Open Set Recognition with Dissimilarity Weight for Unknown Attack Detection

As information technology advances, it provides user convenience but also has more vulnerabilities than ever before. In particular, attackers use advanced techniques to perform new attacks. In cyber security, such attacks are defined as unknown attacks and target previously undetected vulnerabilities or excavate gaps in the system. Because these attacks are unidentified or unanalyzed, they are difficult to identify in signature-based misuse detection that learns rules or patterns. Furthermore, anomaly-based detection that learns from normal data to detect outliers cannot detect unknown attacks accurately, because it does not distinguish between known and unknown attacks. To overcome these problems, this study applied Open-Set Recognition with dissimilarity weight(OSRDW). A OSRDW method was used to effectively train the extreme value distribution, which was calculated by applying the dissimilarity weight, through which unknown attack's weights were calculated and classified unknown attacks. Through research analysis, unknown attack divide two types, and three data sets(NSL-KDD, UNSW-NB15, CICIDS-2017) were used in the experiment. For the first type of unknown attack, the unknown attack detection rate of the proposed method was approximately 10%-20% better than that of the conventional method. For the second type of unknown attack, the accuracy and unknown attack detection rate were higher for the proposed method. The experimental results confirmed that the proposed method had better performance in detecting unknown attacks and it was detected various attacks in the three data sets.