Abstract
In recent times, Machine Learning has played an important role in developing novel advanced tools for threat detection and mitigation. Intrusion Detection, Misinformation, Malware, and Fraud Detection are just some examples of cybersecurity fields in which Machine Learning techniques are used to reveal the presence of malicious behaviors. However, Out-of-Distribution, i.e., the potential distribution gap between training and test set, can heavily affect the performances of the traditional Machine Learning based methods. Indeed, they could fail in identifying out-of-samples as possible threats, therefore devising robust approaches to cope with this issue is a crucial and relevant challenge to mitigate the risk of undetected attacks. Moreover, a recent emerging line proposes to use generative models to yield synthetic likely examples to feed the learning algorithms. In this work, we first survey recent Machine Learning and Deep Learning based solutions to face both the problems, i.e., outlier detection and generation; then we illustrate the main cybersecurity application scenarios in which these approaches have been adopted successfully.
E. Coppolillo, A. Liguori, M. Guarascio, and F. Sergio Pisani—Equally contributed to the paper and are all considered first authors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aghakhani, H., Machiry, A., Nilizadeh, S., Kruegel, C., Vigna, G.: Detecting deceptive reviews using generative adversarial networks. CoRR abs/1805.10364 (2018)
Akcay, S., Atapour-Abarghouei, A., Breckon, T.P.: GANomaly: semi-supervised anomaly detection via adversarial training. In: ACCV (2018)
Akçay, S., Atapour-Abarghouei, A., Breckon, T.P.: Skip-GANomaly: skip connected and adversarially trained encoder-decoder anomaly detection. In: IJCNN (2019)
Alfeo, A.L., Cimino, M.G., Manco, G., Ritacco, E., Vaglini, G.: Using an autoencoder in the design of an anomaly detector for smart manufacturing. Pattern Recogn. Lett. 136, 272–278 (2020)
An, J., Cho, S.: Variational autoencoder based anomaly detection using reconstruction probability (2015). http://dm.snu.ac.kr/static/docs/TR/SNUDM-TR-2015-03.pdf
Bank, D., Koenigstein, N., Giryes, R.: Autoencoders. CoRR (2020)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Computing Surveys (CSUR) 41, 1–72 (2009)
Chen, H., Jiang, L.: Gan-based method for cyber-intrusion detection. CoRR abs/1904.02426 (2019)
Chen, J., Shen, Y., Ali, R.: Credit card fraud detection using sparse autoencoder and generative adversarial network. 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 1054–1059 (2018)
Chen, J., Sathe, S., Aggarwal, C., Turaga, D.: Outlier detection with autoencoder ensembles. In: SDM (2017)
Chen, Z., Yeo, C.K., Lee, B.S., Lau, C.T.: Autoencoder-based network anomaly detection. In: WTS (2018)
Das, S.: FGAN: federated generative adversarial networks for anomaly detection in network traffic (2022). https://doi.org/10.48550/ARXIV.2203.11106. https://arxiv.org/abs/2203.11106
Fiore, U., De Santis, A., Perla, F., Zanetti, P., Palmieri, F.: Using generative adversarial networks for improving classification effectiveness in credit card fraud detection. Inf. Sci. 479, 448–455 (2019). https://doi.org/10.1016/j.ins.2017.12.030. https://www.sciencedirect.com/science/article/pii/S0020025517311519
Folino, F., Folino, G., Guarascio, M., Pisani, F., Pontieri, L.: On learning effective ensembles of deep neural networks for intrusion detection. Inf. Fusion 72, 48–69 (2021). https://doi.org/10.1016/j.inffus.2021.02.007. https://www.sciencedirect.com/science/article/pii/S1566253521000245
Fu, Y., Lan, Q.: Deep generative model for malware detection. In: 2020 Chinese Control And Decision Conference (CCDC), pp. 2072–2077 (2020). https://doi.org/10.1109/CCDC49329.2020.9164231
Goodfellow, I.J., et al.: Generative adversarial nets. In: NIPS, pp. 2672–2680 (2014)
Graves, A.: Supervised Sequence Labelling with Recurrent Neural Networks. Studies in Computational Intelligence. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24797-2
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4
Guarascio, M., Manco, G., Ritacco, E.: Deep learning. Encycl. Bioinform. Comput. Biol. ABC Bioinf. 1–3, 634–647 (2018)
Guarascio, M., Cassavia, N., Pisani, F.S., Manco, G.: Boosting cyber-threat intelligence via collaborative intrusion detection. Future Gener. Comput. Syst. 135, 30–43 (2022). https://doi.org/10.1016/j.future.2022.04.028. https://www.sciencedirect.com/science/article/pii/S0167739X22001571
Han, X., Chen, X., Liu, L.P.: Gan ensemble for anomaly detection. In: AAAI (2020)
Hardy, W., Chen, L., Hou, S., Ye, Y., Li, X.: DL 4 MD : a deep learning framework for intelligent malware detection (2016)
Hawkins, S., He, H., Williams, G.J., Baxter, R.A.: Outlier detection using replicator neural networks. In: DaWaK (2002)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Hsu, C., Lee, C., Zhuang, Y.: Learning to detect fake face images in the wild. CoRR abs/1809.08754 (2018)
