Enhancing Zero-Day Attack Prediction a Hybrid Game Theory Approach with Neural Networks
Keywords:
Zero-Day Attack Prediction, Gaming Theory, Nash Equilibrium, Adversarial Instances, ANN, M-Bi-LSTMAbstract
Game theory benefits machine learning applications such as pattern recognition, photo identification, speech recognition, and intrusion detection because of its improved performance. As a result, zero-day adversarial samples are created using conventional test data and are unrecognized by the classifier, making them a more severe network threat. According to a survey most of the often used approach, there are no analytical investigations in the literature on zero-day adversarial instances that focus on attack and defense methods through trials employing a variety of settings. This study aims to apply game theory to real-life hostile circumstances, emphasizing attack and defense tactics using Modified Bi-LSTM and Game theory with ANN Auto Encoder. To do this, experiments based on gaming theory and an adaptive gaming model is used. The Nash equilibrium technique was adopted, and the standard defense mechanism was an adversarial training approach. It investigates the success rates of zero-day adversarial situations, average distortions, and original sample recognition using several adaptive game models in various settings. The research shows that adjusting the target model's parameters in real-time enhances adaptive game models' resistance to adversarial samples and the likelihood of being attacked by every node as a security metric. This method's learning mechanism is used to mimic multi-attacker information sharing.
Downloads
References
J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, “Fast portscan detection using sequential hypothesis testing,” in Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, May 2004, pp. 211–225.
G. R. Hendry and S. J. Yang, "Intrusion signature creation via clustering anomalies," in Proc. of SPIE 2008, pp. 69730C-1.
J. Song, H. Ohba, H. Takakura, Y. Okabe, K. Ohira, and Y. Kwon, "A comprehensive approach to detect unknown attacks via intrusion detection alerts," presented at the Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security, Doha, Qatar, 2007.
AlEroud and G. Karabatis, "Discovering Unknown Cyber Attacks using Contextual Misuse and Anomaly Detection " ASE Science Journal vol. 1, pp. 106-120, 2012.
AlEroud and G. Karabatis, "A Contextual Anomaly Detection Approach to Discover Zero-Day Attacks," in 2012 ASE International Conference on Cyber Security, Washington, D.C., USA, 2012.
D. M. J. Tax and R. P. W. Duin, "Data description in subspaces," in Proceedings. 15th International Conference on Pattern Recognition, pp. 672-675 vol.2.
X. B. Li, "A scalable decision tree system and its application in pattern recognition and intrusion detection," Decision Support Systems, vol. 41, pp. 112-130, 2005.
L. Koc, T. A. Mazzuchi, and S. Sarkani, "A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier," ExpertSystems with Applications, vol. 39, pp. 13492-13500, 12/15/ 2012
E. Eskin, A. Arnold, M. Prerau, et al., "A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data," Applications of Data Mining in computer security, vol. 6, pp. 77-102, 2002.
S. A. Zonouz, R. Berthier, H. Khurana, W. H. Sanders, and T. Yardley,"Seclius: an information flow-based, consequence-centric securitymetric," Parallel and Distributed Systems, IEEE Transactions on, vol.26, pp. 562-573, 2015.
D. M. Lewis, and V. P. Janeja, "An empirical evaluation of similarity coefficients for binary valued data," IGI Global,2011, pp. 44-66.
P. Ning, Y. Cui, D. S. Reeves, et al., "Techniques and tools for analyzing intrusion alerts," ACM Trans. Inf. Syst. Secur., vol. 7, no. 2, pp. 274-318, 2004.
J. Mchugh "Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations performed by Lincoln Laboratory," ACM Trans.Inf. Syst. Secur., vol. 3, no. 4, pp. 262-294, 2000.
M. Wu, and C. Jermaine, "Outlier detection by sampling with accuracy guarantees," In Proc. of the 12th ACM SIGKDD Int'l conf. Knowledge discovery and data mining, Philadelphia, PA, USA, 2006, pp. 767-772.
K. Zhang, X. Liang, R. Lu, and X. Shen, “Sybil attacks and their defenses in the internet of things,” IEEE Internet of Things Journal, vol. 1, no. 5, pp. 372–383, 2014.
