A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems

Abdelmoumin, Ghada; Whitaker, Jessica; Rawat, Danda B.; Rahman, Abdul

doi:10.3390/electronics11020213

Cited by 9 publications

(2 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these methods highly depend on a vast amount of fully labelled data, which is expensive to collect and labourious to annotate. This is particularly difficult for IoT intrusion (II) detection, since data generated by IoT devices usually involves user privacy issues [13], [14], which hinder the publication of IoT intrusion detection data. Besides, these ML models are less capable of handling newly emerged intrusion types due to the shortage of annotated data.…”

Section: Introductionmentioning

confidence: 99%

Joint Semantic Transfer Network for IoT Intrusion Detection

Wang

Xie

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

In this paper, we propose a Joint Semantic Transfer Network (JSTN) towards effective intrusion detection for large-scale scarcely labelled IoT domain. As a multi-source heterogeneous domain adaptation (MS-HDA) method, the JSTN integrates a knowledge rich network intrusion (NI) domain and another small-scale IoT intrusion (II) domain as source domains, and preserves intrinsic semantic properties to assist target II domain intrusion detection. The JSTN jointly transfers the following three semantics to learn a domain-invariant and discriminative feature representation. The scenario semantic endows source NI and II domain with characteristics from each other to ease the knowledge transfer process via a confused domain discriminator and categorical distribution knowledge preservation. It also reduces the source-target discrepancy to make the shared feature space domain-invariant. Meanwhile, the weighted implicit semantic transfer boosts discriminability via a fine-grained knowledge preservation, which transfers the source categorical distribution to the target domain. The source-target divergence guides the importance weighting during knowledge preservation to reflect the degree of knowledge learning. Additionally, the hierarchical explicit semantic alignment performs centroid-level and representative-level alignment with the help of a geometric similarity-aware pseudo-label refiner, which exploits the value of unlabelled target II domain and explicitly aligns feature representations from a global and local perspective in a concentrated manner. Comprehensive experiments on various tasks verify the superiority of the JSTN against state-of-the-art comparing methods, on average a 10.3% of accuracy boost is achieved. The statistical soundness of each constituting component and the computational efficiency are also verified.

show abstract

Section: Introductionmentioning

confidence: 99%

Joint Semantic Transfer Network for IoT Intrusion Detection

Wang

Xie

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…This solution not only makes it possible to assess the performance of various IDS implementations against adversarial traffic but also, more important, allows for the improvement of IDS detection by including generated adversarial traffic in the training phase of the IDS. Other research papers are discussing different approaches to use GAN de detect network intrusions [ 15 , 16 , 17 , 18 , 19 , 20 , 21 ]. The principle of the GAN is shown in Figure 1 .…”

Section: Introductionmentioning

confidence: 99%

Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network

Mari

Zinca

Dobrota

2023

Sensors

View full text Add to dashboard Cite

Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)—i.e., an architecture based on a deep-learning algorithm capable of creating generative models—was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance.

show abstract