Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection

With the increase of Internet visits and connections, it is becoming essential and arduous to protect the networks and different devices of the Internet of Things (IoT) from malicious attacks. The intrusion detection systems (IDSs) based on supervised machine learning (ML) methods require a large number of labeled samples. However, the number of abnormal behaviors is far less than that of normal behaviors, let alone that the shots of malicious behavior samples which can be intercepted as training dataset are actually limited. Consequently, it is a key research topic to conduct the anomaly detection for the small number of abnormal behavior samples. This paper proposes an anomaly detection model with a few abnormal samples to solve the problem in few-shot detection based on convolutional neural networks (CNN) and autoencoder (AE). This model mainly consists of the CNN-based supervised pretraining module and the AE-based data reconstruction module. Only a few abnormal samples are utilized to the pretrain module to build the structure of extracting deep features. The data reconstruction module simply chooses the deep features of normal samples as training data. There also exist some effective attention mechanisms in the pretraining module. Through the pretraining of small samples, the accuracy of abnormal detection is improved compared with merely training normal samples with AE. The simulation results prove that this solution can solve the above problems occurring in network behavior anomaly detection. In comparison to the original AE model and other clustering methods, the proposed model advances the detection results in a visible way.

Download Full-text

BANBAD

Network Security, Administration and Management ◽

10.4018/978-1-60960-777-7.ch013 ◽

2011 ◽

pp. 253-276

Author(s):

Rajeev Agrawal ◽

Chaoli Cai ◽

Ajay Gupta ◽

Rajib Paul ◽

Raed Salih

Keyword(s):

Energy Consumption ◽

Anomaly Detection ◽

False Alarm ◽

Joint Probability ◽

Detection Algorithm ◽

Abnormal Behavior ◽

Training Dataset ◽

Joint Probability Distribution ◽

High Detection ◽

Hoc Networks

Anomaly detection is an important aspect of any security mechanism. We present an efficient anomaly detection algorithm, named BANBAD. Using Belief Networks (BNs), the algorithm identifies abnormal behavior of a feature, like inappropriate energy consumption of a node in a network. By applying structure learning techniques to training dataset, BANBAD establishes a joint probability distribution among relevant features, such as average velocity, displacement, local computation and communication time, energy consumption, and response time of a node of the network. A directed acyclic graph (DAG) is used to represent the features and their dependencies. Using a training process, BANBAD maintains dynamic, updated profiles of network node behaviors and uses specific Bayesian inference algorithm to distinguish abnormal behavior during testing. BANBAD works especially well in ad hoc networks. Extensive simulation results demonstrate that a centralized BANBAD achieves low false alarm rates, below 5%, and high detection rates, greater than 95%. We also show that BANBAD detects anomaly efficiently and accurately in two real datasets. The key for achieving such high performance is bounding the false alarm rate at certain predefined threshold value. By fine-tuning at the threshold, we can achieve high detection rate as well.

Download Full-text

Methodology for Collecting a Training Dataset for an Intrusion Detection Model

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2021-33(5)-5 ◽

2021 ◽

Vol 33 (5) ◽

pp. 83-104

Author(s):

Aleksandr Igorevich Getman ◽

Maxim Nikolaevich Goryunov ◽

Andrey Georgievich Matskevich ◽

Dmitry Aleksandrovich Rybolovlev

Keyword(s):

Attack Detection ◽

Training Data ◽

Training Dataset ◽

Training Models ◽

The Public ◽

Detection Model ◽

Computer Attacks ◽

Model Training ◽

Public Datasets

The paper discusses the issues of training models for detecting computer attacks based on the use of machine learning methods. The results of the analysis of publicly available training datasets and tools for analyzing network traffic and identifying features of network sessions are presented sequentially. The drawbacks of existing tools and possible errors in the datasets formed with their help are noted. It is concluded that it is necessary to collect own training data in the absence of guarantees of the public datasets reliability and the limited use of pre-trained models in networks with characteristics that differ from the characteristics of the network in which the training traffic was collected. A practical approach to generating training data for computer attack detection models is proposed. The proposed solutions have been tested to evaluate the quality of model training on the collected data and the quality of attack detection in conditions of real network infrastructure.

