/AutoML-and-Adversarial-Attack-Defense-for-Zero-Touch-Network-Security

This repository includes code for the AutoML-based IDS and adversarial attack defense case studies presented in the paper "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis" published in IEEE Transactions on Network and Service Management.

Primary LanguageJupyter NotebookMIT LicenseMIT

AutoML-and-Adversarial-Attack-Defense-for-Zero-Touch-Network-Security

This repository includes code for the AutoML-based IDS and adversarial attack defense case studies presented in the paper "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis" published in IEEE Transactions on Network and Service Management.

The paper is publicly available on Techrxiv: Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis

  • This code is an extension of the comprehensive Automated Machine Learning (AutoML) tutorial code can be found in: AutoML-Implementation-for-Static-and-Dynamic-Data-Analytics
    • Including automated data pre-processing, automated feature engineering, automated model selection, hyperparameter optimization, and automated model updating (concept drift adaptation).
    • For cybersecurity and intrusion detection system development in both static and dynamic networking environments.

AutoML Pipeline and Procedures

  1. Automated Data Pre-Processing
  2. Automated Feature Engineering
  3. Automated Model Selection
  4. Hyper-Parameter Optimization
  5. Automated Model Updating (for addressing concept drift, and only for online learning and data stream analytics)

Adversarial Machine Learning (AML) Attack and Defense

Implementation

Static Machine Learning & Deep Learning Algorithms

  • Random forest (RF)
  • LightGBM
  • K-nearest neighbor (KNN)
  • Artificial Neural Networks (ANN)

Dynamic/Online Learning Algorithms

  • Hoeffding Tree (HT)
  • K Nearest Neighbors-Adaptive Windowing (KNN-ADWIN)
  • Adaptive Random Forest (ARF)
  • Streaming Random Patches (SRP)

Optimization/AutoML Algorithms

  • Grid search
  • Bayesian Optimization with Tree-structured Parzen Estimator (BO-TPE)
  • Particle Swarm Optimization (PSO)

AML Attacks

  • Decision Tree Attack (DTA)
  • Fast Gradient Sign Method (FGSM)
  • Basic Iterative Method (BIM)

AML Defense Methods

  • Adversarial Sample Detection
  • Adversarial Sample Filtering/Removal

Datasets

  1. CICIDS2017 dataset, a popular network traffic dataset for intrusion detection problems

  2. 5G-NIDD dataset, a state-of-the-art 5G network security dataset

Requirements

Contact-Info

Please feel free to contact me for any questions or cooperation opportunities. I'd be happy to help.

Citation

If you find this repository useful in your research, please cite this article as:

L. Yang, M. E. Rajab, A. Shami, and S. Muhaidat, "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis," IEEE Transactions on Network and Service Management, pp. 1-28, 2024, doi: 10.1109/TNSM.2024.3376631.

@article{10472316,
title = "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis",
author = "Li Yang, Mirna El Rajab, Abdallah Shami, and Sami Muhaidat",
journal = "IEEE Transactions on Network and Service Management",
volume = {},
pages = {1-28},
year = "2024",
doi = "https://doi.org/10.1109/TNSM.2024.3376631",
url = "https://ieeexplore.ieee.org/document/10472316"
}