The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Com um número cada vez maior de ataques cibernéticos sofisticados, proteger as redes da Internet das Coisas (IoT) contra atividades não autorizadas é uma grande preocupação. A detecção de tráfego de ataque malicioso é, portanto, crucial para a segurança da IoT evitar tráfego indesejado. No entanto, os sistemas tradicionais de detecção de tráfego malicioso existentes, que dependiam da abordagem de aprendizado de máquina supervisionado, precisam de um número considerável de amostras de tráfego benigno e de malware para treinar os modelos de aprendizado de máquina. Além disso, nos casos de ataques de dia zero, apenas algumas amostras de tráfego rotuladas estão acessíveis para análise. Para lidar com isso, propomos um sistema de detecção de tráfego IoT malicioso com um protótipo de rede neural gráfica. A abordagem proposta não requer conhecimento prévio de binários de carga útil de rede ou assinaturas de tráfego de rede. O modelo é treinado em dados de tráfego rotulado e testado para avaliar sua capacidade de detectar novos tipos de ataques quando apenas algumas amostras de tráfego rotulado estão disponíveis. O sistema de detecção proposto primeiro categoriza o tráfego de rede como um fluxo bidirecional e visualiza o fluxo de tráfego binário como uma imagem colorida. Uma rede neural é então aplicada ao tráfego visualizado para extrair recursos importantes. Depois disso, usando a abordagem proposta de rede neural gráfica de poucos disparos, o modelo é treinado em diferentes tarefas de poucos disparos para generalizá-lo para novos ataques invisíveis. O modelo proposto é avaliado em um conjunto de dados de tráfego de rede composto por tráfego benigno e tráfego correspondente a seis tipos de ataques. Os resultados revelaram que nosso modelo proposto alcançou uma pontuação F1 de 0.91 e 0.94 na classificação de 5 e 10 disparos, respectivamente, e superou os modelos de linha de base.
Thin Tharaphe THEIN
Kobe University
Yoshiaki SHIRAISHI
Kobe University
Masakatu MORII
Kobe University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Thin Tharaphe THEIN, Yoshiaki SHIRAISHI, Masakatu MORII, "Few-Shot Learning-Based Malicious IoT Traffic Detection with Prototypical Graph Neural Networks" in IEICE TRANSACTIONS on Information,
vol. E106-D, no. 9, pp. 1480-1489, September 2023, doi: 10.1587/transinf.2022OFP0004.
Abstract: With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022OFP0004/_p
Copiar
@ARTICLE{e106-d_9_1480,
author={Thin Tharaphe THEIN, Yoshiaki SHIRAISHI, Masakatu MORII, },
journal={IEICE TRANSACTIONS on Information},
title={Few-Shot Learning-Based Malicious IoT Traffic Detection with Prototypical Graph Neural Networks},
year={2023},
volume={E106-D},
number={9},
pages={1480-1489},
abstract={With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.},
keywords={},
doi={10.1587/transinf.2022OFP0004},
ISSN={1745-1361},
month={September},}
Copiar
TY - JOUR
TI - Few-Shot Learning-Based Malicious IoT Traffic Detection with Prototypical Graph Neural Networks
T2 - IEICE TRANSACTIONS on Information
SP - 1480
EP - 1489
AU - Thin Tharaphe THEIN
AU - Yoshiaki SHIRAISHI
AU - Masakatu MORII
PY - 2023
DO - 10.1587/transinf.2022OFP0004
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E106-D
IS - 9
JA - IEICE TRANSACTIONS on Information
Y1 - September 2023
AB - With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.
ER -