This code is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite our 2020 IEEE Access paper “Learning to Learn Sequential Network Attacks using Hidden Markov Models".
This code reproduces the work and results as described in the IEEE Access article "Learning to Learn Sequential Network Attacks Using Hidden Markov Model" by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan.
This code considers a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. Five unsupervised hidden Markov model techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch, Viterbi training, gradient descent, differential evolution and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. The experiments are conducted on DARPA 2000 processed Snort alerts. A comparative performance evaluation between conventional machine learning and TL has been made using the following metrics: prediction and detection accuracy, Bayesian inference criterion, mean square error and adjusted random index.
To run this code, simply set your path to the root Code folder and run the main.m file.
Funding
Communications Signal Processing Based Solutions for Massive Machine-to-Machine Networks (M3NETs)
Engineering and Physical Sciences Research Council