FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic
Anomaly-based network intrusion detection systems (NIDSs) are essential for ensuring cybersecurity. However, the security communities realize some limitations when they put most existing proposals into practice. The challenges are mainly concerned with (i) fine-grained unknown attack detection and (...
Saved in:
Main Authors: | , , , , , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2024
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/9363 https://ink.library.smu.edu.sg/context/sis_research/article/10363/viewcontent/FOSS_2024_av.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-10363 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-103632024-10-25T09:28:43Z FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic ZHAO, Ziming LI, Zhaoxuan XIE, Xiaofei YU, Jiongchi ZHANG, Fan ZHANG, Rui CHEN, Binbin LUO, Xiangyang HU, Ming MA, Wenrui Anomaly-based network intrusion detection systems (NIDSs) are essential for ensuring cybersecurity. However, the security communities realize some limitations when they put most existing proposals into practice. The challenges are mainly concerned with (i) fine-grained unknown attack detection and (ii) ever-changing legitimate traffic adaptation. To tackle these problem, we present three key design norms. The core idea is to construct a model to split the data distribution hyperplane and leverage the concept of isolation, as well as advance the incremental model update. We utilize the isolation tree as the backbone to design our model, named FOSS, to echo back three norms. By analyzing the popular dataset of network intrusion traces, we show that FOSS significantly outperforms the state-of-the-art methods. Further, we perform an initial deployment of FOSS by working with the Internet Service Provider (ISP) to detect distributed denial of service (DDoS) attacks. With real-world tests and manual analysis, we demonstrate the effectiveness of FOSS to identify previously-unseen attacks in a fine-grained manner. 2024-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9363 info:doi/10.1109/TNET.2024.3413789 https://ink.library.smu.edu.sg/context/sis_research/article/10363/viewcontent/FOSS_2024_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Intrusion detection system fine-grained unknown class detection isolation forest Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Intrusion detection system fine-grained unknown class detection isolation forest Information Security |
spellingShingle |
Intrusion detection system fine-grained unknown class detection isolation forest Information Security ZHAO, Ziming LI, Zhaoxuan XIE, Xiaofei YU, Jiongchi ZHANG, Fan ZHANG, Rui CHEN, Binbin LUO, Xiangyang HU, Ming MA, Wenrui FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
description |
Anomaly-based network intrusion detection systems (NIDSs) are essential for ensuring cybersecurity. However, the security communities realize some limitations when they put most existing proposals into practice. The challenges are mainly concerned with (i) fine-grained unknown attack detection and (ii) ever-changing legitimate traffic adaptation. To tackle these problem, we present three key design norms. The core idea is to construct a model to split the data distribution hyperplane and leverage the concept of isolation, as well as advance the incremental model update. We utilize the isolation tree as the backbone to design our model, named FOSS, to echo back three norms. By analyzing the popular dataset of network intrusion traces, we show that FOSS significantly outperforms the state-of-the-art methods. Further, we perform an initial deployment of FOSS by working with the Internet Service Provider (ISP) to detect distributed denial of service (DDoS) attacks. With real-world tests and manual analysis, we demonstrate the effectiveness of FOSS to identify previously-unseen attacks in a fine-grained manner. |
format |
text |
author |
ZHAO, Ziming LI, Zhaoxuan XIE, Xiaofei YU, Jiongchi ZHANG, Fan ZHANG, Rui CHEN, Binbin LUO, Xiangyang HU, Ming MA, Wenrui |
author_facet |
ZHAO, Ziming LI, Zhaoxuan XIE, Xiaofei YU, Jiongchi ZHANG, Fan ZHANG, Rui CHEN, Binbin LUO, Xiangyang HU, Ming MA, Wenrui |
author_sort |
ZHAO, Ziming |
title |
FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
title_short |
FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
title_full |
FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
title_fullStr |
FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
title_full_unstemmed |
FOSS: Towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
title_sort |
foss: towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2024 |
url |
https://ink.library.smu.edu.sg/sis_research/9363 https://ink.library.smu.edu.sg/context/sis_research/article/10363/viewcontent/FOSS_2024_av.pdf |
_version_ |
1814047934717624320 |