Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
ContraMTD: an unsupervised malicious network traffic detection method based on contrastive learning
Han X., Cui S., Qin J., Liu S., Jiang B., Dong C., Lu Z., Liu B.  Proc. of the ACM Web Conference (WWW 2024) May 13-17, 2024)1680-1689.2024.Type:Proceedings
Date Reviewed: Jul 19 2024

The methodology utilized in this study is innovative, as the procedure used to identify malicious network traffic involves an unsupervised method in contrastive learning. This unsupervised technique aims to surpass both supervised and unsupervised methods, while also presenting best detection strategies for identifying malware through the utilization of area under the curve (AUC) metrics.

Supervised techniques for detecting malicious network data labeling for classification purposes exist; however, the methodology adopted in this study is unsupervised. The ContraMTD data eliminates the need for labeling and offers a straightforward means of recognizing emerging threats.

The methodology implemented in this approach involves comparative learning to pinpoint anomalous patterns within network traffic, all without the need for labeled data. Furthermore, it tackles the drawbacks associated with singular validation points in network traffic analysis. To enhance detection precision, the authors integrate graph edge attention (GEAT) to exploit the characteristics of each dataset. Consequently, the proposed model has enhanced its capacity to capture intricate network datasets.

The proposed approach, ContraMTD, is evaluated on three distinct datasets, including the CICIDS2018 dataset. Notably, it exhibits superior performance across all metrics on the CICIDS2018 dataset, achieving an F1 score of 94.82 and an AUC of 96.48 [1].

Compared to other methods such as Rosetta-IF, Kitsune, CPS-Guard, and AutoML-MD, ContraMTD displays higher effectiveness. Particularly, it surpasses Rosetta-IF by enhancing AUC between 3.74 to 13.12 and maintains a minimum of 9.79 higher AUC than Kitsune and CPS-Guard [1].

The research looks at potential challenges such as scalability toward networks comprising tens of thousands of devices and the likelihood of attackers avoiding detection by following regular traffic patterns. Subsequent endeavors aim to tackle these challenges by taking apart extensive graphs and potentially utilizing federated learning techniques [2].

While the computational complexity and time consumption of ContraMTD slightly surpass some models, it delivers noteworthy performance enhancements with only a modest rise in complexity. Furthermore, the time overhead of ContraMTD is inferior to that of Kitsune and Rosetta-IF, despite these models exhibiting marginally superior performance [3].

Experimental assessments on the CICIDS2018 and Real-MTU datasets reveal that optimizing specific hyper-parameters, such as compression dimension and scoring round quantity, enhances ContraMTD’s performance. Nonetheless, an excessive number of dimensions or clusters may introduce obstructed performance [4,5].

The incorporation of a dynamic edge-graph attention network (DE-GAT) significantly elevates both the F1 score and AUC by effectively concentrating on critical sessions and channels. Additionally, the cluster strategy aids in alleviating false negatives in contrastive learning [6].

These findings collectively establish ContraMTD as a potent and reliable approach for detecting malicious network activities, eliminating the need for labeled data and positioning it as an asset in the realm of network security.

Reviewer:  Sunil Kumar Puli Review #: CR147794
1) AutoML for image, text, time series, and tabular data. 2023. https://auto.gluon.ai/stable/index.html. Accessed: 9/13/2023.
2) Bilge, L.; and Dumitraş, T. Before we knew it: an empirical study of zero-day attacks in the real world. In Proc. of the 2012 ACM Conference on Computer and Communications Security. ACM, 2012, 833-844.
3) Canadian Institute for Cybersecurity. 2017. IDS 2017 Dataset. https://www.unb. ca/cic/datasets/ids-2017.html. Accessed: 9/25/2023.
4) Catillo, M.; Pecchia, A.; Villano, U. CPS-GUARD: intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders. Computers & Security 129, (2023), https://doi.org/10.1016/j.cose.2023.103210.
5) Chen, T.; Kornblith, S.; Norouzi, M.; and Hinton, G. A simple framework for contrastive learning of visual representations. In Proc. of the 37th International Conference on Machine Learning. JMLR, 2020, 1597-1607.
6) Bandyopadhyay, S.; N, L.; Vivek, S. V.; and Murty, M. N. Outlier resistant unsupervised deep architectures for attributed network embedding. In Proc. of the 13th International Conference on Web Search and Data Mining. ACM, 2020, 25-33.
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (C.2.0 ... )
 
 
Network Architecture And Design (C.2.1 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2025 ThinkLoud®
Terms of Use
| Privacy Policy