Optimisation of multiple clustering based undersampling using artificial bee colony: Application to improved detection of obfuscated patterns without adversarial training

Tonkla Maneerat; Natthakan Iam-On; Tossapon Boongoen; Khwunta Kirimasthong; Nitin Naik; Longzhi Yang; Qiang Shen

doi:10.1016/j.ins.2024.121407

Optimisation of multiple clustering based undersampling using artificial bee colony: Application to improved detection of obfuscated patterns without adversarial training

Tonkla Maneerat, Natthakan Iam-On, Tossapon Boongoen^*, Khwunta Kirimasthong, Nitin Naik, Longzhi Yang, Qiang Shen

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

5 Downloads (Pure)

Abstract

Attack detection is one of the main features required in modern defence systems. Despite the ongoing research, it remains challenging for a typical mechanism like network-based intrusion detection system (NIDS) to catch up with evolving adversarial attacks. They specifically aim to confuse a machine-learning based predictor. Without the knowledge of adversarial patterns, the best approach is generalising signatures learned from a dataset of legitimate connections and known intrusions. This work focuses on analysing non-payload traffics so that the resulting techniques can be exploited to a range of network-based applications. It investigates a novel means to deal with the problem of imbalanced classes. An optimised undersampling method is introduced to select a subset of majority-class representatives initially created through an ensemble clustering procedure. A weighted combination of criteria representing distributions within and between classes is proposed as the objective function for a global optimisation using the artificial bee colony (ABC). This approach usually outperforms its baselines and other state-of-the-art undersampling models, with ABC being more effective using the global best strategy than a random selection of solutions or an iterative greedy search. The paper also details the parameter analysis offering a heuristic guide for potential taking up of the proposed techniques.

Original language	English
Article number	121407
Number of pages	21
Journal	Information Sciences
Volume	687
Early online date	29 Aug 2024
DOIs	https://doi.org/10.1016/j.ins.2024.121407
Publication status	Published - Jan 2025

Bibliographical note

Funding

This research work has been supported by Postgraduate Studentship of MFU, and a collaboration between MFU, Aberystwyth, Northumbria and Aston Universities. It is also partly supported by UK FCDO grant: Research and Innovation for Development in ASEAN (RIDA 2023-24: RSA-03160). For this joint project between Aberystwyth and MFU, the proposed method has been successfully applied to improved burnt scar detection in satellite imaging.

Funders	Funder number
Mae Fah Luang University
Foreign, Commonwealth and Development Office
Research and Innovation for Development in ASEAN	RSA-03160, RIDA 2023-24

Keywords

Adversarial attack
Class imbalance
Classification
Ensemble clustering
Intrusion detection

Access to Document

10.1016/j.ins.2024.121407Licence: CC BY 4.0

T Maneerat et al_Optimisation of multiple clustering based undersampling using artificial bee colony_Application to improved detection of obfuscated patterns without adversarial training
Copyright © 2024 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (https://creativecommons.org/licenses/by/4.0).
Final published version, 3.58 MBLicence: CC BY 4.0

Cite this

@article{87da77d76ce04b118a6504a82217e275,

title = "Optimisation of multiple clustering based undersampling using artificial bee colony: Application to improved detection of obfuscated patterns without adversarial training",

abstract = "Attack detection is one of the main features required in modern defence systems. Despite the ongoing research, it remains challenging for a typical mechanism like network-based intrusion detection system (NIDS) to catch up with evolving adversarial attacks. They specifically aim to confuse a machine-learning based predictor. Without the knowledge of adversarial patterns, the best approach is generalising signatures learned from a dataset of legitimate connections and known intrusions. This work focuses on analysing non-payload traffics so that the resulting techniques can be exploited to a range of network-based applications. It investigates a novel means to deal with the problem of imbalanced classes. An optimised undersampling method is introduced to select a subset of majority-class representatives initially created through an ensemble clustering procedure. A weighted combination of criteria representing distributions within and between classes is proposed as the objective function for a global optimisation using the artificial bee colony (ABC). This approach usually outperforms its baselines and other state-of-the-art undersampling models, with ABC being more effective using the global best strategy than a random selection of solutions or an iterative greedy search. The paper also details the parameter analysis offering a heuristic guide for potential taking up of the proposed techniques.",

