Cybersecurity increasingly relies on machine learning(ML)models to respond to and detect attacks.However,the rapidly changing data environment makes model life-cycle management after deployment essential.Real-time det...Cybersecurity increasingly relies on machine learning(ML)models to respond to and detect attacks.However,the rapidly changing data environment makes model life-cycle management after deployment essential.Real-time detection of drift signals from various threats is fundamental for effectively managing deployed models.However,detecting drift in unsupervised environments can be challenging.This study introduces a novel approach leveraging Shapley additive explanations(SHAP),a widely recognized explainability technique in ML,to address drift detection in unsupervised settings.The proposed method incorporates a range of plots and statistical techniques to enhance drift detection reliability and introduces a drift suspicion metric that considers the explanatory aspects absent in the current approaches.To validate the effectiveness of the proposed approach in a real-world scenario,we applied it to an environment designed to detect domain generation algorithms(DGAs).The dataset was obtained from various types of DGAs provided by NetLab.Based on this dataset composition,we sought to validate the proposed SHAP-based approach through drift scenarios that occur when a previously deployed model detects new data types in an environment that detects real-world DGAs.The results revealed that more than 90%of the drift data exceeded the threshold,demonstrating the high reliability of the approach to detect drift in an unsupervised environment.The proposed method distinguishes itself fromexisting approaches by employing explainable artificial intelligence(XAI)-based detection,which is not limited by model or system environment constraints.In conclusion,this paper proposes a novel approach to detect drift in unsupervised ML settings for cybersecurity.The proposed method employs SHAP-based XAI and a drift suspicion metric to improve drift detection reliability.It is versatile and suitable for various realtime data analysis contexts beyond DGA detection environments.This study significantly contributes to theMLcommunity by addressing the critical issue of managing ML models in real-world cybersecurity settings.Our approach is distinguishable from existing techniques by employing XAI-based detection,which is not limited by model or system environment constraints.As a result,our method can be applied in critical domains that require adaptation to continuous changes,such as cybersecurity.Through extensive validation across diverse settings beyond DGA detection environments,the proposed method will emerge as a versatile drift detection technique suitable for a wide range of real-time data analysis contexts.It is also anticipated to emerge as a new approach to protect essential systems and infrastructures from attacks.展开更多
Accurate energy consumption forecasting is crucial for reducing operational costs, achieving net-zero carbon emissions, and ensuring sustainable buildings and cities of the future. Despite the frequent use of Artifici...Accurate energy consumption forecasting is crucial for reducing operational costs, achieving net-zero carbon emissions, and ensuring sustainable buildings and cities of the future. Despite the frequent use of Artificial Intelligence (AI) algorithms for learning energy consumption patterns and predictions in Building Science, relying solely on these techniques for energy demand prediction addresses only a fraction of the challenge. A drift in energy usage can lead to inaccuracies in these AI models and subsequently to poor decision-making and interventions. While drift detection techniques have been reported, a reliable and robust approach capable of explaining identified discrepancies with actionable insights has not been discussed in extant literature. Hence, this paper presents an Artificial Intelligence framework for energy consumption forecasting with explainable drift detection, aimed at addressing these challenges. The proposed framework is composed of energy embeddings, an optimized dimensional model integrated within a data warehouse, and scalable cloud implementation for effective drift detection with explainability capability. The framework is empirically evaluated in the real-world setting of a multi-campus, mixed-use tertiary education setting in Victoria, Australia. The results of these experiments highlight its capabilities in detecting concept drift, adapting forecast predictions, and providing an interpretation of the changes using energy embeddings.展开更多
The packet loss classification has always been a hot and difficult issue in TCP congestion control research.Compared with the terrestrial network,the probability of packet loss in LEO satellite network increases drama...The packet loss classification has always been a hot and difficult issue in TCP congestion control research.Compared with the terrestrial network,the probability of packet loss in LEO satellite network increases dramatically.What’s more,the problem of concept drifting is also more serious,which greatly affects the accuracy of the loss classification model.In this paper,we propose a new loss classification scheme based on concept drift detection and hybrid integration learning for LEO satellite networks,named LDM-Satellite,which consists of three modules:concept drift detection,lost packet cache and hybrid integration classification.As far,this is the first paper to consider the influence of concept drift on the loss classification model in satellite networks.We also innovatively use multiple base classifiers and a naive Bayes classifier as the final hybrid classifier.And a new weight algorithm for these classifiers is given.In ns-2 simulation,LDM-Satellite has a better AUC(0.9885)than the single-model machine learning classification algorithms.The accuracy of loss classification even exceeds 98%,higher than traditional TCP protocols.Moreover,compared with the existing protocols used for satellite networks,LDM-Satellite not only improves the throughput rate but also has good fairness.展开更多
基金supported by the Institute of Information and Communications Technology Planning and Evaluation(IITP)grant funded by the Korean government(MSIT)(No.2022-0-00089,Development of clustering and analysis technology to identify cyber attack groups based on life cycle)the Institute of Civil Military Technology Cooperation funded by the Defense Acquisition Program Administration and Ministry of Trade,Industry and Energy of Korean government under Grant No.21-CM-EC-07.
