The proliferation of interconnected battlefield information-sharing devices, known as the Internet of Battlefield Things (IoBT), introduced several security challenges. Inherent to the IoBT operating environment is the practice of adversarial machine learning, which attempts to circumvent machine learning models. This work examines the feasibility of cost-effective unsupervised learning and graph-based methods for anomaly detection in the network intrusion detection system setting, and also leverages an ensemble approach to supervised learning of the anomaly detection problem. We incorporate a realistic adversarial training mechanism when training supervised models to enable strong classification performance in adversarial environments. The results indicate that the unsupervised and graph-based methods were outperformed in detecting anomalies (malicious activity) by the supervised stacking ensemble method with two levels. This model consists of three different classifiers in the first level, followed by either a Naive Bayes or Decision Tree classifier for the second level. The model maintains an F1-score above 0.97 for malicious samples across all tested level two classifiers. Notably, Naive Bayes is the fastest level two classifier averaging 1.12 seconds while Decision Tree maintains the highest AUC score of 0.98.
翻译:相互关联的战场信息共享装置(称为战地物品互联网)的扩散带来了若干安全挑战。IoBT操作环境固有的是对抗性机器学习的做法,这种做法试图绕过机器学习模式。这项工作审查了在网络入侵探测系统设置中以成本效益高的、不受监督的学习和图表为基础的方法在网络入侵探测系统设置中异常探测的可行性,还利用共同方法监督地了解异常探测问题。在培训受监督的模型时,我们采用了现实的对抗性培训机制,以便在对抗性环境中实现强有力的分类性能。结果显示,未经监督和基于图表的方法在通过监督的堆叠共体方法检测异常(恶意活动)方面表现得超过两级,该模型由第一级的三个不同的分类者组成,其次是一个纳米湾或第二个层次的决定树分类者。该模型在所有测试的二级分类者中保留了超过0.97的恶性样品的F1标记。值得注意的是,Naive Bayes是速度最快的2级分类数级,平均为1.12秒,而决定树的等级为0.98最高分。
相关内容
微信扫码咨询专知VIP会员