keywords = "Adversarial attack, Class imbalance, Classification, Ensemble clustering, Intrusion detection",

author = "Tonkla Maneerat and Natthakan Iam-On and Tossapon Boongoen and Khwunta Kirimasthong and Nitin Naik and Longzhi Yang and Qiang Shen",

note = "Copyright {\textcopyright} 2024 The Author(s). Published by Elsevier Inc. This is an open access article under the CC BY license (https://creativecommons.org/licenses/by/4.0). ",

year = "2025",

month = jan,

doi = "10.1016/j.ins.2024.121407",

language = "English",

volume = "687",

journal = "Information Sciences",

issn = "0020-0255",

publisher = "Elsevier",

}

TY - JOUR

T1 - Optimisation of multiple clustering based undersampling using artificial bee colony: Application to improved detection of obfuscated patterns without adversarial training

AU - Maneerat, Tonkla

AU - Iam-On, Natthakan

AU - Boongoen, Tossapon

AU - Kirimasthong, Khwunta

AU - Naik, Nitin

AU - Yang, Longzhi

AU - Shen, Qiang

PY - 2025/1

Y1 - 2025/1

N2 - Attack detection is one of the main features required in modern defence systems. Despite the ongoing research, it remains challenging for a typical mechanism like network-based intrusion detection system (NIDS) to catch up with evolving adversarial attacks. They specifically aim to confuse a machine-learning based predictor. Without the knowledge of adversarial patterns, the best approach is generalising signatures learned from a dataset of legitimate connections and known intrusions. This work focuses on analysing non-payload traffics so that the resulting techniques can be exploited to a range of network-based applications. It investigates a novel means to deal with the problem of imbalanced classes. An optimised undersampling method is introduced to select a subset of majority-class representatives initially created through an ensemble clustering procedure. A weighted combination of criteria representing distributions within and between classes is proposed as the objective function for a global optimisation using the artificial bee colony (ABC). This approach usually outperforms its baselines and other state-of-the-art undersampling models, with ABC being more effective using the global best strategy than a random selection of solutions or an iterative greedy search. The paper also details the parameter analysis offering a heuristic guide for potential taking up of the proposed techniques.

AB - Attack detection is one of the main features required in modern defence systems. Despite the ongoing research, it remains challenging for a typical mechanism like network-based intrusion detection system (NIDS) to catch up with evolving adversarial attacks. They specifically aim to confuse a machine-learning based predictor. Without the knowledge of adversarial patterns, the best approach is generalising signatures learned from a dataset of legitimate connections and known intrusions. This work focuses on analysing non-payload traffics so that the resulting techniques can be exploited to a range of network-based applications. It investigates a novel means to deal with the problem of imbalanced classes. An optimised undersampling method is introduced to select a subset of majority-class representatives initially created through an ensemble clustering procedure. A weighted combination of criteria representing distributions within and between classes is proposed as the objective function for a global optimisation using the artificial bee colony (ABC). This approach usually outperforms its baselines and other state-of-the-art undersampling models, with ABC being more effective using the global best strategy than a random selection of solutions or an iterative greedy search. The paper also details the parameter analysis offering a heuristic guide for potential taking up of the proposed techniques.

KW - Adversarial attack

KW - Class imbalance

KW - Classification

KW - Ensemble clustering

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=85202344410&partnerID=8YFLogxK

UR - https://www.sciencedirect.com/science/article/pii/S0020025524013215

U2 - 10.1016/j.ins.2024.121407

DO - 10.1016/j.ins.2024.121407

M3 - Article

SN - 0020-0255

VL - 687

JO - Information Sciences

JF - Information Sciences

M1 - 121407

ER -

Optimisation of multiple clustering based undersampling using artificial bee colony: Application to improved detection of obfuscated patterns without adversarial training

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this