Effective network intrusion detection using anomaly scores from unsupervised machine learning models depends on the performance of the models. Although unsupervised models do not require labels during the training and testing phases, the assessment of their performance metrics during the evaluation phase still requires comparing anomaly scores against labels. In real-world scenarios, the absence of labels in massive network datasets makes it infeasible to calculate performance metrics. Therefore, it is valuable to develop an algorithm that calculates robust performance metrics without using labels. In this paper, we propose a novel algorithm, Expectation Maximization-Area Under the Curve (EM-AUC), to derive the Area Under the ROC Curve (AUC-ROC) and the Area Under the Precision-Recall Curve (AUC-PR) by treating the unavailable labels as missing data and replacing them through their posterior probabilities. This algorithm was applied to two network intrusion datasets, yielding robust results. To the best of our knowledge, this is the first time AUC-ROC and AUC-PR, derived without labels, have been used to evaluate network intrusion detection systems. The EM-AUC algorithm enables model training, testing, and performance evaluation to proceed without comprehensive labels, offering a cost-effective and scalable solution for selecting the most effective models for network intrusion detection.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.3390/s25010078 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
CANGuard: An Enhanced Approach to the Detection of Anomalies in CAN-Enabled Vehicles.
Sensors (Basel)
January 2025
Department of Computer Science, College of Charleston, Charleston, SC 29424, USA.
As modern vehicles continue to evolve, advanced technologies are integrated to enhance the driving experience. A key enabler of this advancement is the Controller Area Network (CAN) bus, which facilitates seamless communication between vehicle components. Despite its widespread adoption, the CAN bus was not designed with security as a priority, making it vulnerable to various attacks.
View Article and Find Full Text PDFA Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks.
Sensors (Basel)
December 2024
Department of Automation and Industrial Informatics, Faculty of Automatic Control and Computer Sciences, National University of Science and Technology Polithenica Bucharest, 313 Spl. Independenței, RO060042 Bucharest, Romania.
Every day, a considerable number of new cybersecurity attacks are reported, and the traditional methods of defense struggle to keep up with them. In the current context of the digital era, where industrial environments handle large data volumes, new cybersecurity solutions are required, and intrusion detection systems (IDSs) based on artificial intelligence (AI) algorithms are coming up with an answer to this critical issue. This paper presents an approach for implementing a generic model of a network-based intrusion detection system for Industry 4.
View Article and Find Full Text PDFEM-AUC: A Novel Algorithm for Evaluating Anomaly Based Network Intrusion Detection Systems.
Sensors (Basel)
December 2024
Department of Engineering Management and Systems Engineering, George Washington University, Washington, DC 20052, USA.
Effective network intrusion detection using anomaly scores from unsupervised machine learning models depends on the performance of the models. Although unsupervised models do not require labels during the training and testing phases, the assessment of their performance metrics during the evaluation phase still requires comparing anomaly scores against labels. In real-world scenarios, the absence of labels in massive network datasets makes it infeasible to calculate performance metrics.
View Article and Find Full Text PDFIntelligent Pattern Recognition Using Distributed Fiber Optic Sensors for Smart Environment.
Sensors (Basel)
December 2024
Centre for Photonic Devices and Sensors, Department of Engineering, University of Cambridge, Cambridge CB3 0FA, UK.
Distributed fiber optic sensors (DFOSs) have become increasingly popular for intrusion detection, particularly in outdoor and restricted zones. Enhancing DFOS performance through advanced signal processing and deep learning techniques is crucial. While effective, conventional neural networks often involve high complexity and significant computational demands.
View Article and Find Full Text PDFFFL-IDS: A Fog-Enabled Federated Learning-Based Intrusion Detection System to Counter Jamming and Spoofing Attacks for the Industrial Internet of Things.
Sensors (Basel)
December 2024
Stony Brook Institute at Anhui University, Hefei 230000, China.
The Internet of Things (IoT) contains many devices that can compute and communicate, creating large networks. Industrial Internet of Things (IIoT) represents a developed application of IoT, connecting with embedded technologies in production in industrial operational settings to offer sophisticated automation and real-time decisions. Still, IIoT compels significant cybersecurity threats beyond jamming and spoofing, which could ruin the critical infrastructure.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!