One-Class Models for Intrusion Detection at ISP Customer Networks
Ref: CISTER-TR-230609 Publication Date: 16, Jun, 2023
One-Class Models for Intrusion Detection at ISP Customer Networks
Ref: CISTER-TR-230609 Publication Date: 16, Jun, 2023Abstract:
Despite the explosion of IoT deployments at Internet Service Provider (ISP) customer networks, such devices remain vulnerable to cyber-attacks. We present a ML-based anomaly detection system, to be deployed at the Customer Premises Equipment (CPE), that leverages several One-Class Classification algorithms and majority voting to detect anomalous network traffic. We train these models using not only conventional per-flow features but also features extracted from sliding windows of flows. An extensive evaluation, using publicly available datasets shows that our algorithm has a higher detection rate than commonly supervised-learning algorithms, which require the use of labelled datasets. Our evaluation suggests that the detection capabilities of our algorithm are only marginally affected by Packet Acceleration, a technique used by CPEs to improve throughput but that reduces the number of packets (per flow) available to extract features from.
Nuno Schumacher
Pedro Miguel Santos
Pedro Souto
João Ferreira
Luís AlmeidaDocument:
View
DownloadProceedings of the IFIP Artificial Intelligence Applications and Innovations (AIAI 2023).
León, Spain.
Record Date: 14, Jun, 2023