Archivio Istituzionale della RicercaIn recent years, a variety of cybersecurity attacks affected national infrastructures, big companies, and even medium size organizations. As countermeasures are implemented, new attack variants appear. Historically, signature-based and anomaly-based Intrusion Detection Systems (IDSs) are used for detecting abnormal network behavior. The signature-based IDS is typically effective against attacks for which attack signatures exist. The anomaly-based IDS instead performs traffic analysis and raises alerts when encountering suspicious network patterns. They can detect attacks without registered signatures through different mechanisms, including machine learning (ML) techniques. We propose Autoencoder-SAD, an anomaly-based detection model, which can individuate new cybersecurity attacks by exploiting the Autoencoder model. Through empirical tests with two datasets (CIC-IDS2017 and TORSEC), we evaluated Autoencoder-SAD against two supervised ML models (Random Forest and Extreme Gradient Boosting) and one semi-supervised Autoencoder-based model. The results are promising since our approach shows an AUC of 0.94 for known attacks and 0.68 for unknown attacks.
Autoencoder-SAD: An Autoencoder-based Model for Security Attacks Detection / Berbecaru, Diana Gratiela; Giannuzzi, Stefano; Canavese, Daniele. - (2023), pp. 758-763. (Intervento presentato al convegno 28th IEEE Symposium on Computers and Communications (IEEE ISCC 2023) tenutosi a Gammarth (TUN) nel 9-12 July 2023) [10.1109/ISCC58397.2023.10217930].
Autoencoder-SAD: An Autoencoder-based Model for Security Attacks Detection
Berbecaru, Diana Gratiela;Giannuzzi, Stefano;Canavese, Daniele
2023
Abstract
In recent years, a variety of cybersecurity attacks affected national infrastructures, big companies, and even medium size organizations. As countermeasures are implemented, new attack variants appear. Historically, signature-based and anomaly-based Intrusion Detection Systems (IDSs) are used for detecting abnormal network behavior. The signature-based IDS is typically effective against attacks for which attack signatures exist. The anomaly-based IDS instead performs traffic analysis and raises alerts when encountering suspicious network patterns. They can detect attacks without registered signatures through different mechanisms, including machine learning (ML) techniques. We propose Autoencoder-SAD, an anomaly-based detection model, which can individuate new cybersecurity attacks by exploiting the Autoencoder model. Through empirical tests with two datasets (CIC-IDS2017 and TORSEC), we evaluated Autoencoder-SAD against two supervised ML models (Random Forest and Extreme Gradient Boosting) and one semi-supervised Autoencoder-based model. The results are promising since our approach shows an AUC of 0.94 for known attacks and 0.68 for unknown attacks.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Autoencoder-SAD_An_Autoencoder-based_Model_for_Security_Attacks_Detection.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
778.84 kB
Formato
Adobe PDF
|
778.84 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2982198