Download Full-text

A New Design of Custom Optimized Cnn-Lstm Assists to Detect Network Anomaly Using Categorical Data

10.21203/rs.3.rs-490866/v1 ◽

2021 ◽

Author(s):

Kanmani R ◽

A.Christy Jeba Malar ◽

Roopa V ◽

Ranjani D ◽

Suganya R

Keyword(s):

Feature Selection ◽

Anomaly Detection ◽

Categorical Data ◽

Imbalanced Data ◽

Experimental Result ◽

Training Dataset ◽

Detection Model ◽

Effective Performance ◽

Network Anomaly Detection ◽

System Effectiveness

Abstract For traditional intrusion detection model, the system effectiveness is fully based on training dataset and feature selection. During feature selection, it needs more labour charge and trusted mainly on expert’s knowledge. Moreover, the training dataset contains more imbalanced data which in terms model tends to be biased. Here, an automatic approach is introduced to correct deficiency in the system. In this paper, the author proposes novel network anomaly detection (NID) build using categorical data. A model has to be designed with modified form of deep neural network primarily utilized for detecting anomaly within the network. Custom CNN-LSTM with Harris Hawks Optimization (named as custom optimized CNN-LSTM) is designed as a new classifier majorly used to detect the anomaly from word cloud to distinguish the data with effective performance. The experimental result shows that the proposed method achieves a promising output for network anomaly detection.

Download Full-text

Nanopore callers for epigenetics from limited supervised data

10.1101/2021.06.17.448800 ◽

2021 ◽

Author(s):

Brian Yao ◽

Chloe Hsu ◽

Gal Goldner ◽

Yael Michaeli ◽

Yuval Ebenstein ◽

...

Keyword(s):

Incomplete Data ◽

Deep Neural Networks ◽

Markov Models ◽

Hidden Markov ◽

Training Data ◽

Supervised Machine Learning ◽

Training Dataset ◽

Nanopore Sequencing ◽

Base Modifications ◽

Sequencing Platforms

Nanopore sequencing platforms combined with supervised machine learning (ML) have been effective at detecting base modifications in DNA such as 5mC and 6mA. These ML-based nanopore callers have typically been trained on data that span all modifications on all possible DNA k-mer backgrounds—a complete training dataset. However, as nanopore technology is pushed to more and more epigenetic modifications, such complete training data will not be feasible to obtain. Nanopore calling has historically been performed with Hidden Markov Models (HMMs) that cannot make successful calls for k-mer contexts not seen during training because of their independent emission distributions. However, deep neural networks (DNNs), which share parameters across contexts, are increasingly being used as callers, often outperforming their HMM cousins. It stands to reason that a DNN approach should be able to better generalize to unseen k-mer contexts. Indeed, herein we demonstrate that a common DNN approach (DeepSignal) outperforms a common HMM approach (Nanopolish) in the incomplete data setting. Furthermore, we propose a novel hybrid HMM-DNN approach, Amortized-HMM, that outperforms both the pure HMM and DNN approaches on 5mC calling when the training data are incomplete. Such an approach is expected to be useful for calling 5hmC and combinations of cytosine modifications, where complete training data are not likely to be available.

Download Full-text

Coarse-to-Fine Adaptive People Detection for Video Sequences by Maximizing Mutual Information †

Sensors ◽

10.3390/s19010004 ◽

2018 ◽

Vol 19 (1) ◽

pp. 4

Author(s):

Álvaro García-Martín ◽

Juan SanMiguel ◽

José Martínez

Keyword(s):

Mutual Information ◽

Detection Threshold ◽

Ground Truth ◽

Training Data ◽

Training Dataset ◽

People Detection ◽

Detection Model ◽

Unseen Data ◽

Bounding Boxes ◽

Coarse To Fine

Applying people detectors to unseen data is challenging since patterns distributions, such as viewpoints, motion, poses, backgrounds, occlusions and people sizes, may significantly differ from the ones of the training dataset. In this paper, we propose a coarse-to-fine framework to adapt frame by frame people detectors during runtime classification, without requiring any additional manually labeled ground truth apart from the offline training of the detection model. Such adaptation make use of multiple detectors mutual information, i.e., similarities and dissimilarities of detectors estimated and agreed by pair-wise correlating their outputs. Globally, the proposed adaptation discriminates between relevant instants in a video sequence, i.e., identifies the representative frames for an adaptation of the system. Locally, the proposed adaptation identifies the best configuration (i.e., detection threshold) of each detector under analysis, maximizing the mutual information to obtain the detection threshold of each detector. The proposed coarse-to-fine approach does not require training the detectors for each new scenario and uses standard people detector outputs, i.e., bounding boxes. The experimental results demonstrate that the proposed approach outperforms state-of-the-art detectors whose optimal threshold configurations are previously determined and fixed from offline training data.

