Period of activity: 2022 – 2024
Main investigators:
- Isabelle Chrisment, Inria RESIST
- Prof. Hans Dieter Schotten, DFKI (German Research Center for Artificial Intelligence), Germany
- Dr. Daishi Kondo, Osaka Prefecture University, Japan
Other participants:
- Inria RESIST: Omar Anser, Thibault Cholez, Nicolas Schnepf
- DFKI: Daniel Reti, Tillmann Angeli
- University of Luxembourg, SnT research center: Jérôme François, Jean-Philippe Eisenbarth
- OMU: Katsuki Isobe
Objectives:
ML algorithms suffer from their complexity which results into highly-customized techniques (centric to a use case and even a dataset). Most precisely, they suffer from their difficult configurations with many hyper-parameters to tune or also the algorithm to be chosen. Furthermore, over-fitting during the learning phase prevents the model to be robust against noisy data or generalized against new data, i.e. new type of attackers’ action. Therefore, our main objective is to make robust ML techniques when they will face new types of attacks or when deployed within new environment despite the lack of large and comprehensive datasets.
The auto-configuration of a ML algorithm or the selection of the right algorithm to solve a problem can be automated with hyper-parameter optimisation techniques. Generating additional synthetic data is another alternative to help to learn a more general model. Very recently, federated learning empowers collaborative approaches where several distributed agents learn all together without sharing their data.
All theses techniques are theoretically valid in our context but they have been developed and tested in the context of imagery. It is still uncertain what gain can be expected from them for cyber-security. Our objectives are the investigation, the adaptation of these techniques (parameter optimization, dataset augmentation, federated learning) and their application to predict attacks.
Furthermore, there are inherent problems that come from these techniques adding complexity on top of ML applications: optimisation of parameters also needs to be configured and is highly computational and data augmentation techniques require to define data transformation functions, which are partially context-specific.
Publications:
Katsuki Isobe, Jean-Philippe Eisenbarth, Daishi Kondo, Thibault Cholez, Hideki Tode. A Deeper Grasp of Handshake: A Thorough Analysis of Blockchain-based DNS Records. BRAINS 2024 – 6th Conference on Blockchain Research & Applications for Innovative Networks and Services, Oct 2024, Berlin, Germany. pp.10. ⟨hal-04733791⟩
Omar Anser, Jérôme François, Isabelle Chrisment. Automated Machine Learning Configuration to Learn Intrusion Detectors on Attack-Free Datasets. 2024 IEEE 49th Conference on Local Computer Networks (LCN), Oct 2024, Normandy, France. pp.1-7, ⟨10.1109/LCN60385.2024.10639690⟩. ⟨hal-04754391⟩
Omar Anser, Jérôme François, Isabelle Chrisment. Auto-tuning of Hyper-parameters for Detecting Network Intrusions via Meta-learning. NOMS 2023 – IEEE/IFIP Network Operations and Management Symposium (NOMS) – AnNet workshop, IEEE; IFIP, May 2023, Miami, United States. pp.1-6, ⟨10.1109/NOMS56928.2023.10154381⟩. ⟨hal-04180417⟩