Kim, J.Y., Bu, S.J., Cho, S.B.: Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders. Inf. Sci. 460–461, 83–102 (2018). https://doi.org/10.1016/j.ins.2018.04.092. https://www.sciencedirect.com/science/article/pii/S0020025518303475
Kim, J.Y., Cho, S.B.: Obfuscated malware detection using deep generative model based on global/local features. Comput. Secur. 112, 102501 (2022). https://doi.org/10.1016/j.cose.2021.102501
Kingma, D.P., Welling, M.: Auto-encoding variational bayes. In: ICLR (2014)
Laptev, N.: Anogen: Deep anomaly generator (2018). https://tinyurl.com/fbanogen
Le Cun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, S.-K.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks. In: Tetko, I.V., Kůrková, V., Karpov, P., Theis, F. (eds.) ICANN 2019. LNCS, vol. 11730, pp. 703–716. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30490-4_56
Liguori, A., Manco, G., Pisani, F.S., Ritacco, E.: Adversarial regularized reconstruction for anomaly detection and generation. In: 2021 IEEE International Conference on Data Mining (ICDM), pp. 1204–1209 (2021). https://doi.org/10.1109/ICDM51629.2021.00145
Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: ICDM (2008)
Mattia, F.D., Galeone, P., Simoni, M.D., Ghelfi, E.: A survey on GANs for anomaly detection. CoRR (2019)
Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.D.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. 48(1), 2808691 (2015). https://doi.org/10.1145/2808691
Ngo, C.P., Winarto, A.A., Li, C.K.K., Park, S., Akram, F., Lee, H.K.: Fence GAN: towards better anomaly detection. In: ICTAI (2019)
Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. 54(1), 1–38 (2021)
Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets. In: SIGMOID (2000)
Rathore, H., Agarwal, S., Sahay, S.K., Sewak, M.: Malware detection using machine learning and deep learning. In: Mondal, A., Gupta, H., Srivastava, J., Reddy, P.K., Somayajulu, D.V.L.N. (eds.) BDA 2018. LNCS, vol. 11297, pp. 402–411. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04780-1_28
Rizzo, S.G., Pang, L., Chen, Y., Chawla, S.: Probabilistic outlier detection and generation. CoRR (2020)
Ruff, L., et al.: A unifying review of deep and shallow anomaly detection. Proceedings of the IEEE (2021)
Salimans, T., Goodfellow, I., Zaremba, W., Cheung, V., Radford, A., Chen, X.: Improved techniques for training GANs. In: NIPS (2016)
Schlegl, T., Seeböck, P., Waldstein, S.M., Langs, G., Schmidt-Erfurth, U.: f-AnoGAN: fast unsupervised anomaly detection with generative adversarial networks. Medical Image Analysis 54, 30–44 (2019)
Schlegl, T., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. In: IPMI (2017)
Schölkopf, B., Williamson, R.C., Smola, A.J., Shawe-Taylor, J., Platt, J.C., et al.: Support vector method for novelty detection. In: NIPS (1999)
Shu, K., Sliva, A., Wang, S., Tang, J., Liu, H.: Fake news detection on social media: a data mining perspective. CoRR abs/1708.01967 (2017)
Suciu, O., Coull, S., Johns, J.: Exploring adversarial examples in malware detection, pp. 8–14 (2019). https://doi.org/10.1109/SPW.2019.00015
Tian, K., Zhou, S., Fan, J., Guan, J.: Learning competitive and discriminative reconstructions for anomaly detection. In: AAAI 33 (2019)
Tolstikhin, I., Bousquet, O., Gelly, S., Schoelkopf, B.: Wasserstein auto-encoders. In: ICLR (2019)
Vu, H.S., Ueta, D., Hashimoto, K., Maeno, K., Pranata, S., Shen, S.M.: Anomaly detection with adversarial dual autoencoders. CoRR (2019)
Wang, Q., Guo, W., Zhang, K., Xing, X., Giles, C., Liu, X.: Random feature nullification for adversary resistant deep architecture (2016)
Xia, X., et al.: GAN-based anomaly detection: a review. Neurocomputing 493, 497–535 (2022). https://doi.org/10.1016/j.neucom.2021.12.093. https://www.sciencedirect.com/science/article/pii/S0925231221019482
Zenati, H., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient GAN-based anomaly detection. CoRR (2019)
Zenati, H., Romain, M., Foo, C.S., Lecouat, B., Chandrasekhar, V.R.: Adversarially learned anomaly detection. In: ICDM (2018)
Zhou, C., Paffenroth, R.C.: Anomaly detection with robust deep autoencoders. In: KDD (2017)
Acknowledgements
This work was partially supported by EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (cybersec4europe.eu) and by project SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the European Union - NextGenerationEU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Coppolillo, E., Liguori, A., Guarascio, M., Pisani, F.S., Manco, G. (2023). Generative Methods for Out-of-distribution Prediction and Applications for Threat Detection and Analysis: A Short Review. In: Skarmeta, A., Canavese, D., Lioy, A., Matheu, S. (eds) Digital Sovereignty in Cyber Security: New Challenges in Future Vision. CyberSec4Europe 2022. Communications in Computer and Information Science, vol 1807. Springer, Cham. https://doi.org/10.1007/978-3-031-36096-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-36096-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36095-4
Online ISBN: 978-3-031-36096-1
eBook Packages: Computer ScienceComputer Science (R0)