Erregistro soila

dc.contributor.authorZurutuza, Urko
dc.contributor.otherSáez-de-Cámara, Xabier
dc.contributor.otherFlores, José Luis
dc.contributor.otherArellano, Cristóbal
dc.contributor.otherUrbieta, Aitor
dc.date.accessioned2024-03-18T10:10:46Z
dc.date.available2024-03-18T10:10:46Z
dc.date.issued2023
dc.identifier.isbn979-8-4007-0765-0en
dc.identifier.otherhttps://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=174342en
dc.identifier.urihttps://hdl.handle.net/20.500.11984/6292
dc.description.abstractMachine learning (ML) based systems have shown promising results for intrusion detection due to their ability to learn complex patterns. In particular, unsupervised anomaly detection approaches offer practical advantages as does not require labeling the training data, which is costly and time-consuming. To further address practical concerns, there is a rising interest in adopting federated learning (FL) techniques as a recent ML model training paradigm for distributed settings (e.g., IoT), thereby addressing challenges such as data privacy, availability and communication cost concerns. However, output generated by unsupervised models provide limited contextual information to security analysts at SOCs, as they usually lack the means to know why a sample was classified as anomalous or cannot distinguish between different types of anomalies, difficulting the extraction of actionable information and correlation with other indicators. Moreover, ML explainability methods have received little attention in FL settings and present additional challenges due to the distributed nature and data locality requirements. This paper proposes a new methodology to characterize and explain the anomalies detected by unsupervised ML-based intrusion detection models in FL settings. We adapt and develop explainability, clustering and cluster validation algorithms to FL settings to mine patterns in the anomalous samples and identify different threats throughout the entire network, demonstrating the results on two network intrusion detection datasets containing real IoT malware, namely Gafgyt and Mirai, and various attack traces. The learned clustering results can be used to classify emerging anomalies, provide additional context that can be leveraged to gain more insight and enable the correlation of the anomalies with alerts triggered by other security solutions.en
dc.description.sponsorshipComisión Europeaes
dc.description.sponsorshipGobieno Vascoes
dc.description.sponsorshipGobierno Vascoes
dc.language.isoengen
dc.publisherACMen
dc.rights© 2023 ACMen
dc.subjectComputing methodologiesen
dc.subjectSecurity and privacyen
dc.subjectODS 4 Educación de calidades
dc.subjectODS 9 Industria, innovación e infraestructuraes
dc.titleFederated Explainability for Network Anomaly Characterizationen
dcterms.accessRightshttp://purl.org/coar/access_right/c_abf2en
dcterms.sourceProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID '23)en
local.contributor.groupAnálisis de datos y ciberseguridades
local.description.peerreviewedtrueen
local.identifier.doihttps://doi.org/10.1145/3607199.3607234en
local.contributor.otherinstitutionttps://ror.org/03hp1m080es
local.source.detailsPp. 346–365. Hong Kong (China), October 16-18en
oaire.format.mimetypeapplication/pdfen
oaire.file$DSPACE\assetstoreen
oaire.resourceTypehttp://purl.org/coar/resource_type/c_c94fen
oaire.versionhttp://purl.org/coar/version/c_ab4af688f83e57aaen
oaire.funderNameEuropean Commission
oaire.funderNameEusko Jaurlaritza = Gobierno Vasco
oaire.funderNameEusko Jaurlaritza = Gobierno Vasco
oaire.funderIdentifierhttps://ror.org/00k4n6c32 http://data.crossref.org/fundingdata/funder/10.13039/501100000780
oaire.funderIdentifierhttps://ror.org/00pz2fp31 http://data.crossref.org/fundingdata/funder/10.13039/501100003086
oaire.funderIdentifierhttps://ror.org/00pz2fp31 http://data.crossref.org/fundingdata/funder/10.13039/501100003086
oaire.fundingStreamH2020
oaire.fundingStreamElkartek 2023
oaire.fundingStreamIkertalde Convocatoria 2022-2025
oaire.awardNumber101021911
oaire.awardNumberKK-2023-00085
oaire.awardNumberIT1676-22
oaire.awardTitleA Cognitive Detection System for Cybersecure Operational (IDUNN)
oaire.awardTitlecyBErsecure industriAl Computing cONtinuum (BEACON)
oaire.awardTitleGrupo de sistemas inteligentes para sistemas industriales
oaire.awardURIhttps://doi.org/10.3030/101021911
oaire.awardURISin información
oaire.awardURISin información


Item honetako fitxategiak

Thumbnail

Item hau honako bilduma honetan/hauetan agertzen da

Erregistro soila