|
Digital
Library of the European Council for Modelling and Simulation |
Title: |
Towards Intrusion Detection Of Previously Unknown Network Attacks |
Authors: |
Saif Alzubi,
Frederic T. Stahl, Mohamed M. Gaber |
Published in: |
(2021). ECMS 2021,
35th Proceedings DOI: http://doi.org/10.7148/2021 ISSN:
2522-2422 (ONLINE) ISSN:
2522-2414 (PRINT) ISSN:
2522-2430 (CD-ROM) ISBN: 978-3-937436-72-2 Communications of the ECMS , Volume 35, Issue 1, June 2021, United Kingdom |
Citation
format: |
Saif Alzubi, Frederic T. Stahl, Mohamed M. Gaber (2021). Towards Intrusion Detection Of Previously
Unknown Network Attacks, ECMS 2021
Proceedings Edited By: Khalid Al-Begain, Mauro Iacono, Lelio Campanile, Andrzej Bargiela European
Council for Modeling and Simulation. doi:
10.7148/2021-0035 |
DOI: |
https://doi.org/10.7148/2021-0035 |
Abstract: |
Advances in
telecommunication network technologies have led to an ever more
interconnected world. Accordingly, the types of threats and attacks to
intrude or disable such networks or portions of it are continuing to develop
likewise. Thus, there is a need to detect previously unknown attack types.
Supervised techniques are not suitable to detect previously not encountered
attack types. This paper presents a new ensemble-based Unknown Network Attack
Detector (UNAD) system. UNAD proposes a training workflow composed of
heterogeneous and unsupervised anomaly detection techniques,
trains on attack-free data and can distinguish normal network flow from
(previously unknown) attacks. This scenario is more realistic for detecting
previously unknown attacks than supervised approaches and is evaluated on
telecommunication network data with known ground truth. Empirical results
reveal that UNAD can detect attacks on which the workflows have not been
trained on with a precision of 75% and a recall of 80%. The benefit of UNAD
with existing network attack detectors is, that it can detect completely new
attack types that have never been encountered before. |
Full
text: |