This repository includes code for the AutoML-based IDS and adversarial attack defense case studies presented in the paper "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis" published in IEEE Transactions on Network and Service Management.
The paper is publicly available on:
- Techrxiv: Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis
- arXiv: Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis
This code is an extension of the comprehensive Automated Machine Learning (AutoML) tutorial code can be found in: AutoML-Implementation-for-Static-and-Dynamic-Data-Analytics
- Including automated data pre-processing, automated feature engineering, automated model selection, hyperparameter optimization, and automated model updating (concept drift adaptation).
- For cybersecurity and intrusion detection system development in both static and dynamic networking environments.
- Automated Data Pre-Processing
- Automated Feature Engineering
- Automated Model Selection
- Hyper-Parameter Optimization
- Automated Model Updating (for addressing concept drift, and only for online learning and data stream analytics)
-
The offline AutoML-based IDS implementation for static/batch data analytics can be found in AutoML-based_IDS_Batch_Learning_Dataset_1.ipynb and AutoML-based_IDS_Batch_Learning_Dataset_2.ipynb
-
The online AutoML-based IDS implementation for dynamic/online data stream analytics can be found in AutoML-based_IDS_Online_Learning_Dataset_1.ipynb and AutoML-based_IDS_Online_Learning_Dataset_2.ipynb
-
The AML attack and defense implementation can be found in AML_Attack_and_Defense_Dataset_1.ipynb and AML_Attack_and_Defense_Dataset_2.ipynb
- Random forest (RF)
- LightGBM
- K-nearest neighbor (KNN)
- Artificial Neural Networks (ANN)
- Hoeffding Tree (HT)
- K Nearest Neighbors-Adaptive Windowing (KNN-ADWIN)
- Adaptive Random Forest (ARF)
- Streaming Random Patches (SRP)
- Grid search
- Bayesian Optimization with Tree-structured Parzen Estimator (BO-TPE)
- Particle Swarm Optimization (PSO)
- Decision Tree Attack (DTA)
- Fast Gradient Sign Method (FGSM)
- Basic Iterative Method (BIM)
- Adversarial Sample Detection
- Adversarial Sample Filtering/Removal
-
CICIDS2017 dataset, a popular network traffic dataset for intrusion detection problems
- Publicly available at: https://www.unb.ca/cic/datasets/ids-2017.html
-
5G-NIDD dataset, a state-of-the-art 5G network security dataset
- Python 3.6+
- Keras
- scikit-learn
- hyperopt
- optunity
- LightGBM
- River
- Adversarial Robustness Toolbox (ART)
Please feel free to contact me for any questions or cooperation opportunities. I'd be happy to help.
- Email: liyanghart@gmail.com
- GitHub: LiYangHart and Western OC2 Lab
- LinkedIn: Li Yang
- Google Scholar: Li Yang
If you find this repository useful in your research, please cite this article as:
L. Yang, M. E. Rajab, A. Shami and S. Muhaidat, "Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis," in IEEE Transactions on Network and Service Management, vol. 21, no. 3, pp. 3555-3582, June 2024, doi: 10.1109/TNSM.2024.3376631.
@ARTICLE{10472316,
author={Yang, Li and Rajab, Mirna El and Shami, Abdallah and Muhaidat, Sami},
journal={IEEE Transactions on Network and Service Management},
title={Enabling AutoML for Zero-Touch Network Security: Use-Case Driven Analysis},
year={2024},
volume={21},
number={3},
pages={3555-3582},
keywords={Security;Automation;Surveys;Computer security;Optimization;Network security;Data models;Zero-touch networks;6G network;AutoML;adversarial attacks;cybersecurity;intrusion detection system;network automation},
doi={10.1109/TNSM.2024.3376631}}