Few-shot Weakly-supervised Cybersecurity Anomaly Detection
This work addresses cybersecurity anomaly detection for systems vulnerable to evolving attacks, but it is incremental as it builds on an existing framework.
The paper tackles the problem of detecting cybersecurity anomalies with limited labeled data by enhancing an existing few-shot weakly-supervised deep learning framework, achieving performance evaluated on benchmark datasets NSL-KDD, CIC-IDS2018, and TON_IoT.
With increased reliance on Internet based technologies, cyberattacks compromising users' sensitive data are becoming more prevalent. The scale and frequency of these attacks are escalating rapidly, affecting systems and devices connected to the Internet. The traditional defense mechanisms may not be sufficiently equipped to handle the complex and ever-changing new threats. The significant breakthroughs in the machine learning methods including deep learning, had attracted interests from the cybersecurity research community for further enhancements in the existing anomaly detection methods. Unfortunately, collecting labelled anomaly data for all new evolving and sophisticated attacks is not practical. Training and tuning the machine learning model for anomaly detection using only a handful of labelled data samples is a pragmatic approach. Therefore, few-shot weakly supervised anomaly detection is an encouraging research direction. In this paper, we propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework. This framework incorporates data augmentation, representation learning and ordinal regression. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.