Logo
Logo

research

Unveiling Innovation: Our Research Odyssey

Leaderboards

Abluva's Pattern Attention Model leads Insider Threat Detection

Data Set DetailsLink Icon

Because using real, even de-identified, corporate data raises a variety of legal, ethical, and business issues, the DARPA Anomaly Detection at Multiple Scales (ADAMS) program turned to proxy data sets and synthetic data, with the goal to generate data to simulate the aggregated collection of logs from host-based sensors distributed across all the computer workstations within a large business or government organization over a 500 day period.

ModelAccuracy (%)F1 Score (%)
CNN 98.65 91.48
LSTM98.2289.9
GRU-CNN97.3955.6
TD-CNN-LSTM99.697.54
TD-CNN-Attention99.9599.71

PaPS Ensemble leads the Security Intrusion Detection Models
Top Performance in Zero-Day Intrusion Detection tasks

DatasetModelAccuracy (%)F1 Score (%)
BODMAS
Blue Hexagon Open Dataset for Malware AnalysiS - BODMAS dataset contains 57,293 malware samples and 77,142 benign samples collected from August 2019 to September 2020, with carefully curated family information (581 families).
Random Forest24.6813.5
XGBoost69.4174.6
LightGBM68.3473.47
MLP63.7868.47
PaPS Ensemble85.0489.06
UNSW NB-15
This data set has a hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic.
Random Forest96.0586.13
XGBoost87.2985.38
LightGBM95.9885.84
MLP92.1269.63
DNN 5 layers76.179.6
PaPS Ensemble98.3995.23
CIC IDS-2017
Dataset contains benign and the most up-to-date common attacks, which resembles the true real-world data (PCAPs).
Random Forest93.4491.19
XGBoost64.2859.08
LightGBM94.3592.82
MLP88.6587.75
Improved AdaBoost81.8390.01
XAI Approach9490
DNN 5 layers93.189.4
PaPS Ensemble92.7792.99
UNR IDD
University of Nevada - Reno Intrusion Detection Dataset utilizes network port statistics for fine-grained analysis of intrusions.
Random Forest97.5397.79
XGBoost93.9895.15
LightGBM97.5397.79
MLP92.6994.26
Bagging Classifier-94
PaPS Ensemble99.7399.73

Ranked #1 on Leaderboard on 5 AI TasksLink Icon

State of the Art Model with F1 above 99% for Sherlock Dataset

leaderboard table

Synthetic Datasets

These datasets were created, using generative AI, by extending the world’s most acknowledged and popular datasets used for Intrusion detection, experiments and proofs. You are welcome to use them for your experiments and extend them.

  • CSE-CIC-IDS2018 V3
  • Based on Canadian Institute for Cybersecurity’s CSE-CIC-IDS2018 dataset that includes includes seven different attack scenarios: Brute-force, Heartbleed, Botnet, DoS, DDoS, Web attacks, and infiltration of the network from inside. This dataset is normalised and 1 new class called "Comb" is added which is a combination of synthesised data of multiple non-benign classes. The data is normalised and 1 new class "Comb" which is a combination of existing attacks is added.
  • Link Icon
  • CIC-IDS-2017 V2
  • Based on Canadian Institute for Cybersecurity’s Intrusion Detection Evaluation Dataset CSE-IDS2017 dataset that contains benign and the most up-to-date common attacks, which resembles the true real-world data (PCAPs) and the results of the network traffic analysis using CIC Flow meter with labelled flows based on the time stamp, source, and destination IPs, source and destination ports, protocols and attack
  • Link Icon
  • UNSW-NB15 V3
  • The dataset is normalised and 1 additional class is synthesised by mixing multiple non-benign classes and is based on The University of New South Wales’ UNSW-NB15 dataset. It has nine types of attacks, namely, Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms.
  • Link Icon
  • NSL KDD V2
  • This dataset is normalised and 1 additional class is synthesised by mixing multiple non-benign classes. It is based on University of New Brunswick and Canadian Institute of Cybersecurity’s NSL-KDD dataset, which itself is an improvement over Original KDD (Knowledge discovery and Data Mining Tools).
  • Link Icon

Research Papers

Submitted Research Papers

research paper

Attention to Patterns is all you need for Insider threat detection

This paper Introduces a fresh approach to insider threat detection in organisations. By leveraging advanced deep learning models such as Time-Distributed Deep Learning Architecture (TD-CNN-LSTM) and Contextually Aware Attention-Based Architecture (TD-CNN-Attention), this method enhances anomaly detection by capturing complex patterns in user behaviour. The combination of CNNs with LSTMs or attention mechanisms extracts spatial and temporal features from user access data, leading to significant accuracy and improvement in F1 scores. This research fonts a significant breakthrough in identifying insider threats, playing a pivotal role in fortifying the security of critical assets amid the constantly evolving threat landscape.
Keywords: Insider Threats, Deep Learning, Anomaly Detection, Time-Distributed, Contextually Aware Attention-Based Architecture, User Behaviour Pattern.

