Browsing by Author "Kwak J"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- ItemImproved Bidirectional GAN-Based Approach for Network Intrusion Detection Using One-Class Classifier(MDPI (Basel, Switzerland), 2022-06-01) Xu W; Jang-Jaccard J; Liu T; Sabrina F; Kwak JExisting generative adversarial networks (GANs), primarily used for creating fake image samples from natural images, demand a strong dependence (i.e., the training strategy of the generators and the discriminators require to be in sync) for the generators to produce as realistic fake samples that can “fool” the discriminators. We argue that this strong dependency required for GAN training on images does not necessarily work for GAN models for network intrusion detection tasks. This is because the network intrusion inputs have a simpler feature structure such as relatively low-dimension, discrete feature values, and smaller input size compared to the existing GAN-based anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads involved in excessive training. In our proposed method, the training iteration of the generator (and accordingly the encoder) is increased separate from the training of the discriminator until it satisfies the condition associated with the cross-entropy loss. Our empirical results show that this proposed training strategy greatly improves the performance of both the generator and the discriminator even in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network traffic based on binary classification results instead of calculating expensive and complex anomaly scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective to be used in network intrusion detection tasks and outperforms other similar generative methods on two datasets: NSL-KDD and CIC-DDoS2019 datasets.
- ItemNovel Architecture of Security Orchestration, Automation and Response in Internet of Blended Environment(Tech Science Press, 2022-05-18) Lee M; Jang-Jaccard J; Kwak JNew technologies that take advantage of the emergence of massive Internet of Things (IoT) and a hyper-connected network environment have rapidly increased in recent years. These technologies are used in diverse environments, such as smart factories, digital healthcare, and smart grids, with increased security concerns. We intend to operate Security Orchestration, Automation and Response (SOAR) in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged. To facilitate the understanding of the security concern involved in this newly emerging area, we offer the definition of Internet of Blended Environment (IoBE) where various convergence environments are interconnected and the data analyzed in automation. We define Blended Threat (BT) as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE. We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process. The Security Orchestration, Automation, and Response (SOAR) part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data. SOAR is operated under Collaborative Units of Blended Environment (CUBE) which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.