Download Full-text

An Intrusion Detection Based on Markov Model

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.268-270.988 ◽

2011 ◽

Vol 268-270 ◽

pp. 988-993 ◽

Cited By ~ 1

Author(s):

Hai Sheng Li

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Detection Rate ◽

Markov Chain Model ◽

Training Data ◽

Chain Model ◽

High Detection Rate ◽

Detection Model ◽

System Calls ◽

High Detection

This paper presents an Intrusion detection technique through anomaly-detection, and proposes Modeling algorithm using training data and anomaly detection model. In this technique, a Markov-chain model is founded based on the characteristic pattern, which is a subsequence of system calls if this sequence satisfies the certain support degree. Experiments show that the method with high detection rate and low false alarm rate is valuable to intrusion detection.

Download Full-text

Stochastically-Trained Physics-Informed Neural Networks: Application to Thermal Analysis in Metal Laser Powder Bed Fusion

10.1115/detc2021-70557 ◽

2021 ◽

Author(s):

Justin Pierce ◽

Glen Williams ◽

Timothy W. Simpson ◽

Nicholas A. Meisel ◽

Christopher McComb

Keyword(s):

Machine Learning ◽

Neural Networks ◽

Thermal Analysis ◽

Surrogate Models ◽

Training Data ◽

Supervised Machine Learning ◽

Training Dataset ◽

Limiting Factor ◽

Powder Bed Fusion ◽

Powder Bed

Abstract Modern digital manufacturing processes, such as additive manufacturing, are cyber-physical in nature and utilize complex, process-specific simulations for both design and manufacturing. Although computational simulations can be used to optimize these complex processes, they can take hours or days — an unreasonable cost for engineering teams leveraging iterative design processes. Hence, more rapid computational methods are necessary in areas where computation time presents a limiting factor. When existing data from historical examples is plentiful and reliable, supervised machine learning can be used to create surrogate models that can be evaluated orders of magnitude more rapidly than comparable finite element approaches. However, for applications that necessitate computationally-intensive simulations, even generating the training data necessary to train a supervised machine learning model can pose a significant barrier. Unsupervised methods, such as physics-informed neural networks, offer a shortcut in cases where training data is scarce or prohibitive. These novel neural networks are trained without the use of potentially expensive labels. Instead, physical principles are encoded directly into the loss function. This method substantially reduces the time required to develop a training dataset, while still achieving the evaluation speed that is typical of supervised machine learning surrogate models. We propose a new method for stochastically training and testing a convolutional physics-informed neural network using the transient 3D heat equation- to model temperature throughout a solid object over time. We demonstrate this approach by applying it to a transient thermal analysis model of the powder bed fusion manufacturing process.

Download Full-text

Tree species detection and identification from UAV imagery to support tropical forest monitoring

10.5194/egusphere-egu2020-17759 ◽

2020 ◽

Author(s):

Loïc Dutrieux ◽

Radhouene Azzabi ◽

Sébastien Bauwens ◽

Ulrich Gaël Bouka Dipelet ◽

Olivier Chenoz ◽

...

Keyword(s):

Object Detection ◽

Tropical Forests ◽

Tree Species ◽

Training Data ◽

Aerial Imagery ◽

Forest Monitoring ◽

Human Operator ◽

Training Dataset ◽

Detection Model ◽

Synthetic Images

<p>As part of a project aiming to support FSC certified logging concessions in their tasks of forest inventory and management, we collected aerial imagery over 9000 ha of tropical forests in Northern Congo using long range Unmanned Aerial Vehicles (UAVs). Once processed into orthomosaics, the aerial imagery is used in combination with reference training samples to train a deep learning object detection model (FasterRCNN) capable of detecting and predicting tree species. The remoteness and diversity of these forests make both data acquisition and generation of a training dataset challenging. Unlike natural images containing common objects like cars, bicycles, cats and dogs, there is no easy way to create a training dataset of tree species from overhead imagery of tropical forests. The first reason is that a human operator cannot as easily recognize and label objects. The second reason is that the polymorphism of tree species, phenological variations and uncertainty associated with visual recognition makes the exhaustive labeling of all instances of each class very difficult. Such exhaustive labeling is required to successfully train any object detection model. To overcome these challenges we built an interactive and ergonomic interface that allows a human operator to work in a spatial context, being guided by the approximate geographic location of already inventoried trees. We solved the issue of non-exhaustive instance labeling by building synthetic images, hence allowing full control of the training data. In addition to these specific developments related to training data generation, we will present details of the UAV missions, modelling results on synthetic images, and finally preliminary results of model transfer to aerial imagery.</p>

Download Full-text

Zero Initialized Active Learning with Spectral Clustering using Hungarian Method

Acta Cybernetica ◽

10.14232/actacyb.288006 ◽

2021 ◽

Vol 25 (2) ◽

pp. 401-419

Author(s):

Dávid Papp

Keyword(s):

