usfAD based effective unknown attack detection focused IDS framework
Abstract The rapid expansion of varied network systems, including the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), has led to an increasing range of cyber threats. Ensuring robust protection against these threats necessitates the implementation of an effective Intrusion Det...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2024-11-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-024-80021-0 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850129070323400704 |
|---|---|
| author | Md. Ashraf Uddin Sunil Aryal Mohamed Reda Bouadjenek Muna Al-Hawawreh Md. Alamin Talukder |
| author_facet | Md. Ashraf Uddin Sunil Aryal Mohamed Reda Bouadjenek Muna Al-Hawawreh Md. Alamin Talukder |
| author_sort | Md. Ashraf Uddin |
| collection | DOAJ |
| description | Abstract The rapid expansion of varied network systems, including the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), has led to an increasing range of cyber threats. Ensuring robust protection against these threats necessitates the implementation of an effective Intrusion Detection System (IDS). For more than a decade, researchers have delved into supervised machine learning techniques to develop IDS to classify normal and attack traffic. However, building effective IDS models using supervised learning requires a substantial number of benign and attack samples. To collect a sufficient number of attack samples from real-life scenarios is not possible since cyber attacks occur occasionally. Further, IDS trained and tested on known datasets fails in detecting zero-day or unknown attacks due to the swift evolution of attack patterns. To address this challenge, we put forth two strategies for semi-supervised learning-based IDS where training samples of attacks are not required: (1) training a supervised machine learning model using randomly and uniformly dispersed synthetic attack samples; (2) building a One Class Classification (OCC) model that is trained exclusively on benign network traffic. We have implemented both approaches and compared their performances using 10 recent benchmark IDS datasets. Our findings demonstrate that the OCC model based on the state-of-art anomaly detection technique called usfAD significantly outperforms conventional supervised classification and other OCC-based techniques when trained and tested considering real-life scenarios, particularly to detect previously unseen attacks. |
| format | Article |
| id | doaj-art-4ebe2228ac6e41db84b9ad713f93db0b |
| institution | OA Journals |
| issn | 2045-2322 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-4ebe2228ac6e41db84b9ad713f93db0b2025-08-20T02:33:06ZengNature PortfolioScientific Reports2045-23222024-11-0114112510.1038/s41598-024-80021-0usfAD based effective unknown attack detection focused IDS frameworkMd. Ashraf Uddin0Sunil Aryal1Mohamed Reda Bouadjenek2Muna Al-Hawawreh3Md. Alamin Talukder4School of Information Technology, Deakin UniversitySchool of Information Technology, Deakin UniversitySchool of Information Technology, Deakin UniversitySchool of Information Technology, Deakin UniversityDepartment of Computer Science and Engineering, International University of Business Agriculture and TechnologyAbstract The rapid expansion of varied network systems, including the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), has led to an increasing range of cyber threats. Ensuring robust protection against these threats necessitates the implementation of an effective Intrusion Detection System (IDS). For more than a decade, researchers have delved into supervised machine learning techniques to develop IDS to classify normal and attack traffic. However, building effective IDS models using supervised learning requires a substantial number of benign and attack samples. To collect a sufficient number of attack samples from real-life scenarios is not possible since cyber attacks occur occasionally. Further, IDS trained and tested on known datasets fails in detecting zero-day or unknown attacks due to the swift evolution of attack patterns. To address this challenge, we put forth two strategies for semi-supervised learning-based IDS where training samples of attacks are not required: (1) training a supervised machine learning model using randomly and uniformly dispersed synthetic attack samples; (2) building a One Class Classification (OCC) model that is trained exclusively on benign network traffic. We have implemented both approaches and compared their performances using 10 recent benchmark IDS datasets. Our findings demonstrate that the OCC model based on the state-of-art anomaly detection technique called usfAD significantly outperforms conventional supervised classification and other OCC-based techniques when trained and tested considering real-life scenarios, particularly to detect previously unseen attacks.https://doi.org/10.1038/s41598-024-80021-0IoTNetwork trafficIntrusion detection systemAnomaly detectionOne class classificationZero day attacks |
| spellingShingle | Md. Ashraf Uddin Sunil Aryal Mohamed Reda Bouadjenek Muna Al-Hawawreh Md. Alamin Talukder usfAD based effective unknown attack detection focused IDS framework Scientific Reports IoT Network traffic Intrusion detection system Anomaly detection One class classification Zero day attacks |
| title | usfAD based effective unknown attack detection focused IDS framework |
| title_full | usfAD based effective unknown attack detection focused IDS framework |
| title_fullStr | usfAD based effective unknown attack detection focused IDS framework |
| title_full_unstemmed | usfAD based effective unknown attack detection focused IDS framework |
| title_short | usfAD based effective unknown attack detection focused IDS framework |
| title_sort | usfad based effective unknown attack detection focused ids framework |
| topic | IoT Network traffic Intrusion detection system Anomaly detection One class classification Zero day attacks |
| url | https://doi.org/10.1038/s41598-024-80021-0 |
| work_keys_str_mv | AT mdashrafuddin usfadbasedeffectiveunknownattackdetectionfocusedidsframework AT sunilaryal usfadbasedeffectiveunknownattackdetectionfocusedidsframework AT mohamedredabouadjenek usfadbasedeffectiveunknownattackdetectionfocusedidsframework AT munaalhawawreh usfadbasedeffectiveunknownattackdetectionfocusedidsframework AT mdalamintalukder usfadbasedeffectiveunknownattackdetectionfocusedidsframework |