| 作成者 |
|
|
|
|
|
| 本文言語 |
|
| 出版者 |
|
| 発行日 |
|
| 会議情報 |
|
| アクセス権 |
|
| 権利関係 |
|
|
|
| 関連DOI |
|
|
|
| 関連DOI |
|
| 関連URI |
|
| 関連ISBN |
|
|
|
| 関連HDL |
|
|
|
| 関連情報 |
|
|
|
| 概要 |
In detection systems of cyber-attacks, the trade-off between FNR (false negative rate) and FPR (false positive rate) makes it difficult to reduce both at the same time. To address this problem, sequen...tial detection consisting of several sub-classifiers has been proposed, where negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further checking. In existing sequential detection systems, the type and structure of sub-classifiers have received a lot of attention. However, not enough attention has been paid to how to improve the purity of the positive instances reported by each sub-classifier. To fill this gap, in this study, we propose a sequential detection system based on a classification filter (SDCF), in which we introduce a classification filter (CF) for sequential detection. Specifically, as with traditional sequential detection, negative instances reported by the previous sub-classifier are sent to the next sub-classifier for further inspection. The difference of our SDCF is that as the CF is introduced to each sub-classifier, the positive instances initially reported in the sub-classifier are sent to the CF, and only those instances with a sufficiently high probability of being positive are eventually reported as positive instances. In this way, the FPR can be optimized by the CF, while the FNR can also be reduced by further checking of the next sub-classifier. Moreover, although SDCF requires five sub-classifiers, 10 candidate models containing Artificial Neural Networks (ANN) as well as stacking Gated Recurrent Unit (SGRU) network need to be trained and validated in order to ensure the quality of all sub-classifiers. In addition, we also tried different CF values to suggest the best one. By testing two popular public datasets, NSL-KDD'99 and CICIDS-2017, the experimental results show that when CF is 0.9, our proposed method can improve the detection performance well with detection rates of 93. 94% (NSL-KDD'99) and 96.29% (CICIDS- 2017), and our SDCF can improve the detection rate by 11.81% while reducing the FPR and FNR by 18.16% and 20.97%, respectively, compared with the latest related work.続きを見る
|
Mendeley出力
