Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become m...DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become more sophisticated,there is an urgent need for Intrusion Detection Systems(IDS)capable of handling these challenges effectively.Traditional IDS models frequently have difficulties in detecting new or changing attack patterns since they heavily depend on existing characteristics.This paper presents a novel approach for detecting unknown Distributed Denial of Service(DDoS)attacks by integrating Sliced Iterative Normalizing Flows(SINF)into IDS.SINF utilizes the Sliced Wasserstein distance to repeatedly modify probability distributions,enabling better management of high-dimensional data when there are only a few samples available.The unique architecture of SINF ensures efficient density estimation and robust sample generation,enabling IDS to adapt dynamically to emerging threats without relying heavily on predefined signatures or extensive retraining.By incorporating Open-Set Recognition(OSR)techniques,this method improves the system’s ability to detect both known and unknown attacks while maintaining high detection performance.The experimental evaluation on CICIDS2017 and CICDDoS2019 datasets demonstrates that the proposed system achieves an accuracy of 99.85%for known attacks and an F1 score of 99.99%after incremental learning for unknown attacks.The results clearly demonstrate the system’s strong generalization capability across unseen attacks while maintaining the computational efficiency required for real-world deployment.展开更多
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
基金supported by the National Science and Technology Council,Taiwan with grant numbers NSTC 112-2221-E-992-045,112-2221-E-992-057-MY3,and 112-2622-8-992-009-TD1.
文摘DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become more sophisticated,there is an urgent need for Intrusion Detection Systems(IDS)capable of handling these challenges effectively.Traditional IDS models frequently have difficulties in detecting new or changing attack patterns since they heavily depend on existing characteristics.This paper presents a novel approach for detecting unknown Distributed Denial of Service(DDoS)attacks by integrating Sliced Iterative Normalizing Flows(SINF)into IDS.SINF utilizes the Sliced Wasserstein distance to repeatedly modify probability distributions,enabling better management of high-dimensional data when there are only a few samples available.The unique architecture of SINF ensures efficient density estimation and robust sample generation,enabling IDS to adapt dynamically to emerging threats without relying heavily on predefined signatures or extensive retraining.By incorporating Open-Set Recognition(OSR)techniques,this method improves the system’s ability to detect both known and unknown attacks while maintaining high detection performance.The experimental evaluation on CICIDS2017 and CICDDoS2019 datasets demonstrates that the proposed system achieves an accuracy of 99.85%for known attacks and an F1 score of 99.99%after incremental learning for unknown attacks.The results clearly demonstrate the system’s strong generalization capability across unseen attacks while maintaining the computational efficiency required for real-world deployment.
