varMax: Towards Confidence-Based Zero-Day Attack Recognition

Gaspard Baye; Priscila Silva; Alexandre Broggi; Nathaniel D. Bastian; Lance Fiondella; Gokhan Kul

doi:10.1109/MILCOM61039.2024.10773707

Back

Conference proceeding

varMax: Towards Confidence-Based Zero-Day Attack Recognition

Gaspard Baye, Priscila Silva, Alexandre Broggi, Nathaniel D. Bastian, Lance Fiondella and Gokhan Kul

MILCOM IEEE Military Communications Conference, pp.863-868

10/28/2024

DOI: https://doi.org/10.1109/MILCOM61039.2024.10773707

Abstract

Accuracy

Artificial neural networks

Classification algorithms

deep neural networks

Intrusion detection

Military communication

Mission critical systems

Network intrusion

Network intrusion detection

open-set recognition

Prediction algorithms

Robustness

zero-day attacks

Computer Security

Detecting zero-day attacks, which exploit unknown vulnerabilities, is vital in mission-critical systems. Deep Neural Networks (DNNs) often fails to identify unknown activity, as they make overly confident predictions due to SoftMax function, effective at identifying known attacks but is not structured to identify unknown activity patterns. Open-Set recognition (OSR) algorithms designed for DNNs tend to flag inputs as unknown, needing a balanced approach. To address this, we introduce varMax, a bias-neutral OSR technique using DNN logit variance to distinguish known from unknown inputs. It has three components: (1) a top-difference algorithm comparing top two softmax scores to a threshold, (2) a method classifying ambiguous samples based on logit variance, and (3) an energy-based out-of-distribution function enhancing classification accuracy and trustworthiness. Our evaluation shows varMax outperforms leading methods in identifying unknown activities and improves DNN confidence and robustness in distinguishing between known and unknown inputs. This research marks a significant step forward in the development of reliable and unbiased intrusion detection systems for cybersecurity threats.

Metrics

3 Record Views

Details

Title: varMax: Towards Confidence-Based Zero-Day Attack Recognition
Creators: Gaspard Baye - University of Massachusetts Dartmouth
Priscila Silva - University of Massachusetts Dartmouth
Alexandre Broggi - University of Massachusetts Dartmouth
Nathaniel D. Bastian - United States Military Academy
Lance Fiondella - University of Massachusetts Dartmouth
Gokhan Kul - University of Massachusetts Dartmouth
Publication Details: MILCOM IEEE Military Communications Conference, pp.863-868
Publisher: IEEE
Number of pages: 6
Language: English
Grant note: United States Military Academy (10.13039/100009923)
Academic Unit: Department of Computer and Information Science; Department of Electrical and Computer Engineering
Resource Type: Conference proceeding
ISBN: 979-8-3503-7424-7; 9798350374230
DOI: https://doi.org/10.1109/MILCOM61039.2024.10773707
Record Identifier: 9914419408701301

varMax: Towards Confidence-Based Zero-Day Attack Recognition

Abstract

Related links

Metrics

Details