An identification strategy for unknown attack through the joint learning of space-time features

Abstract Deep learning (DL) can effectively extract the features of attack behaviours and identify unknown attack behaviours. However, the current DL-based methods separately learn spatial feature and temporal features and fail to consider the spatiotemporal correlation of cyber events. To make up for the gap, this paper proposes an identification strategy for unknown attack behaviours through the joint learning of spatiotemporal features. First, a double-layer long short-term memory (LSTM) was adopted to learn the spatial features of data packet and the temporal feature of the network flow, which makes the attack behaviour recognition less dependent on prior knowledge. Next, the temporal attention was constructed to suppress the noises in the spatial features of the data packet; the spatial attention was designed to reduce the temporal features of low-density information; the spatial attention was fused with the temporal attention to establish the spatiotemporal dependence of cyber-attack behaviours and distinguish the importance of spatiotemporal features. Finally, our identification strategy was experimentally compared with the identification models solely based on spatial features or temporal features. The comparison shows that our strategy outperformed the contrastive models by 2% in recognition accuracy. Thus, the fusion between spatial and temporal features can effectively promote the identification accuracy of unknown attack behaviours.

[1]  Wei Wang,et al.  Identification of Malicious Injection Attacks in Dense Rating and Co-Visitation Behaviors , 2021, IEEE Transactions on Information Forensics and Security.

[2]  Yang Yu,et al.  A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks , 2016, Sensors.

[3]  Fan Zhang,et al.  Distributed Consensus of Layered Multi-Agent Systems Subject to Attacks on Edges , 2020, IEEE Transactions on Circuits and Systems I: Regular Papers.

[4]  Peter Bodorik,et al.  DDoS Detection System: Using a Set of Classification Algorithms Controlled by Fuzzy Logic System in Apache Spark , 2019, IEEE Transactions on Network and Service Management.

[5]  Pablo Torres,et al.  An analysis of Recurrent Neural Networks for Botnet detection behavior , 2016, 2016 IEEE Biennial Congress of Argentina (ARGENCON).

[6]  Cees T. A. M. de Laat,et al.  CoreFlow: Enriching Bro security events using network traffic monitoring data , 2018, Future Gener. Comput. Syst..

[7]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[8]  Insoo Koo,et al.  Unsupervised Machine Learning-Based Detection of Covert Data Integrity Assault in Smart Grid Networks Utilizing Isolation Forest , 2019, IEEE Transactions on Information Forensics and Security.

[9]  Zhifei Zhang,et al.  Analyzing User-Level Privacy Attack Against Federated Learning , 2020, IEEE Journal on Selected Areas in Communications.

[10]  Yiqiang Sheng,et al.  HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection , 2018, IEEE Access.

[11]  Mamoun Alazab,et al.  A Visualized Botnet Detection System Based Deep Learning for the Internet of Things Networks of Smart Cities , 2020, IEEE Transactions on Industry Applications.

[12]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.

[13]  Shahid Mumtaz,et al.  Guest Editorial 5G and Beyond Mobile Technologies and Applications for Industrial IoT (IIoT) , 2018, IEEE Transactions on Industrial Informatics.

[14]  Mamoun Alazab,et al.  Big Data for Cybersecurity: Vulnerability Disclosure Trends and Dependencies , 2019, IEEE Transactions on Big Data.