ABSTRACT
The prevalence of encrypted Internet traffic has resulted in a pressing need for advanced analysis techniques for traffic analysis and classification. Traditional rule-based and signature-based approaches have been hindered by the introduction of network encryption methods. With the emergence of machine learning (ML) and deep learning (DL), several preliminary works have been developed for anomaly detection in encrypted network traffic. However, complex Artificial Intelligence (AI) models like neural networks lack explainability, limiting the understanding of their predictions. To address this limitation, eXplainable Artificial Intelligence (XAI) has emerged, aiming to provide users with a rationale for understanding AI system outputs and fostering trust. However, existing explainable frameworks still lack comprehensive support for adversarial attacks and defenses.
In this paper, we present Montimage AI Platform (MAIP), a new GUI-based deep learning framework for malicious traffic detection and classification combined with its ability of explaining the decision of the model. We employ popular XAI methods to interpret the prediction of the developed deep learning model. Furthermore, we perform adversarial attacks to assess the accountability and robustness of our model via different quantifiable metrics. We perform extensive experiments with both public and private network traffic. The experimental results demonstrate that our model achieves high performance and robustness, and its outcomes align closely with the domain knowledge.
- Alejandro Barredo Arrieta 2020. Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information fusion (2020).Google Scholar
- David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically identifying trigger-based behavior in malware. Botnet Detection: Countering the Largest Security Threat (2008).Google Scholar
- Livadas Carl, R Walsh, D Lapsley, and WT Strayer. 2006. Using machine learning technliques to identify botnet traffic. In Local Computer Networks, Proceedings 2006 31st IEEE Conference on. IEEE.Google Scholar
- Weidong Cui, Randy H Katz, and Wai-tian Tan. 2005. BINDER: An extrusion-based break-in detector for personal computers. In USENIX Annual Technical Conference, General Track.Google Scholar
- Dilara Gümüşbaş, Tulay Yıldırım, Angelo Genovese, and Fabio Scotti. 2020. A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal (2020).Google ScholarCross Ref
- Donghwoon Kwon, Hyunjoo Kim, Jinoh Kim, Sang C Suh, Ikkyun Kim, and Kuinam J Kim. 2019. A survey of deep learning-based network anomaly detection. Cluster Computing (2019).Google Scholar
- Hemank Lamba, Thomas J Glazier, Javier Cámara, Bradley Schmerl, David Garlan, and Jürgen Pfeffer. 2017. Model-based cluster analysis for identifying suspicious activity sequences in software. In Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics.Google ScholarDigital Library
- Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. Advances in neural information processing systems 30 (2017).Google Scholar
- Azqa Nadeem, Daniël Vos, Clinton Cao, Luca Pajola, Simon Dieck, Robert Baumgartner, and Sicco Verwer. 2022. Sok: Explainable machine learning for computer security applications. arXiv preprint arXiv:2208.10605 (2022).Google Scholar
- Manh-Dung Nguyen, Vinh Hoa La, R. Cavalli, and Edgardo Montes de Oca. 2022. Towards improving explainability, resilience and performance of cybersecurity analysis of 5G/IoT networks (work-in-progress paper). In 2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW).Google ScholarCross Ref
- Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. " Why should i trust you?" Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135–1144.Google ScholarDigital Library
- Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).Google Scholar
- W Timothy Strayer, David E Lapsley, Robert Walsh, and Carl Livadas. 2008. Botnet detection based on network behavior.Botnet detection 36, August (2008), 1–24.Google Scholar
- Petr Velan, Milan Čermák, Pavel Čeleda, and Martin Drašar. 2015. A survey of methods for encrypted traffic classification and analysis. International Journal of Network Management (2015).Google ScholarDigital Library
- Xianmin Wang, Jing Li, Xiaohui Kuang, Yu-an Tan, and Jin Li. 2019. The security of machine learning in an adversarial setting: A survey. J. Parallel Distributed Comput. (2019).Google Scholar
- Lei Xu, Maria Skoularidou, Alfredo Cuesta-Infante, and Kalyan Veeramachaneni. 2019. Modeling tabular data using conditional gan. Advances in Neural Information Processing Systems 32 (2019).Google Scholar
- Zscaler. 2022. State of Encrypted Attacks.Google Scholar
Index Terms
- A deep learning anomaly detection framework with explainability and robustness
Recommendations
A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks
AbstractMalware is constantly evolving with rising concern for cyberspace. Deep learning-based malware detectors are being used as a potential solution. However, these detectors are vulnerable to adversarial attacks. The adversarial attacks manipulate ...
Graphical abstractDisplay Omitted
Highlights- An approach to combining adversarial attacks is proposed to analyse the robustness of malware detectors against attacks.
- Ten adversarial attacks are created to generate binary-encoded malicious samples, including the proposed combined ...
Deep Learning Approaches for Cyber Threat Detection and Mitigation
ICAAI '23: Proceedings of the 2023 7th International Conference on Advances in Artificial IntelligenceCyberspace has inflated over the past decade, primarily driven by pervasive development and widespread usage of the internet. Prolonged cyber-attacks and security vulnerabilities have become more common as a consequence. A recent study conducted by ...
A survey on deep learning for cybersecurity: Progress, challenges, and opportunities
AbstractAs the number of Internet-connected systems rises, cyber analysts find it increasingly difficult to effectively monitor the produced volume of data, its velocity and diversity. Signature-based cybersecurity strategies are unlikely to ...
Comments