Unknown Cyber Threat Discovery Empowered by Genetic Evolution Without Prior Knowledge

With the continuous development of cyber-attack technologies, attackers increasingly exploit zero-day vulnerabilities or leverage emerging techniques to launch sophisticated attacks, resulting in the persistent emergence of unknown cyber-attacks. However, traditional DL-based cyber-attack detection...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on information forensics and security Ročník 20; s. 9552 - 9567
Hlavní autoři: Fang, Wenbo, He, Junjiang, Li, Wenshan, Ma, Wengang, Zhang, Linlin, Lan, Xiaolong, Yang, Geying, Chen, Jiangchuan, Li, Tao
Médium: Journal Article
Jazyk:angličtina
Vydáno: IEEE 2025
Témata:
Autoencoders
Classification algorithms
convolutional autoencoder
Cyberattack
Evolution (biology)
Generative adversarial networks
genetic evolution
Genetics
global attention
local attention
Optimization
Support vector machines
Technological innovation
Training
Unknown cyber-attack
ISSN:1556-6013, 1556-6021
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:With the continuous development of cyber-attack technologies, attackers increasingly exploit zero-day vulnerabilities or leverage emerging techniques to launch sophisticated attacks, resulting in the persistent emergence of unknown cyber-attacks. However, traditional DL-based cyber-attack detection methods heavily rely on large-scale labeled training data. In practice, obtaining sufficient samples of unknown attacks is challenging, which makes it difficult for these methods to effectively defend against unknown cyber-attacks. In this paper, we propose a method for discovering unknown cyber threats empowered by genetic evolution without prior knowledge. Specifically, We, first mapped the network feature space into a gene framework, and divided the attack genes into a static gene region (SGZ) and a dynamic gene region (DGZ) according to the importance of the cyber-attack genes. Subsequently, leveraging the known attack genes, we utilized different gene evolution strategies and a Convolutional Autoencoder (CAE) to generate attack variants and potential unknown attack genes. Finally, we constructed a cyber-attack detection model incorporating both the global attention mechanism (GAM) and the local attention mechanism (LAM). The generated attack variants and unknown attack genes are the used to enhance the detection ability of the detection model for variants and unknown cyber-attacks. We conducted a large number of experiments on six real and authoritative network datasets. The experimental results show that in different scenario settings, the F1 scores of our proposed method for detecting unknown attacks are 84.64% and 95.77% respectively. The F1 score for detecting unknown attacks on the UNSW-NB15 dataset exceeds that of the baseline classifier. The F1 score for detecting unknown attacks on the CSE-CIC-IDS2018 dataset is 98.85%. In comparison with SOTA methods, the average F1 score is improved by 3.14%. In the evaluation of variant detection performance, the generation method we proposed improves the detection of variants by approximately 11.2%, surpassing generation methods such as the Conditional Generative Adversarial Network (CGAN) and the Variational Autoencoder (VAE). Meanwhile, we also comprehensively evaluated the generalization ability of our proposed method and the evolution ability of different evolution strategies on different datasets and through ablation experiments.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2025.3594569