Developing a Siamese Network for Intrusion Detection Systems

Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)
209 Downloads (Pure)


Machine Learning (ML) for developing Intrusion Detection Systems (IDS) is a fast-evolving research area that has many unsolved domain challenges. Current IDS models face two challenges that limit their performance and robustness. Firstly, they require large datasets to train and their performance is highly dependent on the dataset size. Secondly, zero-day attacks demand that machine learning models are retrained in order to identify future attacks of this type. However, the sophistication and increasing rate of cyber attacks make retraining time prohibitive for practical implementation. This paper proposes a new IDS model that can learn from pair similarities rather than class discriminative features. Learning similarities requires less data for training and provides the ability to flexibly adapt to new cyber attacks, thus reducing the burden of retraining. The underlying model is based on Siamese Networks, therefore, given a number of instances, numerous similar and dissimilar pairs can be generated. The model is evaluated using three mainstream IDS datasets; CICIDS2017, KDD Cup'99, and NSL-KDD. The evaluation results confirm the ability of the Siamese Network model to suit IDS purposes by classifying cyber attacks based on similarity-based learning. This opens a new research direction for building adaptable IDS models using non-conventional ML techniques.

Original languageEnglish
Title of host publicationEuroMLSys '21
Subtitle of host publicationProceedings of the 1st Workshop on Machine Learning and Systems
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages7
ISBN (Electronic)9781450382984
ISBN (Print)9781450382984
Publication statusPublished - 26 Apr 2021
Event1st Workshop on Machine Learning and Systems - Virtual, Edinburgh, United Kingdom
Duration: 26 Apr 202126 Apr 2021
Conference number: 1st


Workshop1st Workshop on Machine Learning and Systems
Abbreviated titleEuroMLSys
Country/TerritoryUnited Kingdom
Internet address


  • Intrusion detection
  • Siamese network
  • Artificial neural network
  • Few-shot learning
  • Machine learning
  • CICIDS2017
  • KDD Cup'99


Dive into the research topics of 'Developing a Siamese Network for Intrusion Detection Systems'. Together they form a unique fingerprint.

Cite this