Abordagem de Aprendizado Incremental para Sistemas de Detecção de Intrusão: Combatendo o Esquecimento Catastrófico
Abstract
With the increase in the storage of corporate data in the digital environment, cybercriminals are attracted and can cause serious damage. In this context, Intrusion Detection Systems are tools used for detection of cyber attacks.Currently, these systems have employed traditional machine learning models. However, such models require periodic retraining with the entire database to detect new intrusion techniques. In this work, we propose the use of incremental learning to incorporate knowledge of new attack patterns without the need to retrain the model from scratch and avoid catastrophic forgetting. For this purpose, an incremental learning methodology was developed, covering data handling, model construction, and evaluation of the final models. Experimental results demonstrate that the constructed model learned new attacks without forgetting what it had already learned. The final metrics obtained for precision, recall, and F1-score were above 87%, and an accuracy of 98.89% was achieved.
References
Uttam Adhikari and et. al Morris. Adaptive trees for real-time cyber-power event and intrusion classification. Disponível em: [link]. Acesso em: 09 mar. 2023., 2019.
Suresh Kumar Amalapuram, Akash Tadwai, Reethu Vinta, Sumohana S Channappayya, and Bheemarjuna Reddy Tamma. Continual learning for anomaly based network intrusion detection. pages 497–505, 2022.
Masayoshi Data, Mahendra ; Aritsugi. T-dfnn: An incremental learning algorithm for intrusion detection systems. IEEE Access, 9:154156–154171, 2021.
Heitor M Gomes and et. al Bifet. Adaptive random forests for evolving data stream classification. Disponível em: [link]. Acesso em: 09 mar. 2023., 2017.
Max Halford, Geoffrey Bolmier, Raphael Sourty, Robin Vaysse, and Adil Zouitine. creme, a Python library for online machine learning, 2019. URL [link].
Steffen Herbold. Autorank: A python package for automated ranking of classifiers. Journal of Open Source Software, 5(48):2173, 2020. doi: 10.21105/joss.02173. URL https://doi.org/10.21105/joss.02173.
Pedro Horchulhack, Eduardo K Viegas, Altair O Santin, and Jhonatan Geremias. Atualizaçao de modelo baseado em aumento de dados e transferência de aprendizagem para detecçao de intrusao em redes. In Anais do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 223–235. SBC, 2022.
Lipika ; Elizondo David Kenyon, Anthony ; Deka. Are public intrusion datasets fit for purpose characterising the state of the art in intrusion event datasets. Computers & Security, 99:102022, 2020.
Farah Barika Louati, Faten ; Ktata. A deep learning-based multi-agent system for intrusion detection. SN Applied Sciences, 2(4):675, 2020.
Ali Mahdavi, Ehsan; Fanian and Zahra Mirzaei, Abdolreza ; Taghiyarrenani. Itl-ids: Incremental transfer learning for intrusion detection systems. Knowledge-Based Systems, 253:109542, 2022.
Tom Michael Mitchell et al. Machine learning, volume 1. McGraw-hill New York, 2007. Jacob Montiel, Jesse Read, Albert Bifet, and Talel Abdessalem. Scikit-multiflow: A multi-output streaming framework. Journal of Machine Learning Research, 19(72): 1–5, 2018. URL [link].
Jacob Montiel, Max Halford, Saulo Martiello Mastelini, Geoffrey Bolmier, Raphael Sourty, Robin Vaysse, Adil Zouitine, Heitor Murilo Gomes, Jesse Read, Talel Abdessalem, et al. River: machine learning for streaming data in python. 2021.
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830, 2011.
Biju Shah, Syed Ali Raza ; Issac. Performance comparison of intrusion detection systems and application of machine learning to snort system. Future Generation Computer Systems, 80:157–170, 2018.
Arash Habibi ; Ghorbani Ali A Sharafaldin, Iman ; Lashkari. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116, 2018.
Dimitra ; Giannoutakis Konstantinos M ; Drosou Anastasios ; Tzovaras Dimitrios Toupas, Petros ; Chamou. An intrusion detection system for multi-class classification based on deep neural networks. pages 1253–1258, 2019.
