Cybersecurity is constantly evolving due to emerging cyberthreats. Traditional security measures could help mitigate known threats, but they are not effective against new types of attacks. Therefore, it is necessary to explore innovative and effective mitigation strategies to deal with any type of attack, known or emerging. Traditional cybersecurity techniques based on Artificial Intelligence (AI) often rely on Artificial Neural Networks (ANN) designed from scratch. This paper introduces a novel approach based on a complex system that fine-tunes a pre-trained ANN-based Natural Language Processing (NLP) model, which is thus transformed for cyberattack detection. The resulting model can classify network traffic as benign or malicious. This anomaly-based classifier analyzes the statistics of network flows by identifying deviations that are indicative of potential attacks. This paper presents the results of a series of experiments, specifically designed to evaluate the performance by using different sizes of the base model, as well as the influence of the timestamp. The source NLP model used is T5 with the sizes “t5-small” and “t5-base”, while the dataset selected is CIC-IDS-2017. Rigorous evaluation using Stratified 5-Fold Cross-Validation proves the effectiveness of our approach, achieving up to 99.96% of accuracy, precision, recall and F-score, all of them as weighted metrics. These promising results underscore the potential of this novel technique in improving cybersecurity defenses.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Influence of Timestamp in a Complex System for the Detection of Cyberattacks

  • Leopoldo Gutiérrez-Galeano,
  • Francisco Palomo-Lozano,
  • Juan-José Domínguez-Jiménez,
  • Inmaculada Medina-Bulo

摘要

Cybersecurity is constantly evolving due to emerging cyberthreats. Traditional security measures could help mitigate known threats, but they are not effective against new types of attacks. Therefore, it is necessary to explore innovative and effective mitigation strategies to deal with any type of attack, known or emerging. Traditional cybersecurity techniques based on Artificial Intelligence (AI) often rely on Artificial Neural Networks (ANN) designed from scratch. This paper introduces a novel approach based on a complex system that fine-tunes a pre-trained ANN-based Natural Language Processing (NLP) model, which is thus transformed for cyberattack detection. The resulting model can classify network traffic as benign or malicious. This anomaly-based classifier analyzes the statistics of network flows by identifying deviations that are indicative of potential attacks. This paper presents the results of a series of experiments, specifically designed to evaluate the performance by using different sizes of the base model, as well as the influence of the timestamp. The source NLP model used is T5 with the sizes “t5-small” and “t5-base”, while the dataset selected is CIC-IDS-2017. Rigorous evaluation using Stratified 5-Fold Cross-Validation proves the effectiveness of our approach, achieving up to 99.96% of accuracy, precision, recall and F-score, all of them as weighted metrics. These promising results underscore the potential of this novel technique in improving cybersecurity defenses.