文摘Cybersecurity increasingly relies on machine learning(ML)models to respond to and detect attacks.However,the rapidly changing data environment makes model life-cycle management after deployment essential.Real-time detection of drift signals from various threats is fundamental for effectively managing deployed models.However,detecting drift in unsupervised environments can be challenging.This study introduces a novel approach leveraging Shapley additive explanations(SHAP),a widely recognized explainability technique in ML,to address drift detection in unsupervised settings.The proposed method incorporates a range of plots and statistical techniques to enhance drift detection reliability and introduces a drift suspicion metric that considers the explanatory aspects absent in the current approaches.To validate the effectiveness of the proposed approach in a real-world scenario,we applied it to an environment designed to detect domain generation algorithms(DGAs).The dataset was obtained from various types of DGAs provided by NetLab.Based on this dataset composition,we sought to validate the proposed SHAP-based approach through drift scenarios that occur when a previously deployed model detects new data types in an environment that detects real-world DGAs.The results revealed that more than 90%of the drift data exceeded the threshold,demonstrating the high reliability of the approach to detect drift in an unsupervised environment.The proposed method distinguishes itself fromexisting approaches by employing explainable artificial intelligence(XAI)-based detection,which is not limited by model or system environment constraints.In conclusion,this paper proposes a novel approach to detect drift in unsupervised ML settings for cybersecurity.The proposed method employs SHAP-based XAI and a drift suspicion metric to improve drift detection reliability.It is versatile and suitable for various realtime data analysis contexts beyond DGA detection environments.This study significantly contributes to theMLcommunity by addressing the critical issue of managing ML models in real-world cybersecurity settings.Our approach is distinguishable from existing techniques by employing XAI-based detection,which is not limited by model or system environment constraints.As a result,our method can be applied in critical domains that require adaptation to continuous changes,such as cybersecurity.Through extensive validation across diverse settings beyond DGA detection environments,the proposed method will emerge as a versatile drift detection technique suitable for a wide range of real-time data analysis contexts.It is also anticipated to emerge as a new approach to protect essential systems and infrastructures from attacks.
基金supported by the Department of Climate Change,Energy,the Environment and Water of the Australian Federal Government,as part of the International Clean Innovation Researcher Networks(ICIRN)program,grant number ICIRN000077.
文摘Accurate energy consumption forecasting is crucial for reducing operational costs, achieving net-zero carbon emissions, and ensuring sustainable buildings and cities of the future. Despite the frequent use of Artificial Intelligence (AI) algorithms for learning energy consumption patterns and predictions in Building Science, relying solely on these techniques for energy demand prediction addresses only a fraction of the challenge. A drift in energy usage can lead to inaccuracies in these AI models and subsequently to poor decision-making and interventions. While drift detection techniques have been reported, a reliable and robust approach capable of explaining identified discrepancies with actionable insights has not been discussed in extant literature. Hence, this paper presents an Artificial Intelligence framework for energy consumption forecasting with explainable drift detection, aimed at addressing these challenges. The proposed framework is composed of energy embeddings, an optimized dimensional model integrated within a data warehouse, and scalable cloud implementation for effective drift detection with explainability capability. The framework is empirically evaluated in the real-world setting of a multi-campus, mixed-use tertiary education setting in Victoria, Australia. The results of these experiments highlight its capabilities in detecting concept drift, adapting forecast predictions, and providing an interpretation of the changes using energy embeddings.
基金the Wireless Network Positioning and Communication Integration Research Center in BUPT for financial support
文摘The packet loss classification has always been a hot and difficult issue in TCP congestion control research.Compared with the terrestrial network,the probability of packet loss in LEO satellite network increases dramatically.What’s more,the problem of concept drifting is also more serious,which greatly affects the accuracy of the loss classification model.In this paper,we propose a new loss classification scheme based on concept drift detection and hybrid integration learning for LEO satellite networks,named LDM-Satellite,which consists of three modules:concept drift detection,lost packet cache and hybrid integration classification.As far,this is the first paper to consider the influence of concept drift on the loss classification model in satellite networks.We also innovatively use multiple base classifiers and a naive Bayes classifier as the final hybrid classifier.And a new weight algorithm for these classifiers is given.In ns-2 simulation,LDM-Satellite has a better AUC(0.9885)than the single-model machine learning classification algorithms.The accuracy of loss classification even exceeds 98%,higher than traditional TCP protocols.Moreover,compared with the existing protocols used for satellite networks,LDM-Satellite not only improves the throughput rate but also has good fairness.
