DeepAI AI Chat
Log In Sign Up

An Adaptable Deep Learning-Based Intrusion Detection System to Zero-Day Attacks

by   Mahdi Soltani, et al.
Sharif Accelerator

The intrusion detection system (IDS) is an essential element of security monitoring in computer networks. An IDS distinguishes the malicious traffic from the benign one and determines the attack types targeting the assets of the organization. The main challenge of an IDS is facing new (i.e., zero-day) attacks and separating them from benign traffic and existing types of attacks. Along with the power of the deep learning-based IDSes in auto-extracting high-level features and its independence from the time-consuming and costly signature extraction process, the mentioned challenge still exists in this new generation of IDSes. In this paper, we propose a framework for deep learning-based IDSes addressing new attacks. This framework is the first approach using both deep novelty-based classifiers besides the traditional clustering based on the specialized layer of deep structures, in the security scope. Additionally, we introduce DOC++ as a newer version of DOC as a deep novelty-based classifier. We also employ the Deep Intrusion Detection (DID) framework for the preprocessing phase, which improves the ability of deep learning algorithms to detect content-based attacks. We compare four different algorithms (including DOC, DOC++, OpenMax, and AutoSVM) as the novelty classifier of the framework and use both the CIC-IDS2017 and CSE-CIC-IDS2018 datasets for the evaluation. Our results show that DOC++ is the best implementation of the open set recognition module. Besides, the completeness and homogeneity of the clustering and post-training phase prove that this model is good enough for the supervised labeling and updating phase.


page 1

page 6

page 7


A Multi-Agent Adaptive Deep Learning Framework for Online Intrusion Detection

The network security analyzers use intrusion detection systems (IDSes) t...

A Content-Based Deep Intrusion Detection System

By growing the number of Internet users and the prevalence of web applic...

Prepare for Trouble and Make it Double. Supervised and Unsupervised Stacking for AnomalyBased Intrusion Detection

In the last decades, researchers, practitioners and companies struggled ...

Novelty Detection in Network Traffic: Using Survival Analysis for Feature Identification

Intrusion Detection Systems are an important component of many organizat...

Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems

The increase of cyber attacks in both the numbers and varieties in recen...

Hack The Box: Fooling Deep Learning Abstraction-Based Monitors

Deep learning is a type of machine learning that adapts a deep hierarchy...