In recent years, a variety of cybersecurity attacks affected national infrastructures, big companies, and even medium size organizations. As countermeasures are implemented, new attack variants appear. Historically, signature-based and anomaly-based Intrusion Detection Systems (IDSs) are used for detecting abnormal network behavior. The signature-based IDS is typically effective against attacks for which attack signatures exist. The anomaly-based IDS instead performs traffic analysis and raises alerts when encountering suspicious network patterns. They can detect attacks without registered signatures through different mechanisms, including machine learning (ML) techniques. We propose Autoencoder-SAD, an anomaly-based detection model, which can individuate new cybersecurity attacks by exploiting the Autoencoder model. Through empirical tests with two datasets (CIC-IDS2017 and TORSEC), we evaluated Autoencoder-SAD against two supervised ML models (Random Forest and Extreme Gradient Boosting) and one semi-supervised Autoencoder-based model. The results are promising since our approach shows an AUC of 0.94 for known attacks and 0.68 for unknown attacks.

Autoencoder-SAD: An Autoencoder-based Model for Security Attacks Detection / Berbecaru, Diana Gratiela; Giannuzzi, Stefano; Canavese, Daniele. - (2023), pp. 758-763. (Intervento presentato al convegno 28th IEEE Symposium on Computers and Communications (IEEE ISCC 2023) tenutosi a Gammarth (TUN) nel 9-12 July 2023) [10.1109/ISCC58397.2023.10217930].

Autoencoder-SAD: An Autoencoder-based Model for Security Attacks Detection

Berbecaru, Diana Gratiela;Giannuzzi, Stefano;Canavese, Daniele
2023

Abstract

In recent years, a variety of cybersecurity attacks affected national infrastructures, big companies, and even medium size organizations. As countermeasures are implemented, new attack variants appear. Historically, signature-based and anomaly-based Intrusion Detection Systems (IDSs) are used for detecting abnormal network behavior. The signature-based IDS is typically effective against attacks for which attack signatures exist. The anomaly-based IDS instead performs traffic analysis and raises alerts when encountering suspicious network patterns. They can detect attacks without registered signatures through different mechanisms, including machine learning (ML) techniques. We propose Autoencoder-SAD, an anomaly-based detection model, which can individuate new cybersecurity attacks by exploiting the Autoencoder model. Through empirical tests with two datasets (CIC-IDS2017 and TORSEC), we evaluated Autoencoder-SAD against two supervised ML models (Random Forest and Extreme Gradient Boosting) and one semi-supervised Autoencoder-based model. The results are promising since our approach shows an AUC of 0.94 for known attacks and 0.68 for unknown attacks.
2023
979-8-3503-0048-2
File in questo prodotto:
File Dimensione Formato  
Autoencoder-SAD_An_Autoencoder-based_Model_for_Security_Attacks_Detection.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 778.84 kB
Formato Adobe PDF
778.84 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2982198