ecms_neu_mini.png

Digital Library

of the European Council for Modelling and Simulation

 

Title:

Towards Intrusion Detection Of Previously Unknown Network Attacks

Authors:

Saif Alzubi, Frederic T. Stahl, Mohamed M. Gaber

Published in:

 

 

(2021). ECMS 2021, 35th Proceedings
Edited by: Khalid Al-Begain, Mauro Iacono, Lelio Campanile, Andrzej Bargiela, European Council for Modelling and Simulation.

 

DOI: http://doi.org/10.7148/2021

ISSN: 2522-2422 (ONLINE)

ISSN: 2522-2414 (PRINT)

ISSN: 2522-2430 (CD-ROM)

 

ISBN: 978-3-937436-72-2
ISBN: 978-3-937436-73-9(CD)

 

Communications of the ECMS , Volume 35, Issue 1, June 2021,

United Kingdom

 

Citation format:

Saif Alzubi, Frederic T. Stahl, Mohamed M. Gaber (2021). Towards Intrusion Detection Of Previously Unknown Network Attacks, ECMS 2021 Proceedings Edited By: Khalid Al-Begain, Mauro Iacono, Lelio Campanile, Andrzej Bargiela European Council for Modeling and Simulation. doi: 10.7148/2021-0035

DOI:

https://doi.org/10.7148/2021-0035

Abstract:

Advances in telecommunication network technologies have led to an ever more interconnected world. Accordingly, the types of threats and attacks to intrude or disable such networks or portions of it are continuing to develop likewise. Thus, there is a need to detect previously unknown attack types. Supervised techniques are not suitable to detect previously not encountered attack types. This paper presents a new ensemble-based Unknown Network Attack Detector (UNAD) system. UNAD proposes a training workflow composed of heterogeneous and unsupervised anomaly detection techniques, trains on attack-free data and can distinguish normal network flow from (previously unknown) attacks. This scenario is more realistic for detecting previously unknown attacks than supervised approaches and is evaluated on telecommunication network data with known ground truth. Empirical results reveal that UNAD can detect attacks on which the workflows have not been trained on with a precision of 75% and a recall of 80%. The benefit of UNAD with existing network attack detectors is, that it can detect completely new attack types that have never been encountered before.

Full text: