2,718 research outputs found
From Zero-Shot Machine Learning to Zero-Day Attack Detection
The standard ML methodology assumes that the test samples are derived from a
set of pre-observed classes used in the training phase. Where the model
extracts and learns useful patterns to detect new data samples belonging to the
same data classes. However, in certain applications such as Network Intrusion
Detection Systems, it is challenging to obtain data samples for all attack
classes that the model will most likely observe in production. ML-based NIDSs
face new attack traffic known as zero-day attacks, that are not used in the
training of the learning models due to their non-existence at the time. In this
paper, a zero-shot learning methodology has been proposed to evaluate the ML
model performance in the detection of zero-day attack scenarios. In the
attribute learning stage, the ML models map the network data features to
distinguish semantic attributes from known attack (seen) classes. In the
inference stage, the models are evaluated in the detection of zero-day attack
(unseen) classes by constructing the relationships between known attacks and
zero-day attacks. A new metric is defined as Zero-day Detection Rate, which
measures the effectiveness of the learning model in the inference stage. The
results demonstrate that while the majority of the attack classes do not
represent significant risks to organisations adopting an ML-based NIDS in a
zero-day attack scenario. However, for certain attack groups identified in this
paper, such systems are not effective in applying the learnt attributes of
attack behaviour to detect them as malicious. Further Analysis was conducted
using the Wasserstein Distance technique to measure how different such attacks
are from other attack types used in the training of the ML model. The results
demonstrate that sophisticated attacks with a low zero-day detection rate have
a significantly distinct feature distribution compared to the other attack
classes
A model for multi-attack classification to improve intrusion detection performance using deep learning approaches
This proposed model introduces novel deep learning methodologies. The
objective here is to create a reliable intrusion detection mechanism to help
identify malicious attacks. Deep learning based solution framework is developed
consisting of three approaches. The first approach is Long-Short Term Memory
Recurrent Neural Network (LSTM-RNN) with seven optimizer functions such as
adamax, SGD, adagrad, adam, RMSprop, nadam and adadelta. The model is evaluated
on NSL-KDD dataset and classified multi attack classification. The model has
outperformed with adamax optimizer in terms of accuracy, detection rate and low
false alarm rate. The results of LSTM-RNN with adamax optimizer is compared
with existing shallow machine and deep learning models in terms of accuracy,
detection rate and low false alarm rate. The multi model methodology consisting
of Recurrent Neural Network (RNN), Long-Short Term Memory Recurrent Neural
Network (LSTM-RNN), and Deep Neural Network (DNN). The multi models are
evaluated on bench mark datasets such as KDD99, NSL-KDD, and UNSWNB15 datasets.
The models self-learnt the features and classifies the attack classes as
multi-attack classification. The models RNN, and LSTM-RNN provide considerable
performance compared to other existing methods on KDD99 and NSL-KDD datase
Zero-Shot Anomaly Detection without Foundation Models
Anomaly detection (AD) tries to identify data instances that deviate from the
norm in a given data set. Since data distributions are subject to distribution
shifts, our concept of ``normality" may also drift, raising the need for
zero-shot adaptation approaches for anomaly detection. However, the fact that
current zero-shot AD methods rely on foundation models that are restricted in
their domain (natural language and natural images), are costly, and oftentimes
proprietary, asks for alternative approaches. In this paper, we propose a
simple and highly effective zero-shot AD approach compatible with a variety of
established AD methods. Our solution relies on training an off-the-shelf
anomaly detector (such as a deep SVDD) on a set of inter-related data
distributions in combination with batch normalization. This simple
recipe--batch normalization plus meta-training--is a highly effective and
versatile tool. Our results demonstrate the first zero-shot anomaly detection
results for tabular data and SOTA zero-shot AD results for image data from
specialized domains.Comment: anomaly detection, zero-shot learning, batch normalizatio
A novel approach to intrusion detection using zero-shot learning hybrid partial labels
Computer networks have become the backbone of our interconnected world in today's technologically driven landscape. Unauthorized access or malicious activity carried out by threat actors to acquire control of network resources, exploit vulnerabilities, or undermine system integrity are examples of network intrusion. ZSL(Zero-Shot Learning) is a machine learning paradigm that addresses the problem of detecting and categorizing objects or concepts that were not present in the training data. . Traditional supervised learning algorithms for intrusion detection frequently struggle with insufficient labeled data and may struggle to adapt to unexpected assault patterns. In this article We have proposed a unique zero-shot learning hybrid partial label model suited to a large image-based network intrusion dataset to overcome these difficulties. The core contribution of this study is the creation and successful implementation of a novel zero-shot learning hybrid partial label model for network intrusion detection, which has a remarkable accuracy of 99.12%. The suggested system lays the groundwork for future study into other feature selection techniques and the performance of other machine learning classifiers on larger datasets. Such research can advance the state-of-the-art in intrusion detection and improve our ability to detect and prevent the network attacks. We hope that our research will spur additional research and innovation in this critical area of cybersecurity
A Survey on Few-Shot Class-Incremental Learning
Large deep learning models are impressive, but they struggle when real-time data is not available. Few-shot class-incremental learning (FSCIL) poses a significant challenge for deep neural networks to learn new tasks from just a few labeled samples without forgetting the previously learned ones. This setup can easily leads to catastrophic forgetting and overfitting problems, severely affecting model performance. Studying FSCIL helps overcome deep learning model limitations on data volume and acquisition time, while improving practicality and adaptability of machine learning models. This paper provides a comprehensive survey on FSCIL. Unlike previous surveys, we aim to synthesize few-shot learning and incremental learning, focusing on introducing FSCIL from two perspectives, while reviewing over 30 theoretical research studies and more than 20 applied research studies. From the theoretical perspective, we provide a novel categorization approach that divides the field into five subcategories, including traditional machine learning methods, meta learning-based methods, feature and feature space-based methods, replay-based methods, and dynamic network structure-based methods. We also evaluate the performance of recent theoretical research on benchmark datasets of FSCIL. From the application perspective, FSCIL has achieved impressive achievements in various fields of computer vision such as image classification, object detection, and image segmentation, as well as in natural language processing and graph. We summarize the important applications. Finally, we point out potential future research directions, including applications, problem setups, and theory development. Overall, this paper offers a comprehensive analysis of the latest advances in FSCIL from a methodological, performance, and application perspective
- …