research paper

Partitioned Problem Space (PaPS) Ensemble For Zero-day Intrusion Detection

The ubiquity of low-cost cloud data storage has exponentially increased data generation, posing significant challenges to data security. Traditional intrusion detection systems struggle with the volume and speed of cloud data. This work introduces a novel partitioned problem space deep-learning ensemble approach, outperforming existing methods in zero-day intrusion detection tasks.
Keywords: Deep learning, neural learners, malware, intrusion detection, zero-day attack, ensemble, CIC IDS, UNSW NB-15, BODMAS, UNR IDD, cybersecurity.

research paper

Blender-GAN: Multi-target conditional Generative Adversarial Network for novel class synthetic data generation

The global increase in computer network usage necessitates robust intrusion detection systems, prompting the application of machine learning and deep learning models. Limited training data for deep neural networks is addressed by synthetic data generation, with Blender-GAN proposed as a novel approach allowing the creation of new data by blending multiple class labels. The architecture demonstrates success in generating realistic synthetic network intrusion data with varied attack classes..
Keywords: Generative Adversarial Network, Synthetic Data, Deep Learning, Network Intrusion, Attack classes.

research paper

Securing from Unseen: Connected Pattern Kernels (CoPaK) for Zero-day Intrusion Detection

The surge in data from digitization and cloud adoption requires advanced intrusion detection. Classic systems struggle with complexity, necessitating a proposed deep learning connected pattern kernel architecture. This model excels in zero-day intrusion detection, demonstrating superior performance and generalisation in monitoring network traffic.
Keywords: Deep Learning, Neural Networks, Machine Learning, Malware, Intrusion Detection, Zero-day attack, UNSW NB-15, BODMAS, UNR IDD, Cybersecurity.

On-going Research

Contextual Knowledge Networks

( Node Relevance based GNN Pruning )

1

Large Language Models

( Feedback based RAG Architecture )

1

Patents

Granted Patents

These patents have been granted to our chief in his past avatars.

  • US8676236BLink Icon
  • System, method, and computer program for generating a short message service (SMS) message using template codes
  • A system, method, and computer program product are provided for generating a short message service (SMS) message using template codes. In use, a message to be sent as a short message service (SMS) message is received. Additionally, a template associated with the message is identified. Further, at least one code associated with the template is identified. Moreover, the SMS message is generated using the at least one code.
  • US8760995B1Link Icon
  • System, method, and computer program for routing data in a wireless sensor network
  • A system, method, and computer program product are provided for routing data in a wireless sensor network. In use, sensed data is identified utilizing a first sensor node of a plurality of sensor nodes in a wireless sensor network, the sensor nodes each capable of sensing data. Additionally, a plurality of parameters associated with each route existing between the first sensor node and a gateway node in the wireless sensor network connecting the wireless sensor network to another network is received at the first sensor node from at least one second sensor node in direct communication with the first sensor node via the wireless communication network. Furthermore, one of the at least one second sensor node that is in direct communication with the first sensor node is selected, based on the parameters. Still yet, the sensed data is forwarded from the first sensor node to the selected second sensor node.
  • US8949733B1Link Icon
  • System, method, and computer program for displaying a subset of a plurality of fields to a user
  • A system, method, and computer program product are provided for displaying a subset of a plurality of fields to a user. In use, a plurality of fields for receiving input from a user is retrieved. Additionally, the plurality of fields is displayed to the user in a first window of a display. Further, a subset of the plurality of fields is displayed to the user in a second window of the display separate from the first window, where the second window is positioned according to a span of vision and an angle of vision of the user.
  • US8594095B1Link Icon
  • System, method, and computer program for modifying an 802.1Q and/or 802.1QinQ header to reduce a size of an associated data packet
  • A system, method, and computer program product are provided for modifying an 802.1Q and/or 802.1QinQ header to reduce a size of an associated data packet. In use, data to be communicated over a network is identified. Additionally, at least one data packet is generated for use in communicating the data over the network, where each data packet includes one of an 802.1Q and an 802.1QinQ Ethernet header. Furthermore, the Ethernet header is modified to reduce a size of the at least one data packet.
  • US9128587B1Link Icon
  • System, method, and computer program for presenting service options to a user utilizing a three-dimensional structure
  • A system, method, and computer program product are provided for presenting service options to a user utilizing a three-dimensional structure. In use, a first group of service options are presented to a user, utilizing a three-dimensional structure. Additionally, a selection of one or more of the first group of service options by the user is received. Further, a selection of a depth element associated with the three-dimensional structure by the user is received. Further still, a second group of service options are presented to the user utilizing the three-dimensional structure, based on the selection of the one or more of the first group of service options and the selection of the depth element.

Patents (in-filling)

Data Breach

3

Access Control

2

Data Classification

1

Breathing Security

1