A Comparison of Re-Sampling Techniques for Detection of Multi-Step Attacks on Deep Learning Models

Muhammad Hassan Jamal (Corresponding / Lead Author), Naila Naz, Muazzam A. Khan Khattak, Faisal Saeed, Saad Nasser Altamimi, Sultan Noman Qasem

    Research output: Contribution to journalArticlepeer-review

    Abstract

    The increasing dependence on data analytics and artificial intelligence (AI) methodologies across various domains has prompted the emergence of apprehensions over data security and integrity. There exists a consensus among scholars and experts that the identification and mitigation of Multi-step attacks pose significant challenges due to the intricate nature of the diverse approaches utilized. This study aims to address the issue of imbalanced datasets within the domain of Multi-step attack detection. To achieve this objective, the research explores three distinct re-sampling strategies, namely over-sampling, under-sampling, and hybrid re-sampling techniques. The study offers a comprehensive assessment of several re-sampling techniques utilized in the detection of Multi-step attacks on deep learning (DL) models. The efficacy of the solution is evaluated using a Multi-step cyber attack dataset that emulates attacks across six attack classes. Furthermore, the performance of several re-sampling approaches with numerous traditional machine learning (ML) and deep learning (DL) models are compared, based on performance metrics such as accuracy, precision, recall, F-1 score, and G-mean. In contrast to preliminary studies, the research focuses on Multi-step attack detection. The results indicate that the combination of Convolutional Neural Networks (CNN) with Deep Belief Networks (DBN), Long Short-Term Memory (LSTM), and Recurrent Neural Networks (RNN) provides optimal results as compared to standalone ML/DL models. Moreover, the results also depict that SMOTEENN, a hybrid re-sampling technique, demonstrates superior effectiveness in enhancing detection performance across various models and evaluation metrics. The findings indicate the significance of appropriate re-sampling techniques to improve the efficacy of Multi-step attack detection on DL models.
    Original languageEnglish
    Pages (from-to)127446-127457
    Number of pages12
    JournalIEEE Access
    Volume11
    Issue number2023
    DOIs
    Publication statusPublished (VoR) - 13 Nov 2023

    Funding

    This work was supported by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University (IMSIU) under Grant IMSIU-RG23052. The authors extend their appreciation to the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University (IMSIU) for funding this work through the Research Group grant no. IMSIU-RG23052

    FundersFunder number
    Deanship of Scientific Research, Imam Mohammed Ibn Saud Islamic UniversityIMSIU-RG23052

      Keywords

      • Deep learning
      • machine learning
      • multi-step attacks
      • synthetic minority over-sampling technique
      • borderline SMOTE

      Fingerprint

      Dive into the research topics of 'A Comparison of Re-Sampling Techniques for Detection of Multi-Step Attacks on Deep Learning Models'. Together they form a unique fingerprint.

      Cite this