Applied Sciences (Sep 2022)

Towards Zero-Shot Flow-Based Cyber-Security Anomaly Detection Framework

  • Mikołaj Komisarek,
  • Rafał Kozik,
  • Marek Pawlicki,
  • Michał Choraś

DOI
https://doi.org/10.3390/app12199636
Journal volume & issue
Vol. 12, no. 19
p. 9636

Abstract

Read online

Network flow-based cyber anomaly detection is a difficult and complex task. Although several approaches to tackling this problem have been suggested, many research topics remain open. One of these concerns the problem of model transferability. There is a limited number of papers which tackle transfer learning in the context of flow-based network anomaly detection, and the proposed approaches are mostly evaluated on outdated datasets. The majority of solutions employ various sophisticated approaches, where different architectures of shallow and deep machine learning are leveraged. Analysis and experimentation show that different solutions achieve remarkable performance in a single domain, but transferring the performance to another domain is tedious and results in serious deterioration in prediction quality. In this paper, an innovative approach is proposed which adapts sketchy data structures to extract generic and universal features and leverages the principles of domain adaptation to improve classification quality in zero- and few-shot scenarios. The proposed approach achieves an F1 score of 0.99 compared to an F1 score of 0.97 achieved by the best-performing related methods.

Keywords