Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
We propose a novel algorithm for white-box intrusion detection using a cognitive model consistent with the principles of instance-based learning theory. Cognitive models inherit both mechanism and limitations from cognitive architectures implementing unified theories of human cognition. The mechanisms endow the models with powerful characteristics of human cognition, including robustness, generalization and adaptivity. Expanding upon previous research in malware identification and personalized deceptive signaling, the present paper presents a cognitive model able to achieve over 70% accuracy identifying anomalous (vs normal) traffic on the UNSW-NB15 dataset with only 8 features and using only one sample from each attack and 9 normal samples. Accuracy linearly increases to over 85% using up to 100x more samples. A cognitively-inspired salience algorithm then shows the relative impact of each feature driving correct vs incorrect classifications. Implications for integrating this algorithm with human operators are discussed.
Recommended Citation
Thomson, Robert; Cranford, Edward; Somers, Sterling; and Lebiere, Christian, "A Novel Approach to Intrusion Detection Using a Cognitively-Inspired Algorithm" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/da/cyber_deception/4
A Novel Approach to Intrusion Detection Using a Cognitively-Inspired Algorithm
Hilton Hawaiian Village, Honolulu, Hawaii
We propose a novel algorithm for white-box intrusion detection using a cognitive model consistent with the principles of instance-based learning theory. Cognitive models inherit both mechanism and limitations from cognitive architectures implementing unified theories of human cognition. The mechanisms endow the models with powerful characteristics of human cognition, including robustness, generalization and adaptivity. Expanding upon previous research in malware identification and personalized deceptive signaling, the present paper presents a cognitive model able to achieve over 70% accuracy identifying anomalous (vs normal) traffic on the UNSW-NB15 dataset with only 8 features and using only one sample from each attack and 9 normal samples. Accuracy linearly increases to over 85% using up to 100x more samples. A cognitively-inspired salience algorithm then shows the relative impact of each feature driving correct vs incorrect classifications. Implications for integrating this algorithm with human operators are discussed.
https://aisel.aisnet.org/hicss-57/da/cyber_deception/4