Journal ArticleDOI
Intrusion detection framework based on causal reasoning for DDoS
Reads0
Chats0
TLDR
Wang et al. as mentioned in this paper proposed a framework of DDoS detection based on causal reasoning to solve the problem of false associations, which consists of two main parts: feature selection based on do-operations and attack detection by counterfactual diagnosis.Abstract:
Among network security issues, distributed denial of service (DDoS) attacks are particularly harmful to a network. Several previous machine learning (ML)-based network intrusion detection approaches have been developed to protect against DDoS attacks. However, existing ML detection approaches diagnose the causality between attacks and traffic features based mainly on purely associative features. Causal reasoning shows that this inability to disentangle correlation from causation can result in diagnostic errors. To solve this problem, this paper proposes a framework of DDoS detection based on causal reasoning to solve the problem of false associations. This framework consists of two main parts: feature selection based on “do-operations” and attack detection by counterfactual diagnosis. First, the noise features that are falsely associated with DDoS attacks are deleted during the “do-operations”. Then, the expected number of anomaly features under different DDoS attack types is calculated in the counterfactual situations. The larger the expected value that is calculated for a certain attack, the more likely it is that the anomaly features of the testing data are caused by this attack. The experiments show that the causality between DDoS attacks and the anomaly features can be fully described by our method, which, compared to other classic ML associative methods, increases the detection accuracy by approximately 5% on average. read more
Citations
More filters
Journal ArticleDOI
Recent Progress of Using Knowledge Graph for Cybersecurity
TL;DR: A quick overview of the cybersecurity knowledge graph’s core concepts, schema, and building methodologies is given and a new comprehensive classification system is developed to define the linked works from 9 core categories and 18 subcategories.
Journal ArticleDOI
Improving the Stability of Intrusion Detection With Causal Deep Learning
TL;DR: In this article , a detection system based on causal deep learning is proposed to improve the stability and generalization of network intrusion detection systems (NIDSs) based on machine learning.
Journal ArticleDOI
Improving the Stability of Intrusion Detection With Causal Deep Learning
Zeng Zeng,Wei Peng,Detian Zeng +2 more
TL;DR: In this article , a detection system based on causal deep learning is proposed to improve the stability and generalization of network intrusion detection systems (NIDSs) based on machine learning.
Journal ArticleDOI
A review of knowledge graph application scenarios in cyber security
TL;DR: A comparative review of the different works that elaborate on the recent progress in the application scenarios of cyber security knowledge graph, and a novel comprehensive classification framework is created to describe the connected works from nine primary categories and eighteen subcategories.
Proceedings ArticleDOI
Anomaly Detection In IoT Networks Using Hybrid Method Based On PCA-XGBoost
TL;DR: In this paper , a method based on a combination of Principal Component Analysis (PCA) and XGBoost algorithms for anomaly detection in IoT was presented, after normalizing the data, the PCA algorithm was used to reduce the dimensions and then, the XGBOost algorithm is used to train and classify the proposed model.
References
More filters
Book
Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference
TL;DR: Probabilistic Reasoning in Intelligent Systems as mentioned in this paper is a complete and accessible account of the theoretical foundations and computational methods that underlie plausible reasoning under uncertainty, and provides a coherent explication of probability as a language for reasoning with partial belief.
Journal ArticleDOI
Beyond Baron and Kenny: Statistical Mediation Analysis in the New Millennium
TL;DR: In this paper, the authors focus on communication processes and understand how messages have an effect on some outcome of focus in a focus-based focus-oriented focus-set problem, which is the goal of most communication researchers.
Journal ArticleDOI
Causal inference in statistics: An overview
TL;DR: A review of recent advances in causal inference can be found in this article, where a general theory of causation based on the Structural Causal Model (SCM) described in Pearl (2000a) is presented.
Journal ArticleDOI
Machine Learning and Deep Learning Methods for Cybersecurity
Yang Xin,Lingshuang Kong,Liu Zhi,Yuling Chen,Yanmiao Li,Hongliang Zhu,Mingcheng Gao,Haixia Hou,Chunhua Wang +8 more
TL;DR: This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method.
Journal Article
A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection
TL;DR: A targeted literature survey of machine learning (ML) and data processing (DM) strategies for cyber analytics in support of intrusion detection as it applies to wired networks.