Open Set Recognition With Dissimilarity Weight for Unknown Attack Detection

Abstract

The continuous advancement of information technology has improved user convenience but has also made it more vulnerable to cyber attacks. In particular, attackers use advanced techniques to perform new attacks. In cyber security, such attacks are defined as unknown attacks and target previously undetected vulnerabilities or excavate gaps in the system. Because these attacks are unidentified or unanalyzed, they are difficult to identify in signature-based misuse detection that learns rules or patterns. Furthermore, anomaly-based detection that learns from normal data to detect outliers cannot detect unknown attacks accurately, because it does not distinguish between known and unknown attacks. To overcome these problems, this study applied open-set recognition with dissimilarity weight (OSRDW). An OSRDW method was used to effectively train the extreme value distribution, which was calculated by applying the dissimilarity weight, through which the weights of the unknown attack were calculated and classified as unknown attacks. Through research analysis, unknown attacks could be categorized into two types, and three datasets (NSL-KDD, UNSW-NB15, CICIDS-2017) with 140,000-2,500,000 rows were used in the experiment. For the first type of unknown attack, the unknown attack detection rate of the proposed method was approximately 10%-20% better than that of the conventional method. For the second type of unknown attack, the accuracy and unknown attack detection rate were higher for the proposed method. The experimental results confirmed that the proposed method had better performance in detecting unknown attacks and could detect various attacks in the three datasets.