Abstract
Various network attacks have brought great threats to cyber security. It is beneficial to build various datasets for detecting these network attacks. In these datasets, a sample has only one label. Traditional detection methods based on these data also belong to single-label learning, giving only one label to each sample. However, there is a noteworthy overlapping phenomenon of the behavioral attribute between attacks in the real world, i.e., network behavior could be multi-labeled. Reflected in the attack dataset is that multiple samples have the same features but different labels. This paper verifies and analyzes the overlapping phenomenon in well-known datasets UNSW-NB15 and CIC-AndMal-2020. For instance, in UNSW-NB15, a sample has an average of 1.689 labels. Then, we re-label these data as multi-label attack datasets based on the phenomenon. In addition, using multi-label methods to detect overlapping network attacks can support tracing attack sources and building better IDSs. Therefore, several multi-label detection methods are also adopted to detect these network attacks. Experiments in UNSW-NB15 show that multi-label methods are better than related single-label methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The re-labeled dataset and related code can be found at https://anonymous.4open.science/r/processed-multi-label-dataset-D4C3/.
- 2.
- 3.
References
Boutell, M.R., Luo, J., Shen, X., Brown, C.M.: Learning multi-label scene classification. Pattern Recogn. 37(9), 1757–1771 (2004)
Cheng, W., Hüllermeier, E.: Combining instance-based learning and logistic regression for multilabel classification. Mach. Learn. 76(2–3), 211–225 (2009)
Chou, D., Jiang, M.: Data-driven network intrusion detection: a taxonomy of challenges and methods. arXiv preprint arXiv:2009.07352 (2020)
Clare, A., King, R.D.: Knowledge discovery in multi-label phenotype data. In: De Raedt, L., Siebes, A. (eds.) PKDD 2001. LNCS (LNAI), vol. 2168, pp. 42–53. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44794-6_4
Durmuş, Ö., Varol, A.: Analysis and modeling of cyber security precautions. In: 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–8. IEEE (2021)
Elisseeff, A., Weston, J.: A kernel method for multi-labelled classification. Adv. Neural. Inf. Process. Syst. 14, 681–687 (2001)
Fiky, A.H.E., Shenawy, A.E., Madkour, M.A.: Android malware category and family detection and identification using machine learning. arXiv preprint arXiv:2107.01927 (2021)
Fürnkranz, J., Hüllermeier, E., Mencía, E.L., Brinker, K.: Multilabel classification via calibrated label ranking. Mach. Learn. 73(2), 133–153 (2008)
Ghamrawi, N., McCallum, A.: Collective multi-label classification. In: Proceedings of the 14th ACM international conference on Information and knowledge management, pp. 195–200 (2005)
Godbole, S., Sarawagi, S.: Discriminative methods for multi-labeled classification. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS (LNAI), vol. 3056, pp. 22–30. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24775-3_5
Ji, S., Tang, L., Yu, S., Ye, J.: Extracting shared subspace for multi-label classification. In: Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 381–389 (2008)
Jing, D., Chen, H.B.: SVM based network intrusion detection for the UNSW-NB15 dataset. In: 2019 IEEE 13th International Conference on ASIC (ASICON), pp. 1–4. IEEE (2019)
Keyes, D.S., Li, B., Kaur, G., Lashkari, A.H., Gagnon, F., Massicotte, F.: Entroplyzer: android malware classification and characterization using entropy analysis of dynamic characteristics. In: 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS), pp. 1–12. IEEE (2021)
Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
Liu, Z., Wang, R., Japkowicz, N., Tang, D., Zhang, W., Zhao, J.: Research on unsupervised feature learning for android malware detection based on restricted Boltzmann machines. Futur. Gener. Comput. Syst. 120, 91–108 (2021)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6. IEEE (2015)
Rahali, A., Lashkari, A.H., Kaur, G., Taheri, L., Gagnon, F., Massicotte, F.: DiDroid: android malware classification and characterization using deep image learning. In: 2020 the 10th International Conference on Communication and Network Security, pp. 70–82 (2020)
Read, J., Pfahringer, B., Holmes, G., Frank, E.: Classifier chains for multi-label classification. Mach. Learn. 85(3), 333–359 (2011)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)
Yan, R., Tesic, J., Smith, J.R.: Model-shared subspace boosting for multi-label classification. In: Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 834–843 (2007)
Yang, Y., Zheng, K., Wu, B., Yang, Y., Wang, X.: Network intrusion detection based on supervised adversarial variational auto-encoder with regularization. IEEE Access 8, 42169–42184 (2020)
Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)
Zhang, M.L., Zhou, Z.H.: ML-KNN: a lazy learning approach to multi-label learning. Pattern Recogn. 40(7), 2038–2048 (2007)
Zhang, M.L., Zhou, Z.H.: A review on multi-label learning algorithms. IEEE Trans. Knowl. Data Eng. 26(8), 1819–1837 (2013)
Acknowledgements
We thank the reviewers for their valuable suggestions. The corresponding author of this paper is Shuhao Li. This work is supported by the National Key Research and Development Program of China (Grant No. 2018YFB0804704) and the National Key Research and Development Program of China (Grant No. 2019YFB1005201).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Xie, J., Li, S., Sun, P. (2022). Analysis and Detection Against Overlapping Phenomenon of Behavioral Attribute in Network Attacks. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)