Contrastive Autoencoding with Gaussian Confidence Regions for Concept Drift Detection in IDS
Abstract
Intrusion Detection Systems (IDS) are essential for network security; however, the growing complexity of cyberattacks challenges traditional signature-based and anomaly-based approaches, which struggle to detect novel threats while maintaining low false positive rates. In dynamic environments, evolving attack strategies cause concept drift that degrade the performance of static models. To address this, we propose a novel machine learning approach that integrates an autoencoder with contrastive learning and models known attack classes using Gaussian-based confidence regions. Experimental results show that the proposed classifier outperforms the baseline approach, achieving a higher average F1-score (0.39 vs. 0.25) due to the adaptability of hyperellipsoidal confidence regions.References
Abdulganiyu, O., Ait Tchakoucht, T., and Saheed, Y. (2023). A systematic literature review for network intrusion detection system (ids). International Journal of Information Security, 22:1125–1162.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). Smote: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Chew, V. (1966). Confidence, prediction, and tolerance regions for the multivariate normal distribution. Journal of the American Statistical Association, 61(315):605–617.
Chopra, S., Hadsell, R., and LeCun, Y. (2005). Learning a similarity metric discriminatively, with application to face verification. In 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’05), volume 1, pages 539–546 vol. 1.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. Neural Networks, IEEE Transactions on, 22:1517 – 1531.
Escovedo, T., Koshiyama, A., da Cruz, A. A., and Vellasco, M. (2018). Detecta: abrupt concept drift detection in non-stationary environments. Applied Soft Computing, 62:119–133. 24 nov. 2024.
Kocher, G. and Kumar, G. (2021). Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges. Soft Comput., 25(15):9731–9763. 24 nov. 2024.
Kuppa, A. and Le-Khac, N.-A. (2022). Learn to adapt: Robust drift detection in security domain. Computers and Electrical Engineering, 102:108239. 24 nov. 2024.
Le-Khac, P. H., Healy, G., and Smeaton, A. F. (2020). Contrastive representation learning: A framework and review. IEEE Access, 8:193907–193934.
Liu, H. and Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20). 24 nov. 2024.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Ozkan-Okay, M., Samet, R., Aslan, , and Gupta, D. (2021). A comprehensive systematic literature review on intrusion detection systems. IEEE Access, 9:157727–157760.
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy, pages 108–116.
Yang, L., Guo, W., Hao, Q., Ciptadi, A., Ahmadzadeh, A., Xing, X., and Wang, G. (2021). Cade: Detecting and explaining concept drift samples for security applications. In Proc. of USENIX Security, pages 2327–2344.
Chawla, N. V., Bowyer, K. W., Hall, L. O., and Kegelmeyer, W. P. (2002). Smote: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Chew, V. (1966). Confidence, prediction, and tolerance regions for the multivariate normal distribution. Journal of the American Statistical Association, 61(315):605–617.
Chopra, S., Hadsell, R., and LeCun, Y. (2005). Learning a similarity metric discriminatively, with application to face verification. In 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’05), volume 1, pages 539–546 vol. 1.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. Neural Networks, IEEE Transactions on, 22:1517 – 1531.
Escovedo, T., Koshiyama, A., da Cruz, A. A., and Vellasco, M. (2018). Detecta: abrupt concept drift detection in non-stationary environments. Applied Soft Computing, 62:119–133. 24 nov. 2024.
Kocher, G. and Kumar, G. (2021). Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges. Soft Comput., 25(15):9731–9763. 24 nov. 2024.
Kuppa, A. and Le-Khac, N.-A. (2022). Learn to adapt: Robust drift detection in security domain. Computers and Electrical Engineering, 102:108239. 24 nov. 2024.
Le-Khac, P. H., Healy, G., and Smeaton, A. F. (2020). Contrastive representation learning: A framework and review. IEEE Access, 8:193907–193934.
Liu, H. and Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20). 24 nov. 2024.
Moustafa, N. and Slay, J. (2015). Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS), pages 1–6.
Ozkan-Okay, M., Samet, R., Aslan, , and Gupta, D. (2021). A comprehensive systematic literature review on intrusion detection systems. IEEE Access, 9:157727–157760.
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy, pages 108–116.
Yang, L., Guo, W., Hao, Q., Ciptadi, A., Ahmadzadeh, A., Xing, X., and Wang, G. (2021). Cade: Detecting and explaining concept drift samples for security applications. In Proc. of USENIX Security, pages 2327–2344.
Published
2025-09-01
How to Cite
VIEIRA, Lincoln Q.; CHOREN, Ricardo; SANT’ANA, Ricardo.
Contrastive Autoencoding with Gaussian Confidence Regions for Concept Drift Detection in IDS. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 995-1002.
DOI: https://doi.org/10.5753/sbseg.2025.10493.
