Automatic extraction of Semantic information from documents or online resources, and incorporation of these patterns for tasks involving cyber attack detection, have recently gained significant attention. Semantic information plays a crucial role in enhancing the capability of zero-shot learning models, particularly in identifying previously unseen cyber attacks. Existing methods often use deep learning models with the aid of manually engineered semantics, which are time-consuming and scale poorly. To address these limitations, this paper proposes a zero-shot learning framework that integrates an autoencoder with a language model to extract semantic information and combine with network traffic information for accurate detection of novel attacks. Our experimental setup utilizes online articles to evaluate three approaches. Initially, the model’s performance is tested without semantic embeddings. Subsequently, it is evaluated with attack-related embeddings and non-attack-related embeddings. Results from benchmark datasets demonstrate that the proposed model, incorporating automatically extracted semantic embeddings, significantly outperforms existing methods in accurately detecting zero-day attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Semantic Information Extraction with Language Models for Zero-Day Attack Detection

  • Shyamali Sinali Karunarathne,
  • Sutharshan Rajasegarar,
  • Lei Pan

摘要

Automatic extraction of Semantic information from documents or online resources, and incorporation of these patterns for tasks involving cyber attack detection, have recently gained significant attention. Semantic information plays a crucial role in enhancing the capability of zero-shot learning models, particularly in identifying previously unseen cyber attacks. Existing methods often use deep learning models with the aid of manually engineered semantics, which are time-consuming and scale poorly. To address these limitations, this paper proposes a zero-shot learning framework that integrates an autoencoder with a language model to extract semantic information and combine with network traffic information for accurate detection of novel attacks. Our experimental setup utilizes online articles to evaluate three approaches. Initially, the model’s performance is tested without semantic embeddings. Subsequently, it is evaluated with attack-related embeddings and non-attack-related embeddings. Results from benchmark datasets demonstrate that the proposed model, incorporating automatically extracted semantic embeddings, significantly outperforms existing methods in accurately detecting zero-day attacks.