ASAP: Automatic Synthesis of Attack Prototypes, an online-learning, end-to-end approach

IRIS - Institutional Research Information System
IRIS è il sistema di gestione integrata dei dati della ricerca (persone, progetti, pubblicazioni, attività) adottato dall'Università degli Studi dell’Insubria.

IRInSubria - Institutional Repository Insubria
IRInSubria raccoglie, conserva, documenta e dissemina le informazioni sulla produzione scientifica dell'Università degli Studi dell’Insubria anche ai fini della valutazione della ricerca.

Zero-day attack detection and categorization is an open-research field where four main context factors need to be taken into account: novel or zero-day attacks (i) are unlabeled by definition, (ii) may correspond to out-of-distribution data, (iii) can arise concurrently, and (iv) distribution shifts in the feature space need online-learning. Given such constraints, the online detection and categorization of new cyber threats can be modeled as a heterogeneous collective anomaly detection problem, for which no online-learning solutions exist purely based on back-propagation. To this respect, this paper presents an online-learning, end-to-end back-propagation strategy for Automatically Synthesizing the potential signatures or Attack Prototypes of novel cyber threats (asap). The presented framework incorporates automatic feature engineering, operating over raw data from the OpenFlow monitoring API and raw bytes of traffic captures. In asap, specialized inductive biases enhance the training data efficiency and accommodate the inference machinery to resource-constrained scenarios such as the Internet of Things. Finally, the validity of this framework is demonstrated in a live training experiment comprising IoT traffic emulation.

ASAP: Automatic Synthesis of Attack Prototypes, an online-learning, end-to-end approach

Jesús F. Cevallos M.^Primo;Alessandra Rizzardi^Secondo;Sabrina Sicari^Penultimo;Alberto Coen-Porisini^Ultimo

2024-01-01

Abstract

Zero-day attack detection and categorization is an open-research field where four main context factors need to be taken into account: novel or zero-day attacks (i) are unlabeled by definition, (ii) may correspond to out-of-distribution data, (iii) can arise concurrently, and (iv) distribution shifts in the feature space need online-learning. Given such constraints, the online detection and categorization of new cyber threats can be modeled as a heterogeneous collective anomaly detection problem, for which no online-learning solutions exist purely based on back-propagation. To this respect, this paper presents an online-learning, end-to-end back-propagation strategy for Automatically Synthesizing the potential signatures or Attack Prototypes of novel cyber threats (asap). The presented framework incorporates automatic feature engineering, operating over raw data from the OpenFlow monitoring API and raw bytes of traffic captures. In asap, specialized inductive biases enhance the training data efficiency and accommodate the inference machinery to resource-constrained scenarios such as the Internet of Things. Finally, the validity of this framework is demonstrated in a live training experiment comprising IoT traffic emulation.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2024
			
	Anno di pubblicazione online
	
				2024
			
	Anno di accettazione
	
				2024
			
	Rivista
	
				COMPUTER NETWORKS
			
	N° Volume
	
				254
			
	Da pagina
	
				1
			
	A pagina
	
				12
			
	Numero totale di pagine
	
				12
			
	Article Number
	
				110828
			
	Formato
	
				ELETTRONICO
			
	Referee
	
				Comitato scientifico
			
	Url
	
				https://www.sciencedirect.com/science/article/pii/S1389128624006601?via=ihub
			
	Lingua
	
				Inglese
			
	DOI
	
				https://dx.doi.org/10.1016/j.comnet.2024.110828
			
	Codice Web of Science
	
				WOS:001327813000001
			
	Codice Scopus
	
				2-s2.0-85204949440
			
	Parole chiave
	
				Zero-day attack detection, Out-of-distribution generalization, Collective anomaly detection, Internet of Things
			
	Presenza di coautori internazionali
	
				no
			
	Tipologia sito docente
	
				262
			
	Tutti gli autori
	
						F. Cevallos M., Jesús; Rizzardi, Alessandra; Sicari, Sabrina; Coen-Porisini, Alberto
					
	Fulltext
	
				open
			
	Tipologia
	
				Articoli su Riviste::Articolo su Rivista
			
	Numero autori
	
				4
			
	Tipologia
	
				info:eu-repo/semantics/article
			
	Identificativo progetto
	
	Titolo Progetto
	
									SEcure and REliable Networked Architecture for Industrial Internet of Things digital transformation
								
	Acronimo
	
									SERENA-IIoT
								
	Nome finanziatore
	
										MUR
									
	Finanziamento
	
									PRIN 2022 program
								
	N. Contratto
	
									2022CN4EBH
								
	Appare nelle tipologie:
	
				Articolo su Rivista

File in questo prodotto:

File	Dimensione	Formato
1-s2.0-S1389128624006601-main.pdf accesso aperto Tipologia: Versione Editoriale (PDF) Licenza: Creative commons Dimensione 2.59 MB Formato Adobe PDF Visualizza/Apri	2.59 MB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11383/2180319

Attenzione

L'Ateneo sottopone a validazione solo i file PDF allegati

Citazioni

ND

1

1

social impact