Unknown Attack Detection:Combining Relabeling and Hybrid Intrusion Detection

作     者：Gun-Yoon Shin Dong-Wook Kim Sang-Soo Kim Myung-Mook Han 

作者机构：Department of Computer EngineeringGachon UniversitySungnam-si13120Korea Agency for Defense Development SongpaSeoul05661Korea Department of SoftwareGachon UniversitySungnam-si13120Korea 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2021年第68卷第9期

页      面：3289-3303页

核心收录：

学科分类：1002[医学-临床医学] 100214[医学-肿瘤学] 10[医学] 

基　　金：This work was supported by the Research Program through the National Research Foundation of Korea NRF-2018R1D1A1B07050864 and was supported by another the Agency for Defense Development UD200020ED 

主　　题：Unknown attack hybrid intrusion detection fuzzy c-means relabeling CART iForest 

摘      要：Detection of unknown attacks like a zero-day attack is a research field that has long been ***,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection *** detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown *** anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false *** detection has low false alarms;its limitation is that it can detect only known *** overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection *** method can overcome the limitations of conventional methods and works better in detecting unknown ***,this method does not accurately classify attacks like similar to normal or known ***,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known *** anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using *** misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known *** an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.