Model Update based on Data Augmentation and Transfer Learning for Intrusion Detection in Networks
Abstract
In this paper, we present an approach for updating the machine learning model for intrusion detection. Initially, the network traffic is augmented by Generative Adversarial Networks (GANs). Next, model updates are performed by Transfer Learning over the augmented dataset. The number of instances to be labeled and the computational costs of the model updates are decreased significantly in the proposal. The experimentation was done on a dataset of 8TB (1-year network traffic), demonstrating the inefficiency of literature work to detect changes in network traffic behavior. In the case of our model, the false positive rate decreased by up to 18.1% when applied periodic updates. The updates involved only 2.3% of the dataset instances, with a 14% decrease in computational cost.
Keywords:
Transfer Learning, Data Augmentation, NIDS, Machine Learning
References
Abreu, V., Santin, A. O., Viegas, E. K., and Cogo, V. V. (2020). Identity and access management for IoT in smart grid. In Advanced Information Networking and Applications, pages 1215–1226. Springer International Publishing.
Andresini, G., Appice, A., Rose, L. D., and Malerba, D. (2021). GAN augmentation to deal with imbalance in imaging-based intrusion detection. Future Generation Computer Systems, 123:108–127.
Benaddi, H., Ibrahimi, K., Benslimane, A., and Qadir, J. (2020). A deep reinforcement learning based intrusion detection system (DRL-IDS) for securing wireless sensor networks and internet of things. In Lecture Notes of the Institute for Computer Sciences, pages 73–87.
dos Santos, R. R., Viegas, E. K., Santin, A., and Cogo, V. V. (2020). A long-lasting rein- forcement learning intrusion detection model. In Advanced Information Networking and Applications, pages 1437–1448. Springer International Publishing.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gao, X., Shan, C., Hu, C., Niu, Z., and Liu, Z. (2019). An adaptive ensemble machine learning model for intrusion detection. IEEE Access, 7:82512–82521.
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022). Toward feasible machine learning model updates in network-based intrusion detection. Computer Networks, 202:108618.
Li, X., Hu, Z., Xu, M., Wang, Y., and Ma, J. (2021). Transfer learning based intrusion detection scheme for internet of vehicles. Information Sciences, 547:119–135.
Liang, J. and Ma, M. (2021). Co-maintained database based on blockchain for idss: A lifetime learning framework. IEEE Transactions on Network and Service Management, pages 1–1.
Martindale, N., Ismail, M., and Talbert, D. A. (2020). Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data. Information, 11(6):315.
MAWI (2021). MAWI Working Group Traffic Archive - Samplepoint F.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Otokwala, U., Petrovski, A., and Kalutarage, H. (2021). Improving intrusion detection through training data augmentation. In International Conference on Security of Information and Networks (SIN). IEEE.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 - IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 IEEE Int. Conf. on Communications (ICC), pages 1–6.
Xu, L., Skoularidou, M., Cuesta-Infante, A., and Veeramachaneni, K. (2019). Modeling tabular data using conditional gan. In Advances in Neural Information Processing Systems.
Yuan, Y., Huo, L., and Hogrefe, D. (2017). Two layers multi-class detection method for network intrusion detection system. In 2017 IEEE Symposium on Computers and Communications (ISCC). IEEE
Andresini, G., Appice, A., Rose, L. D., and Malerba, D. (2021). GAN augmentation to deal with imbalance in imaging-based intrusion detection. Future Generation Computer Systems, 123:108–127.
Benaddi, H., Ibrahimi, K., Benslimane, A., and Qadir, J. (2020). A deep reinforcement learning based intrusion detection system (DRL-IDS) for securing wireless sensor networks and internet of things. In Lecture Notes of the Institute for Computer Sciences, pages 73–87.
dos Santos, R. R., Viegas, E. K., Santin, A., and Cogo, V. V. (2020). A long-lasting rein- forcement learning intrusion detection model. In Advanced Information Networking and Applications, pages 1437–1448. Springer International Publishing.
Fontugne, R., Borgnat, P., Abry, P., and Fukuda, K. (2010). MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In Proc. of the 6th Int. Conf. on emerging Networking EXperiments and Technologies (CoNEXT).
Gao, X., Shan, C., Hu, C., Niu, Z., and Liu, Z. (2019). An adaptive ensemble machine learning model for intrusion detection. IEEE Access, 7:82512–82521.
Gates, C. and Taylor, C. (2006). Challenging the anomaly detection paradigm: A provocative discussion. In Proceedings of the 2006 Workshop on New Security Paradigms, NSPW ’06, page 21–29, New York, NY, USA. Association for Computing Machinery.
Horchulhack, P., Viegas, E. K., and Santin, A. O. (2022). Toward feasible machine learning model updates in network-based intrusion detection. Computer Networks, 202:108618.
Li, X., Hu, Z., Xu, M., Wang, Y., and Ma, J. (2021). Transfer learning based intrusion detection scheme for internet of vehicles. Information Sciences, 547:119–135.
Liang, J. and Ma, M. (2021). Co-maintained database based on blockchain for idss: A lifetime learning framework. IEEE Transactions on Network and Service Management, pages 1–1.
Martindale, N., Ismail, M., and Talbert, D. A. (2020). Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data. Information, 11(6):315.
MAWI (2021). MAWI Working Group Traffic Archive - Samplepoint F.
Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Trans. on Network and Service Management, 17(4):2451–2479.
Otokwala, U., Petrovski, A., and Kalutarage, H. (2021). Improving intrusion detection through training data augmentation. In International Conference on Security of Information and Networks (SIN). IEEE.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 - IEEE International Conference on Communications. IEEE.
Sommer, R. and Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305–316.
Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473–485.
Viegas, E. K., Santin, A. O., Cogo, V. V., and Abreu, V. (2020). A reliable semi-supervised intrusion detection model: One year of network traffic anomalies. In ICC 2020 IEEE Int. Conf. on Communications (ICC), pages 1–6.
Xu, L., Skoularidou, M., Cuesta-Infante, A., and Veeramachaneni, K. (2019). Modeling tabular data using conditional gan. In Advances in Neural Information Processing Systems.
Yuan, Y., Huo, L., and Hogrefe, D. (2017). Two layers multi-class detection method for network intrusion detection system. In 2017 IEEE Symposium on Computers and Communications (ISCC). IEEE
Published
2022-09-12
How to Cite
HORCHULHACK, Pedro; VIEGAS, Eduardo K.; SANTIN, Altair O.; GEREMIAS, Jhonatan.
Model Update based on Data Augmentation and Transfer Learning for Intrusion Detection in Networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 223-235.
DOI: https://doi.org/10.5753/sbseg.2022.225395.
