Denial of Service Signature-Guided Deep Neural Learning for Unseen IoT Attack Detection
摘要
Hackers deploy unseen attacks to exploit a vulnerability that the developer is unaware of. In response to escalating cyberattacks, including the unseen attack, many deep learning and machine learning models have been employed to detect network intrusions. Different types of attacks, ranging from known-known exploits, unknown vulnerabilities-known exploits, known exploits-unknown vulnerabilities, and unknown-unknown vulnerabilities, are presented to models used to detect zero-day attacks. This paper focuses on tackling known exploits and unknown vulnerability scenarios by observing and analysing the behavioural generalization in threat detection. This work proposes the Denial of Service guided deep neural networks, which captures the behavioural primitive of attacks from DoS attack signatures and then tests the model to detect other types of attacks such as DDoS, reconnaissance, and ARP spoof attacks. Our proposed solution makes use of vision transformer and pretrained convolutional neural network models, which are trained only on DoS attack signatures and tested upon other types of attacks. This solution makes use of an image/pattern created from network traffic. Our work performs unseen attack detection with minimum false positives. Generally, network traffic contains numerical/object-based values. These values are converted to binary values and then made into a matrix of rows and columns of equal size and stored as an image. Features are selected based on the correlation coefficient value with respect to the label, and the count of features has been restricted to perfect squares for the convenience of the image creation. This work has been trained and validated using the CICIoT2023, CICIoMT2024, and BoTIoT datasets. The deep learning models have the advantage of being able to scale across large datasets when compared to machine learning models. Using a relevant subset of features, our work was able to perform decently. For DDoS attack (similar to train set) detection, the highest accuracy of 100% has been achieved. The accuracy percentage of the model for a reconnaissance attack is 91%. ARP spoofing attacks (unrelated to the training set) have a 70% detection rate. ROC_AUC values ranging from 0.8 to 0.9 were attained by models for DDoS and reconnaissance attacks. The scope of work has been detailed using explainable AI and real-time deployment.