A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC ’15), pp. 1–6, IEEE, San Francisco, Calif, USA, June 2015.
Kotenko and A. Chechulin, “Attack modeling and security evaluation in Siem systems,” International Transactions on Systems Science and Applications, vol. 8, pp. 129–147, 2012.
F. Kamm¨uller, M. Kerber, and C. W. Probst, “Insider threats and auctions: Formalization, mechanized proof, and code generation,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 8, no. 1, pp. 44–78, 2017.
L. Bilge and T. Dumitras, "Before we knew it: an empirical study ofzero-day attacks in the real world," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012
G. Bonfante, M. Kaczmarek, and J.-Y. Marion, “Morphological detection of malware,” in Proceedings of the 3rd International Conference on Malicious and Unwanted Software, MALWARE2008, pp. 1–8, USA, October 2008.
Santos, F. Brezo, J. Nieves, et al., "Idea: Opcode-sequence based malware detection,” Lecture Notes in Computer Science(including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 5965, pp. 35–43,2010.
Niki, “Drive-by download attacks: Effects and detection methods," in Proceedings of the 3rd IT Security Conference for the Next Generation, 2009.
E. Al Daoud, I. H. Jebril, and B. Zaqaibeh, “Computer virus strategies and detection methods,” International Journal of Open Problems in Computer Science and Mathematics, vol. 1, no. 2, pp.12–20, 2008.
N. Nissim, R. Moskovitch, L. Rokach, and Y. Elovici, “Novel active learning methods for enhanced PC malware detection in windows OS,” Expert Systems with Applications, vol. 41, no. 13,pp. 5843–5857, 2014
Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "Opcode sequences as a representation of executables for data mining-based unknown malware detection,” Information Sciences,vol. 231, pp. 64–82, 2013.
M. Alazab, S. Venkatraman, P. Watters, and M. Alazab, "Zero-day malware detection based on supervised learning algorithms of API call signatures," in Proceedings of the Ninth Australasian Data Mining Conference-Volume 121, 2011, pp. 171-182.
M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: scalable and accurate zero-day android malware detection," in Proceedings of the 10th international conference on Mobile systems, applications, and services, 2012, pp. 281-294.
Y. Park, D. S. Reeves, and M. Stamp, “Deriving common malware behavior through graph clustering,” Computers &Security, vol. 39, pp. 419–430, 2013.
Z. Chen, M. Roussopoulos, Z. Liang, Y. Zhang, Z. Chen, and A. Delis, “Malware characteristics and threats on the internet ecosystem,” The Journal of Systems and Software, vol. 85, no. 7,pp. 1650–1672, 2012.
X. M. Choo, K. L. Chiew, D. H. A. Ibrahim, N. Musa, S. N. Sze, and W. K. Tiong, “Feature-based phishing detection technique,” Journal of Theoretical and Applied Information Technology, vol.91, no. 1, pp. 101–106, 2016.
Khoury, J., &Nassar, M. (2020). A Hybrid Game Theory and Reinforcement Learning Approach for Cyber-Physical Systems Security. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. doi:10.1109/noms47738.2020.9110453
Stier, J., Gianini, G., Granitzer, M., & Ziegler, K. (2018). Analysing Neural Network Topologies: a Game Theoretic Approach. Procedia Computer Science, 126, 234–243. doi:10.1016/j.procs.2018.07.257
Xu, J., Alsabbagh, A., & Ma, C. (2022). Prediction-Based Game-Theoretic Strategy for Energy Management of Hybrid Electric Vehicles. IEEE Journal of Emerging and Selected Topics in Industrial Electronics, 3(1), 79–89. doi:10.1109/jestie.2021.3087962
Gaao, L., Li, Y., Zhang, L., Lin, F., & Ma, M. (2019). Research on Detection and Defense Mechanisms of DoS Attacks Based on BP Neural Network and Game Theory. IEEE Access, 7, 43018–43030. doi:10.1109/access.2019.2905812
Swathy Akshaya, M., and G. Padmavathi. "Zero-Day Attack Path Identification using Probabilistic and Graph Approach based Back Propagation Neural Network in Cloud." Mathematical Statistician and Engineering Applications 71.3s2 (2022):1091-1106
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