Machine Learning ◽

Active Learning ◽

Spectral Clustering ◽

Clustering Algorithm ◽

Learning System ◽

Training Data ◽

Supervised Machine Learning ◽

Training Dataset ◽

Generative Adversarial Networks ◽

Class Membership

Supervised machine learning tasks often require a large number of labeled training data to set up a model, and then prediction - for example the classification - is carried out based on this model. Nowadays tremendous amount of data is available on the web or in data warehouses, although only a portion of those data is annotated and the labeling process can be tedious, expensive and time consuming. Active learning tries to overcome this problem by reducing the labeling cost through allowing the learning system to iteratively select the data from which it learns. In special case of active learning, the process starts from zero initialized scenario, where the labeled training dataset is empty, and therefore only unsupervised methods can be performed. In this paper a novel query strategy framework is presented for this problem, called Clustering Based Balanced Sampling Framework (CBBSF), which is not only select the initial labeled training dataset, but uniformly selects the items among the categories to get a balanced labeled training dataset. The framework includes an assignment technique to implicitly determine the class membership probabilities. Assignment solution is updated during CBBSF iterations, hence it simulates supervised machine learning more accurately as the process progresses. The proposed Spectral Clustering Based Sampling (SCBS) query startegy realizes the CBBSF framework, and therefore it is applicable in the special zero initialized situation. This selection approach uses ClusterGAN (Clustering using Generative Adversarial Networks) integrated in the spectral clustering algorithm and then it selects an unlabeled instance depending on the class membership probabilities. Global and local versions of SCBS were developed, furthermore, most confident and minimal entropy measures were calculated, thus four different SCBS variants were examined in total. Experimental evaluation was conducted on the MNIST dataset, and the results showed that SCBS outperforms the state-of-the-art zero initialized active learning query strategies.

Download Full-text

DeepSSPred: A Deep Learning Based Sulfenylation site predictor via a novel n-segmented optimize federated feature encoder

Protein and Peptide Letters ◽

10.2174/0929866527666201202103411 ◽

2020 ◽

Vol 27 ◽

Author(s):

Zaheer Ullah Khan ◽

Dechang Pi

Keyword(s):

Large Scale ◽

Computational Models ◽

Research Work ◽

Training Data ◽

Training Dataset ◽

Validation Dataset ◽

Cytokine Signaling ◽

Minority Class ◽

Independent Dataset ◽

Feature Encoding

Background: S-sulfenylation (S-sulphenylation, or sulfenic acid) proteins, are special kinds of post-translation modification, which plays an important role in various physiological and pathological processes such as cytokine signaling, transcriptional regulation, and apoptosis. Despite these aforementioned significances, and by complementing existing wet methods, several computational models have been developed for sulfenylation cysteine sites prediction. However, the performance of these models was not satisfactory due to inefficient feature schemes, severe imbalance issues, and lack of an intelligent learning engine. Objective: In this study, our motivation is to establish a strong and novel computational predictor for discrimination of sulfenylation and non-sulfenylation sites. Methods: In this study, we report an innovative bioinformatics feature encoding tool, named DeepSSPred, in which, resulting encoded features is obtained via n-segmented hybrid feature, and then the resampling technique called synthetic minority oversampling was employed to cope with the severe imbalance issue between SC-sites (minority class) and non-SC sites (majority class). State of the art 2DConvolutional Neural Network was employed over rigorous 10-fold jackknife cross-validation technique for model validation and authentication. Results: Following the proposed framework, with a strong discrete presentation of feature space, machine learning engine, and unbiased presentation of the underline training data yielded into an excellent model that outperforms with all existing established studies. The proposed approach is 6% higher in terms of MCC from the first best. On an independent dataset, the existing first best study failed to provide sufficient details. The model obtained an increase of 7.5% in accuracy, 1.22% in Sn, 12.91% in Sp and 13.12% in MCC on the training data and12.13% of ACC, 27.25% in Sn, 2.25% in Sp, and 30.37% in MCC on an independent dataset in comparison with 2nd best method. These empirical analyses show the superlative performance of the proposed model over both training and Independent dataset in comparison with existing literature studies. Conclusion : In this research, we have developed a novel sequence-based automated predictor for SC-sites, called DeepSSPred. The empirical simulations outcomes with a training dataset and independent validation dataset have revealed the efficacy of the proposed theoretical model. The good performance of DeepSSPred is due to several reasons, such as novel discriminative feature encoding schemes, SMOTE technique, and careful construction of the prediction model through the tuned 2D-CNN classifier. We believe that our research work will provide a potential insight into a further prediction of S-sulfenylation characteristics and functionalities. Thus, we hope that our developed predictor will significantly helpful for large scale discrimination of unknown SC-sites in particular and designing new pharmaceutical drugs in general.

Download Full-text