Learning to Learn Sequential Network Attacks Using Hidden Markov Models

Learning to Learn Sequential Network Attacks Using Hidden Markov Models

The global surge of cyber-attacks in the form of sequential network attacks has propelled the need for robust intrusion detection and prediction systems. Such attacks are difficult to reveal using current intrusion detection systems, since each individual attack phase may appear benign when examined...

Full description

Bibliographic Details
Main Authors: Timothy Chadza, Konstantinos G. Kyriakopoulos, Sangarapillai Lambotharan
Format: Article
Language:English
Published: IEEE 2020-01-01
Series:IEEE Access
Subjects:
Transfer learning
hidden Markov model
Viterbi decoding
forward-backward
sequential network attacks
Online Access:https://ieeexplore.ieee.org/document/9146155/
id doaj-0f58d375c47948db9dc59a3a36485aaf
record_format Article
spelling doaj-0f58d375c47948db9dc59a3a36485aaf2021-03-30T04:42:32ZengIEEEIEEE Access2169-35362020-01-01813448013449710.1109/ACCESS.2020.30112939146155Learning to Learn Sequential Network Attacks Using Hidden Markov ModelsTimothy Chadza0https://orcid.org/0000-0002-4647-0329Konstantinos G. Kyriakopoulos1https://orcid.org/0000-0002-7498-4589Sangarapillai Lambotharan2https://orcid.org/0000-0001-5255-7036Wolfson School of Mechanical, Electrical, and Manufacturing Engineering, Loughborough University, Loughborough, U.K.Wolfson School of Mechanical, Electrical, and Manufacturing Engineering, Loughborough University, Loughborough, U.K.Wolfson School of Mechanical, Electrical, and Manufacturing Engineering, Loughborough University, Loughborough, U.K.The global surge of cyber-attacks in the form of sequential network attacks has propelled the need for robust intrusion detection and prediction systems. Such attacks are difficult to reveal using current intrusion detection systems, since each individual attack phase may appear benign when examined outside of its context. In addition, there are challenges in building supervised learning models for such attacks, since there are limited labelled datasets available. Hence, there is a need for updating already built models to specific operational environments and for addressing the concept drift. A hidden Markov model (HMM) is a popular framework for sequential modelling, however, in addition to the above challenges, the model parameters are difficult to optimise. This paper proposes a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. The datasets may be from a different but related domain. Five unsupervised HMM techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch (BW), Viterbi training, gradient descent, differential evolution (DE) and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. Specifically, for the prediction of the three next most likely states and observations, TL with DE achieved a maximum accuracy improvement of 48.3%, and 27.4%, respectively. Finally, the actual detection prediction for the three next most probable states and methods of manifestation reaches 78.9% and 96.3% using TL with BW and DE, respectively.https://ieeexplore.ieee.org/document/9146155/Transfer learninghidden Markov modelViterbi decodingforward-backwardsequential network attacks
collection DOAJ
language English
format Article
sources DOAJ
author Timothy Chadza
Konstantinos G. Kyriakopoulos
Sangarapillai Lambotharan
spellingShingle Timothy Chadza
Konstantinos G. Kyriakopoulos
Sangarapillai Lambotharan
Learning to Learn Sequential Network Attacks Using Hidden Markov Models
IEEE Access
Transfer learning
hidden Markov model
Viterbi decoding
forward-backward
sequential network attacks
author_facet Timothy Chadza
Konstantinos G. Kyriakopoulos
Sangarapillai Lambotharan
author_sort Timothy Chadza
title Learning to Learn Sequential Network Attacks Using Hidden Markov Models
title_short Learning to Learn Sequential Network Attacks Using Hidden Markov Models
title_full Learning to Learn Sequential Network Attacks Using Hidden Markov Models
title_fullStr Learning to Learn Sequential Network Attacks Using Hidden Markov Models
title_full_unstemmed Learning to Learn Sequential Network Attacks Using Hidden Markov Models
title_sort learning to learn sequential network attacks using hidden markov models
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2020-01-01
description The global surge of cyber-attacks in the form of sequential network attacks has propelled the need for robust intrusion detection and prediction systems. Such attacks are difficult to reveal using current intrusion detection systems, since each individual attack phase may appear benign when examined outside of its context. In addition, there are challenges in building supervised learning models for such attacks, since there are limited labelled datasets available. Hence, there is a need for updating already built models to specific operational environments and for addressing the concept drift. A hidden Markov model (HMM) is a popular framework for sequential modelling, however, in addition to the above challenges, the model parameters are difficult to optimise. This paper proposes a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. The datasets may be from a different but related domain. Five unsupervised HMM techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch (BW), Viterbi training, gradient descent, differential evolution (DE) and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. Specifically, for the prediction of the three next most likely states and observations, TL with DE achieved a maximum accuracy improvement of 48.3%, and 27.4%, respectively. Finally, the actual detection prediction for the three next most probable states and methods of manifestation reaches 78.9% and 96.3% using TL with BW and DE, respectively.
topic Transfer learning
hidden Markov model
Viterbi decoding
forward-backward
sequential network attacks
url https://ieeexplore.ieee.org/document/9146155/
work_keys_str_mv AT timothychadza learningtolearnsequentialnetworkattacksusinghiddenmarkovmodels
AT konstantinosgkyriakopoulos learningtolearnsequentialnetworkattacksusinghiddenmarkovmodels
AT sangarapillailambotharan learningtolearnsequentialnetworkattacksusinghiddenmarkovmodels
_version_ 1724181291025301504

Similar Items