TY - GEN
T1 - Sequential Detection of Cyber-attacks Using a Classification Filter
AU - Cai, Xiaojuan
AU - Feng, Yaokai
AU - Sakurai, Kouichi
N1 - Funding Information:
This work is partially supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST).
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - In detection systems of cyber-attacks, the trade-off between FNR (false negative rate) and FPR (false positive rate) makes it difficult to reduce both at the same time. To address this problem, sequential detection consisting of several sub-classifiers has been proposed, where negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further checking. In existing sequential detection systems, the type and structure of sub-classifiers have received a lot of attention. However, not enough attention has been paid to how to improve the purity of the positive instances reported by each sub-classifier. To fill this gap, in this study, we propose a sequential detection system based on a classification filter (SDCF), in which we introduce a classification filter (CF) for sequential detection. Specifically, as with traditional sequential detection, negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further inspection. The difference of our SDCF is that as the CF is introduced to each sub-classifier, the positive instances initially reported in the sub-classifier are sent to the CF, and only those instances with a sufficiently high probability of being positive are eventually reported as positive instances. In this way, the FPR can be optimized by the CF, while the FNR can also be reduced by further checking of the next sub-classifier. Moreover, although SDCF requires five sub-classifiers, 10 candidate models containing Artificial Neural Networks (ANN) as well as stacking Gated Recurrent Unit (SGRU) network need to be trained and validated in order to ensure the quality of all sub-classifiers. In addition, we also tried different CF values to suggest the best one. By testing two popular public datasets, NSL-KDD'99 and CICIDS-2017, the experimental results show that when CF is 0.9, our proposed method can improve the detection performance well with detection rates of 93. 94% (NSL-KDD'99) and 96.29% (CICIDS- 2017), and our SDCF can improve the detection rate by 11.81% while reducing the FPR and FNR by 18.16% and 20.97%, respectively, compared with the latest related work.
AB - In detection systems of cyber-attacks, the trade-off between FNR (false negative rate) and FPR (false positive rate) makes it difficult to reduce both at the same time. To address this problem, sequential detection consisting of several sub-classifiers has been proposed, where negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further checking. In existing sequential detection systems, the type and structure of sub-classifiers have received a lot of attention. However, not enough attention has been paid to how to improve the purity of the positive instances reported by each sub-classifier. To fill this gap, in this study, we propose a sequential detection system based on a classification filter (SDCF), in which we introduce a classification filter (CF) for sequential detection. Specifically, as with traditional sequential detection, negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further inspection. The difference of our SDCF is that as the CF is introduced to each sub-classifier, the positive instances initially reported in the sub-classifier are sent to the CF, and only those instances with a sufficiently high probability of being positive are eventually reported as positive instances. In this way, the FPR can be optimized by the CF, while the FNR can also be reduced by further checking of the next sub-classifier. Moreover, although SDCF requires five sub-classifiers, 10 candidate models containing Artificial Neural Networks (ANN) as well as stacking Gated Recurrent Unit (SGRU) network need to be trained and validated in order to ensure the quality of all sub-classifiers. In addition, we also tried different CF values to suggest the best one. By testing two popular public datasets, NSL-KDD'99 and CICIDS-2017, the experimental results show that when CF is 0.9, our proposed method can improve the detection performance well with detection rates of 93. 94% (NSL-KDD'99) and 96.29% (CICIDS- 2017), and our SDCF can improve the detection rate by 11.81% while reducing the FPR and FNR by 18.16% and 20.97%, respectively, compared with the latest related work.
UR - http://www.scopus.com/inward/record.url?scp=85127551571&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127551571&partnerID=8YFLogxK
U2 - 10.1109/DASC-PICom-CBDCom-CyberSciTech52372.2021.00111
DO - 10.1109/DASC-PICom-CBDCom-CyberSciTech52372.2021.00111
M3 - Conference contribution
AN - SCOPUS:85127551571
T3 - Proceedings - 2021 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing and International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021
SP - 659
EP - 666
BT - Proceedings - 2021 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing and International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 19th IEEE International Conference on Dependable, Autonomic and Secure Computing, 19th IEEE International Conference on Pervasive Intelligence and Computing, 7th IEEE International Conference on Cloud and Big Data Computing and 2021 International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2021
Y2 - 25 October 2021 through 28 October 2021
ER -