All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Leveraging siamese networks for one-shot intrusion detection model

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F23%3A00361070" target="_blank" >RIV/68407700:21230/23:00361070 - isvavai.cz</a>

  • Result on the web

    <a href="https://doi.org/10.1007/s10844-022-00747-z" target="_blank" >https://doi.org/10.1007/s10844-022-00747-z</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/s10844-022-00747-z" target="_blank" >10.1007/s10844-022-00747-z</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Leveraging siamese networks for one-shot intrusion detection model

  • Original language description

    The use of supervised Machine Learning (ML) to enhance Intrusion Detection Systems (IDS) has been the subject of significant research. Supervised ML is based upon learning by example, demanding significant volumes of representative instances for effective training and the need to retrain the model for every unseen cyber-attack class. However, retraining the models in-situ renders the network susceptible to attacks owing to the time-window required to acquire a sufficient volume of data. Although anomaly detection systems provide a coarse-grained defence against unseen attacks, these approaches are significantly less accurate and suffer from high false-positive rates. Here, a complementary approach referred to as "One-Shot Learning", whereby a limited number of examples of a new attack-class is used to identify a new attack-class (out of many) is detailed. The model grants a new cyber-attack classification opportunity for classes that were not seen during training without retraining. A Siamese Network is trained to differentiate between classes based on pairs similarities, rather than features, allowing to identify new and previously unseen attacks. The performance of a pre-trained model to classify new attack-classes based only on one example is evaluated using three mainstream IDS datasets; CICIDS2017, NSL-KDD, and KDD Cup'99. The results confirm the adaptability of the model in classifying unseen attacks and the trade-off between performance and the need for distinctive class representations.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2023

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Journal of Intelligent Information Systems

  • ISSN

    0925-9902

  • e-ISSN

    1573-7675

  • Volume of the periodical

    60

  • Issue of the periodical within the volume

    2

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    30

  • Pages from-to

    407-436

  • UT code for WoS article

    000879127600001

  • EID of the result in the Scopus database

    2-s2.0-85141377999

Similar results(10)

Image Classifier with Dynamic Set of Known ClassesDesign of Adaptive IDS with Regulated Retraining ApproachA hybrid intelligent approach for network intrusion detection