DI-NIDS: Domain Invariant Network Intrusion Detection System

by   Siamak Layeghy, et al.

The performance of machine learning based network intrusion detection systems (NIDSs) severely degrades when deployed on a network with significantly different feature distributions from the ones of the training dataset. In various applications, such as computer vision, domain adaptation techniques have been successful in mitigating the gap between the distributions of the training and test data. In the case of network intrusion detection however, the state-of-the-art domain adaptation approaches have had limited success. According to recent studies, as well as our own results, the performance of an NIDS considerably deteriorates when the `unseen' test dataset does not follow the training dataset distribution. In some cases, swapping the train and test datasets makes this even more severe. In order to enhance the generalisibility of machine learning based network intrusion detection systems, we propose to extract domain invariant features using adversarial domain adaptation from multiple network domains, and then apply an unsupervised technique for recognising abnormalities, i.e., intrusions. More specifically, we train a domain adversarial neural network on labelled source domains, extract the domain invariant features, and train a One-Class SVM (OSVM) model to detect anomalies. At test time, we feedforward the unlabeled test data to the feature extractor network to project it into a domain invariant space, and then apply OSVM on the extracted features to achieve our final goal of detecting intrusions. Our extensive experiments on the NIDS benchmark datasets of NFv2-CIC-2018 and NFv2-UNSW-NB15 show that our proposed setup demonstrates superior cross-domain performance in comparison to the previous approaches.


Detect Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

In the last decade, the use of Machine Learning techniques in anomaly-ba...

Orthogonal variance-based feature selection for intrusion detection systems

In this paper, we apply a fusion machine learning method to construct an...

Flow-based Network Intrusion Detection Based on BERT Masked Language Model

A Network Intrusion Detection System (NIDS) is an important tool that id...

Domain Adaptation for Satellite-Borne Hyperspectral Cloud Detection

The advent of satellite-borne machine learning hardware accelerators has...

On Generalisability of Machine Learning-based Network Intrusion Detection Systems

Many of the proposed machine learning (ML) based network intrusion detec...

Learning Domain-Invariant Subspace using Domain Features and Independence Maximization

Domain adaptation algorithms are useful when the distributions of the tr...

Multidomain transformer-based deep learning for early detection of network intrusion

Timely response of Network Intrusion Detection Systems (NIDS) is constra...

Please sign up or login with your details

Forgot password? Click here to reset