INSOMNIA:Towards Concept-Drift Robustness in Network Intrusion Detection

Despite decades of research in network traffic analysis and incredible advances in artificial intelligence, network intrusion detection systems based on machine learning (ML) have yet to prove their worth. One core obstacle is the existence of concept drift, an issue for all adversary-facing security systems. Additionally, specific challenges set intrusion detection apart from other ML-based security tasks, such as malware detection. In this work, we offer a new perspective on these challenges. We propose INSOMNIA, a semi-supervised intrusion detector which continuously updates the underlying ML model as network traffic characteristics are affected by concept drift. We use active learning to reduce latency in the model updates, label estimation to reduce labeling overhead, and apply explainable AI to better interpret how the model reacts to the shifting distribution. To evaluate INSOMNIA, we extend TESSERACT - a framework originally proposed for performing sound time-aware evaluations of ML-based malware detectors - to the network intrusion domain. Our evaluation shows that accounting for drifting scenarios is vital for effective intrusion detection systems

Multi-Channel Deep Feature Learning for Intrusion Detection

n/

Low Incidence Rate of Opportunistic and Viral Infections During Imatinib Treatment in Chronic Myeloid Leukemia Patients in Early and Late Chronic Phase.

<!--StartFragment--> <p class="MsoNormal" style="text-align: justify; line-height: 150%;"><span style="font-family: Arial; mso-ansi-language: EN-GB;" lang="EN-GB">Background: Imatinib has become first line therapy in chronic myeloid leukemia patients. Little is known about the infective consequences during the treatment with this drug in large series of chronic phase patients. </span></p> <p class="MsoNormal" style="text-align: justify; line-height: 150%;"><span style="font-family: Arial; mso-ansi-language: EN-GB;" lang="EN-GB">Material and methods: From January 2001 to September 2006 we treated with imatinib 250 patients in first line (early CP) or after interferon failure (late CP), out of clinical trials and recorded all the bacterial and viral infections occurred.</span></p> <p class="MsoNormal" style="text-align: justify; line-height: 150%;"><span style="font-family: Arial; mso-ansi-language: EN-GB;" lang="EN-GB">Results: We recorded a similar incidence of bacterial and viral infections both in first line and late CP patients (respectively, 16% and 13%) during 3.5 years of follow-up. Analysis of presenting features predisposing to infections revealed differences only in late CP patients, with elevated percentage of high Sokal risk patients and a more longer median time from diagnosis to start of imatinib.</span></p> <p class="MsoNormal" style="text-align: justify; line-height: 150%;"><span style="font-family: Arial; mso-ansi-language: EN-GB;" lang="EN-GB">Conclusions: Opportunistic infections and reactivation of Herpes Zoster are observed during imatinib therapy at very low incidence.</span></p> <!--EndFragment--&gt

Determinants of frontline tyrosine kinase inhibitor choice for patients with chronic-phase chronic myeloid leukemia: A study from the Registro Italiano LMC and Campus CML

Background: Imatinib, dasatinib, and nilotinib are tyrosine kinase inhibitors (TKIs) approved in Italy for frontline treatment of chronic-phase chronic myeloid leukemia (CP-CML). The choice of TKI is based on a combined evaluation of the patient's and the disease characteristics. The aim of this study was to analyze the use of frontline TKI therapy in an unselected cohort of Italian patients with CP-CML to correlate the choice with the patient's features. Methods: A total of 1967 patients with CP-CML diagnosed between 2012 and 2019 at 36 centers throughout Italy were retrospectively evaluated; 1089 patients (55.4%) received imatinib and 878 patients (44.6%) received a second-generation (2G) TKI. Results: Second-generation TKIs were chosen for most patients aged <45 years (69.2%), whereas imatinib was used in 76.7% of patients aged >65 years (p < .001). There was a predominant use of imatinib in intermediate/high European long-term survival risk patients (60.0%/66.0% vs. 49.7% in low-risk patients) and a limited use of 2G-TKIs in patients with comorbidities such as hypertension, diabetes, chronic obstructive pulmonary disease, previous neoplasms, ischemic heart disease, or stroke and in those with >3 concomitant drugs. We observed a greater use of imatinib (61.1%) in patients diagnosed in 2018-2019 compared to 2012-2017 (53.2%; p = .002). In multivariable analysis, factors correlated with imatinib use were age > 65 years, spleen size, the presence of comorbidities, and ≥3 concomitant medications. Conclusions: This observational study of almost 2000 cases of CML shows that imatinib is the frontline drug of choice in 55% of Italian patients with CP-CML, with 2G-TKIs prevalently used in younger patients and in those with no concomitant clinical conditions. Introduction of the generic formulation in 2018 seems to have fostered imatinib use

Analysis of Early Events during the First Year of Tyrosine Kinase Inhibitor Therapy in Patients with Chronic Phase - Chronic Myeloid Leukemia: A "Campus CML" Study

Tyrosine kinase inhibitors (TKIs) revolutionized treatment of chronic myeloid leukemia (CML). However, the rst months of therapy are crucial, as optimal response is dened as the achievement of molecular milestones at 3, 6 and 12 months (mo.) and as many toxicities, also causing a TKI switch, are more frequent in the 1st yea

MDS-specific comorbidity index is useful to identify myelodysplastic patients who can have better outcome with 5-azacitidine

[No abstract available

Exploiting the Auto-Encoder Residual Error for Intrusion Detection

Intrusion Detection Systems aim to address the problem of correctly identifying unforeseen network attacks. The attack detection problem has been already tackled through supervised and unsupervised machine learning approaches. While the former methods lead to models very accurate on already seen samples, the latter provide models robust on unforeseen samples by trading-off a high accuracy on seen ones. In this paper, we combine deep unsupervised neural networks with supervised neural networks aiming at improving the classification accuracy on unforeseen attacks. Auto-encoders neural networks are used both for feature engineering and as anomaly detectors. Experimental results on a challenging dataset prove the validity of the proposed approach when compared to other state-of-the-art methods

Safety and efficacy of nilotinib in chronic phase chronic myeloid leukemia in a patient with Wolf-Parkinson-White disease and hematological resistance after suboptimal response to imatinib at six months

[No abstract available

Modifications of fasting glucose values as first sign of resistance in chronic myeloid leukemia chronic phase patients during imatinib treatment

[No abstract available

A Network Intrusion Detection System for Concept Drifting Network Traffic Data

Deep neural network architectures have recently achieved state-of-the-art results learning flexible and effective intrusion detection models. Since attackers constantly use new attack vectors to avoid being detected, concept drift commonly occurs in the network traffic by degrading the effect of the detection model over time also when deep neural networks are used for intrusion detection. To combat concept drift, we describe a methodology to update a deep neural network architecture over a network traffic data stream. It integrates a concept drift detection mechanism to discover incoming traffic that deviates from the past and triggers the fine-tuning of the deep neural network architecture to fit the drifted data. The methodology leads to high predictive accuracy in presence of network traffic data with zero-day attacks