Data-Efficient, Federated Learning for Raw Network Traffic Detection

Traditional machine learning (ML) models used for enterprise network intrusion detection systems (NIDS) typically rely on vast amounts of centralized data with expertly engineered features. Previous work, however, has shown the feasibility of using deep learning (DL) to detect malicious activity on raw network traffic payloads rather than engineered features at the edge, which is necessary for tactical military environments. In the future Internet of Battlefield Things (IoBT), the military will find itself in multiple environments with disconnected networks spread across the battlefield. These resource-constrained, data-limited networks require distributed and collaborative ML/DL models for inference that are continually trained both locally, using data from each separate tactical edge network, and then globally in order to learn and detect malicious activity represented across the multiple networks in a collaborative fashion. Federated Learning (FL), a collaborative paradigm which updates and distributes a global model through local model weight aggregation, provides a solution to train ML/DL models in NIDS utilizing learning from multiple edge devices from the disparate networks without the sharing of raw data. We develop and experiment with a data-efficient, FL framework for IoBT settings for intrusion detection using only raw network traffic in restricted, resource-limited environments. Our results indicate that regardless of the DL model architecture used on edge devices, the Federated Averaging FL algorithm achieved over 93% accuracy in model performance in detecting malicious payloads after only five episodes of FL training

Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets

Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited from the proprietary interpretation of the dataset. Addressing comparability and reproducibility issues, we introduce Payload-Byte, an open-source tool for extracting and labeling network packets in this work. Payload-Byte utilizes metadata information and labels raw traffic captures of modern intrusion detection datasets in a generalized manner. Moreover, we transformed the labeled data into a byte-wise feature vector that can be utilized for training machine learning models. The whole cycle of processing and labeling is explicitly stated in this work. Furthermore, source code and processed data are made publicly available so that it may act as a standardized baseline for future research work. Lastly, we present a brief comparative analysis of machine learning models trained on packet-based and flow-based data

Culture-level dimensions of social axioms and their correlates across 41 cultures

Leung and colleagues have revealed a five-dimensional structure of social axioms across individuals from five cultural groups. The present research was designed to reveal the culture level factor structure of social axioms and its correlates across 41 nations. An ecological factor analysis on the 60 items of the Social Axioms Survey extracted two factors: Dynamic Externality correlates with value measures tapping collectivism, hierarchy, and conservatism and with national indices indicative of lower social development. Societal Cynicism is less strongly and broadly correlated with previous values measures or other national indices and seems to define a novel cultural syndrome. Its national correlates suggest that it taps the cognitive component of a cultural constellation labeled maleficence, a cultural syndrome associated with a general mistrust of social systems and other people. Discussion focused on the meaning of these national level factors of beliefs and on their relationships with individual level factors of belief derived from the same data set.(undefined

Artificial Intelligence, Real Risks: Understanding - And Mitigating - Vulnerabilities in the Military Use of AI

Artificial Intelligence (AI) is becoming ubiquitous in daily life, and war is no exception to the trend. Given the role of AI and machine learning in strategic competition, it is critical that we understand both the risks introduced by these systems and their ability to create a strategic advantage. Here, we explore adversarial methods used to exploit vulnerabilities in AI models through a base example of target identification. We also discuss ways in which these risks can be mitigated. From this analysis, we conclude that humans must remain in the loop when operationalizing AI, and that we must continue to invest in and encourage the ethical use of AI

Cybersecurity Anomaly Detection in Adversarial Environments

The proliferation of interconnected battlefield information-sharing devices, known as the Internet of Battlefield Things (IoBT), introduced several security challenges. Inherent to the IoBT operating environment is the practice of adversarial machine learning, which attempts to circumvent machine learning models. This work examines the feasibility of cost-effective unsupervised learning and graph-based methods for anomaly detection in the network intrusion detection system setting, and also leverages an ensemble approach to supervised learning of the anomaly detection problem. We incorporate a realistic adversarial training mechanism when training supervised models to enable strong classification performance in adversarial environments. The results indicate that the unsupervised and graph-based methods were outperformed in detecting anomalies (malicious activity) by the supervised stacking ensemble method with two levels. This model consists of three different classifiers in the first level, followed by either a Naive Bayes or Decision Tree classifier for the second level. The model maintains an F1-score above 0.97 for malicious samples across all tested level two classifiers. Notably, Naive Bayes is the fastest level two classifier averaging 1.12 seconds while Decision Tree maintains the highest AUC score of 0.98

Transfer Learning for Raw Network Traffic Detection

Traditional machine learning models used for network intrusion detection systems rely on vast amounts of network traffic data with expertly engineered features. The abundance of computational and expert resources at the enterprise level allow for the employment of such models; however, these resources quickly dwindle in edge network scenarios. As Internet of Battlefield Things (IoBT) networks become common place in tactical environments, there is a need for improved and distributed models trained without these enterprise resources. Transfer learning – which allows us to take information learned in one domain and apply it to another – provides one way to create and distribute these models towards the edge. Using neural networks, we demonstrate the feasibility of transfer learning for intrusion detection using only raw network traffic in computationally limited environments. Our results show that with a transferred one-dimensional convolutional neural network model combined with a retrained random forest model, we obtain over 96% accuracy with only 5000 training samples on edge devices with an edge training time of approximately 67 s

Automated task training and longitudinal monitoring of mouse mesoscale cortical circuits using home cages

We report improved automated open-source methodology for head-fixed mesoscale cortical imaging and/or behavioral training of home cage mice using Raspberry Pi-based hardware. Staged partial and probabilistic restraint allows mice to adjust to self-initiated headfixation over 3 weeks' time with similar to 50% participation rate. We support a cue-based behavioral licking task monitored by a capacitive touch-sensor water spout. While automatically head-fixed, we acquire spontaneous, movement-triggered, or licking task-evoked GCaMP6 cortical signals. An analysis pipeline marked both behavioral events, as well as analyzed brain fluorescence signals as they relate to spontaneous and/or task-evoked behavioral activity. Mice were trained to suppress licking and wait for cues that marked the delivery of water. Correct rewarded go-trials were associated with widespread activation of midline and lateral barrel cortex areas following a vibration cue and delayed frontal and lateral motor cortex activation. Cortical GCaMP signals predicted trial success and correlated strongly with trial-outcome dependent body movements