期刊名称:International Journal of Advanced Computer Science and Applications(IJACSA)
印刷版ISSN:2158-107X
电子版ISSN:2156-5570
出版年度:2022
卷号:13
期号:4
DOI:10.14569/IJACSA.2022.0130498
语种:English
出版社:Science and Information Society (SAI)
摘要:Cyberattacks are on the rise, making technology companies increasingly prone to data theft. Recent research has focused on constructing cognitive models for traffic anomaly detection in a communication network. Many of these exper-iments resulted in data packets recorded by technologies like Wireshark. These datasets provide high-dimensional data relating to benign and malicious data packets. Recent research has mostly focused on developing machine learning, and deep learning systems o detect attack data packets in a network. Also, machine learning algorithms are currently trained to detect only known threats. However, with the growth of new cyberattacks and zero-day attacks, current algorithms are unable to detect unknown attacks. This research focuses on detecting rare attacks using transfer learning from a dataset of known attacks. Deep learning outperforms explicit statistical modelling approaches by at least 21% for the dataset used. A preliminary survey of candidate deep learning architectures has been performed before testing for transferability and proposes a Convolutional Neural Network architecture that is 99.65% accurate in classifying attack data packets. The suggested CNN architecture trained with a known attack and then tested its performance on unknown attacks to assess transferability. For this model to extract sufficient information for transferability, the training samples must have more information. Only 20% of the dataset represents current threat data. Several strategies, such as innovative synthetic dataset-based training and bootstrapped dataset training, have been developed to overcome small training sets. A subset of training attacks is determined to optimise learning potential. This study finds training-testing attack pairings with good learning transferability. The most robust and stable relationships are found in DoS attack training-testing pairings. This study also presents model generalisation hypotheses. The dataset features and attack characteristics were analysed using the Recursive Feature Elimination (RFE) algorithm to validate the results.
关键词:Transfer learning; convolutional neural network; intrusion detection system; cyber security; machine learning and deep learning
