Related papers: CND-IDS: Continual Novelty Detection for Intrusion Detection Systems

CND-IDS: Continual Novelty Detection for Intrusion Detection Systems

URL: http://arxiv.org/abs/2502.14094v1
Date: Wed, 19 Feb 2025 20:47:22 GMT
Title: CND-IDS: Continual Novelty Detection for Intrusion Detection Systems
Authors: Sean Fuhrman, Onat Gungor, Tajana Rosing,
Abstract summary: Intrusion detection systems (IDS) play a crucial role in IoT and network security by monitoring system data and alerting to suspicious activities. Machine learning (ML) has emerged as a promising solution for IDS, offering highly accurate intrusion detection. We propose CND-IDS, a continual novelty detection IDS framework which consists of (i) a learning-based feature extractor that continuously updates new feature representations of the system data, and (ii) a novelty detector that identifies new cyber attacks by leveraging principal component analysis (PCA) reconstruction.
Score: 7.196884299359838
License:
Abstract: Intrusion detection systems (IDS) play a crucial role in IoT and network security by monitoring system data and alerting to suspicious activities. Machine learning (ML) has emerged as a promising solution for IDS, offering highly accurate intrusion detection. However, ML-IDS solutions often overlook two critical aspects needed to build reliable systems: continually changing data streams and a lack of attack labels. Streaming network traffic and associated cyber attacks are continually changing, which can degrade the performance of deployed ML models. Labeling attack data, such as zero-day attacks, in real-world intrusion scenarios may not be feasible, making the use of ML solutions that do not rely on attack labels necessary. To address both these challenges, we propose CND-IDS, a continual novelty detection IDS framework which consists of (i) a learning-based feature extractor that continuously updates new feature representations of the system data, and (ii) a novelty detector that identifies new cyber attacks by leveraging principal component analysis (PCA) reconstruction. Our results on realistic intrusion datasets show that CND-IDS achieves up to 6.1x F-score improvement, and up to 6.5x improved forward transfer over the SOTA unsupervised continual learning algorithm. Our code will be released upon acceptance.

Related papers

A Robust Multi-Stage Intrusion Detection System for In-Vehicle Network Security using Hierarchical Federated Learning [0.0]
In-vehicle intrusion detection systems (IDSs) must detect seen attacks and provide a robust defense against new, unseen attacks. Previous work has relied solely on the CAN ID feature or has used traditional machine learning (ML) approaches with manual feature extraction. This paper introduces a cutting-edge, novel, lightweight, in-vehicle, IDS-leveraging, deep learning (DL) algorithm to address these limitations.
arXiv Detail & Related papers (2024-08-15T21:51:56Z)
Multimodal Large Language Models for Phishing Webpage Detection and Identification [29.291474807301594]
We study the efficacy of large language models (LLMs) in detecting phishing webpages. Our system achieves a high detection rate at high precision. It also provides interpretable evidence for the decisions.
arXiv Detail & Related papers (2024-08-12T06:36:08Z)
Federated PCA on Grassmann Manifold for IoT Anomaly Detection [23.340237814344384]
Traditional machine learning-based intrusion detection systems (ML-IDS) possess limitations such as the requirement for labeled data. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions. This paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that learns common representations of distributed non-i.i.d. datasets.
arXiv Detail & Related papers (2024-07-10T07:23:21Z)
Multi-agent Reinforcement Learning-based Network Intrusion Detection System [3.4636217357968904]
Intrusion Detection Systems (IDS) play a crucial role in ensuring the security of computer networks. We propose a novel multi-agent reinforcement learning (RL) architecture, enabling automatic, efficient, and robust network intrusion detection. Our solution introduces a resilient architecture designed to accommodate the addition of new attacks and effectively adapt to changes in existing attack patterns.
arXiv Detail & Related papers (2024-07-08T09:18:59Z)
An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks [0.0]
Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection. Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. An incremental hybrid adaptive Network Intrusion Detection System (NIDS) is proposed to tackle the issue of concept drift in SDN.
arXiv Detail & Related papers (2024-04-01T13:33:40Z)
RIDE: Real-time Intrusion Detection via Explainable Machine Learning Implemented in a Memristor Hardware Architecture [24.824596231020585]
We propose a packet-level network intrusion detection solution that makes use of Recurrent Autoencoders to integrate an arbitrary-length sequence of packets into a more compact joint feature embedding. We show that our approach leads to an extremely efficient, real-time solution with high detection accuracy at the packet level.
arXiv Detail & Related papers (2023-11-27T17:30:19Z)
OMINACS: Online ML-Based IoT Network Attack Detection and Classification System [0.0]
This paper proposes an online attack detection and network traffic classification system. It combines stream Machine Learning, Deep Learning, and Ensemble Learning technique. It can detect the presence of malicious traffic flows and classify them according to the type of attack they represent.
arXiv Detail & Related papers (2023-02-18T04:06:24Z)
CANShield: Signal-based Intrusion Detection for Controller Area Networks [29.03951113836835]
We propose CANShield, a signal-based intrusion detection framework for the CAN bus. CanShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level; a data analyzer module consisting of multiple deep autoencoder networks, each analyzing the time-series data from a different temporal perspective; and an attack detection module that uses an ensemble method to make the final decision.
arXiv Detail & Related papers (2022-05-03T04:52:44Z)
The Cross-evaluation of Machine Learning-based Network Intrusion Detection Systems [23.652608408269366]
ML-NIDS must be trained and evaluated, operations requiring data where benign and malicious samples are clearly labelled. We propose the first framework, XeNIDS, for reliable cross-evaluations based on Network Flows. By using XeNIDS on six well-known datasets, we demonstrate the concealed potential, but also the risks of cross-evaluations of ML-NIDS.
arXiv Detail & Related papers (2022-03-09T12:59:44Z)
Towards a Privacy-preserving Deep Learning-based Network Intrusion Detection in Data Distribution Services [0.0]
Data Distribution Service (DDS) is an innovative approach towards communication in ICS/IoT infrastructure and robotics. Traditional intrusion detection systems (IDS) do not detect any anomalies in the publish/subscribe method. This report presents an experimental work on simulation and application of Deep Learning for their detection.
arXiv Detail & Related papers (2021-06-12T12:53:38Z)
TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.