Skip to main content
SpringerLink
Log in

Analysis and Detection Against Overlapping Phenomenon of Behavioral Attribute in Network Attacks

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13580))

Included in the following conference series:

  • 897 Accesses

Abstract

Various network attacks have brought great threats to cyber security. It is beneficial to build various datasets for detecting these network attacks. In these datasets, a sample has only one label. Traditional detection methods based on these data also belong to single-label learning, giving only one label to each sample. However, there is a noteworthy overlapping phenomenon of the behavioral attribute between attacks in the real world, i.e., network behavior could be multi-labeled. Reflected in the attack dataset is that multiple samples have the same features but different labels. This paper verifies and analyzes the overlapping phenomenon in well-known datasets UNSW-NB15 and CIC-AndMal-2020. For instance, in UNSW-NB15, a sample has an average of 1.689 labels. Then, we re-label these data as multi-label attack datasets based on the phenomenon. In addition, using multi-label methods to detect overlapping network attacks can support tracing attack sources and building better IDSs. Therefore, several multi-label detection methods are also adopted to detect these network attacks. Experiments in UNSW-NB15 show that multi-label methods are better than related single-label methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The re-labeled dataset and related code can be found at https://anonymous.4open.science/r/processed-multi-label-dataset-D4C3/.

  2. 2.

    https://research.unsw.edu.au/projects/unsw-nb15-dataset.

  3. 3.

    https://www.unb.ca/cic/datasets/andmal2020.html.

References

  1. Boutell, M.R., Luo, J., Shen, X., Brown, C.M.: Learning multi-label scene classification. Pattern Recogn. 37(9), 1757–1771 (2004)

    Article  Google Scholar 

  2. Cheng, W., Hüllermeier, E.: Combining instance-based learning and logistic regression for multilabel classification. Mach. Learn. 76(2–3), 211–225 (2009)

    Article  Google Scholar 

  3. Chou, D., Jiang, M.: Data-driven network intrusion detection: a taxonomy of challenges and methods. arXiv preprint arXiv:2009.07352 (2020)

  4. Clare, A., King, R.D.: Knowledge discovery in multi-label phenotype data. In: De Raedt, L., Siebes, A. (eds.) PKDD 2001. LNCS (LNAI), vol. 2168, pp. 42–53. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44794-6_4

    Chapter  MATH  Google Scholar 

  5. Durmuş, Ö., Varol, A.: Analysis and modeling of cyber security precautions. In: 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–8. IEEE (2021)

    Google Scholar 

  6. Elisseeff, A., Weston, J.: A kernel method for multi-labelled classification. Adv. Neural. Inf. Process. Syst. 14, 681–687 (2001)

    Google Scholar 

  7. Fiky, A.H.E., Shenawy, A.E., Madkour, M.A.: Android malware category and family detection and identification using machine learning. arXiv preprint arXiv:2107.01927 (2021)

  8. Fürnkranz, J., Hüllermeier, E., Mencía, E.L., Brinker, K.: Multilabel classification via calibrated label ranking. Mach. Learn. 73(2), 133–153 (2008)

    Article  Google Scholar 

  9. Ghamrawi, N., McCallum, A.: Collective multi-label classification. In: Proceedings of the 14th ACM international conference on Information and knowledge management, pp. 195–200 (2005)

    Google Scholar 

  10. Godbole, S., Sarawagi, S.: Discriminative methods for multi-labeled classification. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS (LNAI), vol. 3056, pp. 22–30. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24775-3_5

    Chapter  Google Scholar 

  11. Ji, S., Tang, L., Yu, S., Ye, J.: Extracting shared subspace for multi-label classification. In: Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 381–389 (2008)

    Google Scholar 

  12. Jing, D., Chen, H.B.: SVM based network intrusion detection for the UNSW-NB15 dataset. In: 2019 IEEE 13th International Conference on ASIC (ASICON), pp. 1–4. IEEE (2019)

    Google Scholar 

  13. Keyes, D.S., Li, B., Kaur, G., Lashkari, A.H., Gagnon, F., Massicotte, F.: Entroplyzer: android malware classification and characterization using entropy analysis of dynamic characteristics. In: 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS), pp. 1–12. IEEE (2021)

    Google Scholar 

  14. Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)

    Article  Google Scholar 

  15. Liu, Z., Wang, R., Japkowicz, N., Tang, D., Zhang, W., Zhao, J.: Research on unsupervised feature learning for android malware detection based on restricted Boltzmann machines. Futur. Gener. Comput. Syst. 120, 91–108 (2021)

    Article  Google Scholar 

  16. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6. IEEE (2015)

    Google Scholar 

  17. Rahali, A., Lashkari, A.H., Kaur, G., Taheri, L., Gagnon, F., Massicotte, F.: DiDroid: android malware classification and characterization using deep image learning. In: 2020 the 10th International Conference on Communication and Network Security, pp. 70–82 (2020)

    Google Scholar 

  18. Read, J., Pfahringer, B., Holmes, G., Frank, E.: Classifier chains for multi-label classification. Mach. Learn. 85(3), 333–359 (2011)

    Article  MathSciNet  Google Scholar 

  19. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  20. Yan, R., Tesic, J., Smith, J.R.: Model-shared subspace boosting for multi-label classification. In: Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 834–843 (2007)

    Google Scholar 

  21. Yang, Y., Zheng, K., Wu, B., Yang, Y., Wang, X.: Network intrusion detection based on supervised adversarial variational auto-encoder with regularization. IEEE Access 8, 42169–42184 (2020)

    Article  Google Scholar 

  22. Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)

    Article  Google Scholar 

  23. Zhang, M.L., Zhou, Z.H.: ML-KNN: a lazy learning approach to multi-label learning. Pattern Recogn. 40(7), 2038–2048 (2007)

    Article  Google Scholar 

  24. Zhang, M.L., Zhou, Z.H.: A review on multi-label learning algorithms. IEEE Trans. Knowl. Data Eng. 26(8), 1819–1837 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

We thank the reviewers for their valuable suggestions. The corresponding author of this paper is Shuhao Li. This work is supported by the National Key Research and Development Program of China (Grant No. 2018YFB0804704) and the National Key Research and Development Program of China (Grant No. 2019YFB1005201).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Jiang Xie, Shuhao Li & Peishuai Sun

  2. Key Laboratory of Network Assessment Technology, University of Chinese Academy of Sciences, Beijing, China

    Shuhao Li

  3. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jiang Xie & Peishuai Sun

Authors
  1. Jiang Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peishuai Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shuhao Li .

Editor information

Editors and Affiliations

  1. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  2. Kyushu University, Fukuoka, Japan

    Kouichi Sakurai

  3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Feng Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xie, J., Li, S., Sun, P. (2022). Analysis and Detection Against Overlapping Phenomenon of Behavioral Attribute in Network Attacks. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17551-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17550-3

  • Online ISBN: 978-3-031-17551-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation