As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where...As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.展开更多
With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrus...With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrusion detection methods.Signature-based intrusion detection methods can be used to detect attacks;however,they cannot detect new malware.Endpoint detection and response(EDR)tools are attracting attention as a means of detecting attacks on endpoints in real-time to overcome the limitations of signature-based intrusion detection techniques.However,EDR tools are restricted by the continuous generation of unnecessary logs,resulting in poor detection performance and memory efficiency.Machine learning-based intrusion detection techniques for responding to advanced cyberattacks are memory intensive,using numerous features;they lack optimal feature selection for each attack type.To overcome these limitations,this study proposes a memory-efficient intrusion detection approach incorporating multi-binary classifiers using optimal feature selection.The proposed model detects multiple types of malicious attacks using parallel binary classifiers with optimal features for each attack type.The experimental results showed a 2.95%accuracy improvement and an 88.05%memory reduction using only six features compared to a model with 18 features.Furthermore,compared to a conventional multi-classification model with simple feature selection based on permutation importance,the accuracy improved by 11.67%and the memory usage decreased by 44.87%.The proposed scheme demonstrates that effective intrusion detection is achievable with minimal features,making it suitable for memory-limited mobile and Internet of Things devices.展开更多
基金supported by the Ministry of Trade,Industry and Energy(MOTIE)under Training Industrial Security Specialist for High-Tech Industry[grant number RS-2024-00415520]supervised by the Korea Institute for Advancement of Technology(KIAT)Ministry of Science and ICT(MSIT)under the ICAN(ICT Challenge and Advanced Network of HRD)program[grant number IITP-2022-RS-2022-00156310]+1 种基金National Research Foundation of Korea(NRF)grant[RS-2025-00518150]the Information Security Core Technology Development program[grant number RS-2024-00437252]supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As cyberattacks become increasingly sophisticated and intelligent,demand for machine-learning-based anomaly detection systems is growing.However,conventional systems generally assume a trusted server environment,where traffic data is collected and analyzed in plaintext.This assumption introduces inherent privacy risks,as privacy-sensitive information may be exposed if the server is compromised or misused.To address this limitation,privacy-preserving anomaly detection approaches have been actively studied,enabling anomaly detection to be performed directly on encrypted traffic without revealing privacy-sensitive data.While these approaches offer strong confidentiality guarantees,they suffer from significant drawbacks,including substantial computational overhead,high latency,and degraded detection accuracy.To overcome these limitations,we propose a privacy-aware anomaly detection(PAAD)model that adaptively applies homomorphic encryption based on the privacy sensitivity of incoming traffic.Instead of encrypting all data indiscriminately,PAAD dynamically determines whether traffic should be processed in plaintext or ciphertext and performs homomorphic inference only for privacy-sensitive data.This selective encryption strategy effectively balances privacy protection and system efficiency.Extensive experiments conducted under diverse network environments demonstrate that the proposed PAAD model significantly outperforms conventional anomaly detection models.In particular,PAAD improves detection accuracy by up to 73%,reduces latency by up to 8.6 times,and achieves negligible information leakage,highlighting its practicality for real-world privacy-sensitive network monitoring scenarios.
基金supported by MOTIE under Training Industrial Security Specialist for High-Tech Industry(RS-2024-00415520)supervised by the Korea Institute for Advancement of Technology(KIAT),and by MSIT under the ICT Challenge and Advanced Network of HRD(ICAN)Program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP)。
文摘With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrusion detection methods.Signature-based intrusion detection methods can be used to detect attacks;however,they cannot detect new malware.Endpoint detection and response(EDR)tools are attracting attention as a means of detecting attacks on endpoints in real-time to overcome the limitations of signature-based intrusion detection techniques.However,EDR tools are restricted by the continuous generation of unnecessary logs,resulting in poor detection performance and memory efficiency.Machine learning-based intrusion detection techniques for responding to advanced cyberattacks are memory intensive,using numerous features;they lack optimal feature selection for each attack type.To overcome these limitations,this study proposes a memory-efficient intrusion detection approach incorporating multi-binary classifiers using optimal feature selection.The proposed model detects multiple types of malicious attacks using parallel binary classifiers with optimal features for each attack type.The experimental results showed a 2.95%accuracy improvement and an 88.05%memory reduction using only six features compared to a model with 18 features.Furthermore,compared to a conventional multi-classification model with simple feature selection based on permutation importance,the accuracy improved by 11.67%and the memory usage decreased by 44.87%.The proposed scheme demonstrates that effective intrusion detection is achievable with minimal features,making it suitable for memory-limited mobile and Internet of Things devices.
