10%labeled data and 98.6% average accuracy for 1% labeled data. Itcan classify up to 34K instances per second
Online Data Stream Learning and Classification with Limited Labels
Mining data streams such as Internet traffic andnetwork security is complex. Due to the difficulty of storage, datastreams analytics need to be done in one scan. This limits thetime to observe stream feature and hence, further complicatesthe data mining processes. Traditional supervised data miningwith batch training natural is not suitable to mine data streams.This paper proposes an algorithm for online data streamclassification and learning with limited labels using selective selftrainingsemi-supervised classification. The experimental resultsshow it is able to achieve up to 99.6% average accuracy for 10%labeled data and 98.6% average accuracy for 1% labeled data. Itcan classify up to 34K instances per second
FLAD: Adaptive Federated Learning for DDoS Attack Detection
Federated Learning (FL) has been recently receiving increasing consideration
from the cybersecurity community as a way to collaboratively train deep
learning models with distributed profiles of cyberthreats, with no disclosure
of training data. Nevertheless, the adoption of FL in cybersecurity is still in
its infancy, and a range of practical aspects have not been properly addressed
yet. Indeed, the Federated Averaging algorithm at the core of the FL concept
requires the availability of test data to control the FL process. Although this
might be feasible in some domains, test network traffic of newly discovered
attacks cannot be always shared without disclosing sensitive information. In
this paper, we address the convergence of the FL process in dynamic
cybersecurity scenarios, where the trained model must be frequently updated
with new recent attack profiles to empower all members of the federation with
latest detection features. To this aim, we propose FLAD (adaptive Federated
Learning Approach to DDoS attack detection), a FL solution for cybersecurity
applications based on an adaptive mechanism that orchestrates the FL process by
dynamically assigning more computation to those members whose attacks profiles
are harder to learn, without the need of sharing any test data to monitor the
performance of the trained model. Using a recent dataset of DDoS attacks, we
demonstrate that FLAD outperforms the original FL algorithm in terms of
convergence time and accuracy across a range of unbalanced datasets of
heterogeneous DDoS attacks. We also show the robustness of our approach in a
realistic scenario, where we retrain the deep learning model multiple times to
introduce the profiles of new attacks on a pre-trained model
Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey
International audienceTraffic analysis is a compound of strategies intended to find relationships, patterns, anomalies, and misconfigurations, among others things, in Internet traffic. In particular, traffic classification is a subgroup of strategies in this field that aims at identifying the application's name or type of Internet traffic. Nowadays, traffic classification has become a challenging task due to the rise of new technologies, such as traffic encryption and encapsulation, which decrease the performance of classical traffic classification strategies. Machine Learning gains interest as a new direction in this field, showing signs of future success, such as knowledge extraction from encrypted traffic, and more accurate Quality of Service management. Machine Learning is fast becoming a key tool to build traffic classification solutions in real network traffic scenarios; in this sense, the purpose of this investigation is to explore the elements that allow this technique to work in the traffic classification field. Therefore, a systematic review is introduced based on the steps to achieve traffic classification by using Machine Learning techniques. The main aim is to understand and to identify the procedures followed by the existing works to achieve their goals. As a result, this survey paper finds a set of trends derived from the analysis performed on this domain; in this manner, the authors expect to outline future directions for Machine Learning based traffic classification
Transfer and CNN-Based De-Authentication (Disassociation) DoS Attack Detection in IoT Wi-Fi Networks
A traffic classification method using machine learning algorithm
Applying concepts of attack investigation in IT industry, this idea has been developed to design
a Traffic Classification Method using Data Mining techniques at the intersection of Machine
Learning Algorithm, Which will classify the normal and malicious traffic. This classification will
help to learn about the unknown attacks faced by IT industry. The notion of traffic classification
is not a new concept; plenty of work has been done to classify the network traffic for
heterogeneous application nowadays. Existing techniques such as (payload based, port based
and statistical based) have their own pros and cons which will be discussed in this
literature later, but classification using Machine Learning techniques is still an open field to explore and has provided very promising results up till now
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Learning-based pattern classifiers, including deep networks, have shown
impressive performance in several application domains, ranging from computer
vision to cybersecurity. However, it has also been shown that adversarial input
perturbations carefully crafted either at training or at test time can easily
subvert their predictions. The vulnerability of machine learning to such wild
patterns (also referred to as adversarial examples), along with the design of
suitable countermeasures, have been investigated in the research field of
adversarial machine learning. In this work, we provide a thorough overview of
the evolution of this research area over the last ten years and beyond,
starting from pioneering, earlier work on the security of non-deep learning
algorithms up to more recent work aimed to understand the security properties
of deep learning algorithms, in the context of computer vision and
cybersecurity tasks. We report interesting connections between these
apparently-different lines of work, highlighting common misconceptions related
to the security evaluation of machine-learning algorithms. We review the main
threat models and attacks defined to this end, and discuss the main limitations
of current work, along with the corresponding future challenges towards the
design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201
- …