One of the ongoing concerns for (D)DoS detection models in cyber-physical systems and the Internet-of-Things is the lack of labelled training data, especially with the cost of producing these datasets. A possible solution is to apply an existing detection model in one domain to attack detection in another domain. However, there is currently minimal research into this particular area. In this study, we attempt to generalise detection models in this manner and evaluate their performance. Particularly, we performed a cross-domain evaluation on two (D)DoS attack detection models in Internet-of-Things and cyber-physical systems, respectively. The detection performance of the two models and the computational overhead were evaluated in both domains in a resource-constrained environment to evaluate their detection performance. The results of the cross-domain evaluation suggest that certain elements may have an important role in determining a model’s performance after being applied to an unfamiliar domain. We discover that the detection model architecture determines the types of information that these models can learn from, as well as the impact of data distributions on the classification results. Further research is required to determine the specific requirements for generalising other detection models in the Internet-of-Things and cyber-physical systems domains.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cross-Domain Evaluation of CNN-Based and Generative Adversarial Networks Models’ Generalisability for (D)DoS Attack Detection in CPS and IoT

  • Vicky Ngo,
  • Sira Yongchareon,
  • Ji Ruan,
  • Mahsa Mohaghegh,
  • Roopak Sinha

摘要

One of the ongoing concerns for (D)DoS detection models in cyber-physical systems and the Internet-of-Things is the lack of labelled training data, especially with the cost of producing these datasets. A possible solution is to apply an existing detection model in one domain to attack detection in another domain. However, there is currently minimal research into this particular area. In this study, we attempt to generalise detection models in this manner and evaluate their performance. Particularly, we performed a cross-domain evaluation on two (D)DoS attack detection models in Internet-of-Things and cyber-physical systems, respectively. The detection performance of the two models and the computational overhead were evaluated in both domains in a resource-constrained environment to evaluate their detection performance. The results of the cross-domain evaluation suggest that certain elements may have an important role in determining a model’s performance after being applied to an unfamiliar domain. We discover that the detection model architecture determines the types of information that these models can learn from, as well as the impact of data distributions on the classification results. Further research is required to determine the specific requirements for generalising other detection models in the Internet-of-Things and cyber-physical systems domains.