Abstract
Machine Learning (ML) for developing Intrusion Detection Systems (IDS) is a fast-evolving research area that has many unsolved domain challenges. Current IDS models face two challenges that limit their performance and robustness. Firstly, they require large datasets to train and their performance is highly dependent on the dataset size. Secondly, zero-day attacks demand that machine learning models are retrained in order to identify future attacks of this type. However, the sophistication and increasing rate of cyber attacks make retraining time prohibitive for practical implementation. This paper proposes a new IDS model that can learn from pair similarities rather than class discriminative features. Learning similarities requires less data for training and provides the ability to flexibly adapt to new cyber attacks, thus reducing the burden of retraining. The underlying model is based on Siamese Networks, therefore, given a number of instances, numerous similar and dissimilar pairs can be generated. The model is evaluated using three mainstream IDS datasets; CICIDS2017, KDD Cup'99, and NSL-KDD. The evaluation results confirm the ability of the Siamese Network model to suit IDS purposes by classifying cyber attacks based on similarity-based learning. This opens a new research direction for building adaptable IDS models using non-conventional ML techniques.
Original language | English |
---|---|
Title of host publication | EuroMLSys '21 |
Subtitle of host publication | Proceedings of the 1st Workshop on Machine Learning and Systems |
Place of Publication | New York |
Publisher | Association for Computing Machinery (ACM) |
Pages | 120-126 |
Number of pages | 7 |
ISBN (Electronic) | 9781450382984 |
ISBN (Print) | 9781450382984 |
DOIs | |
Publication status | Published - 26 Apr 2021 |
Event | 1st Workshop on Machine Learning and Systems - Virtual, Edinburgh, United Kingdom Duration: 26 Apr 2021 → 26 Apr 2021 Conference number: 1st https://www.euromlsys.eu/ |
Workshop
Workshop | 1st Workshop on Machine Learning and Systems |
---|---|
Abbreviated title | EuroMLSys |
Country/Territory | United Kingdom |
City | Edinburgh |
Period | 26/04/21 → 26/04/21 |
Internet address |
Keywords
- Intrusion detection
- Siamese network
- Artificial neural network
- Few-shot learning
- Machine learning
- CICIDS2017
- KDD Cup'99
- NSL-KDD
Fingerprint
Dive into the research topics of 'Developing a Siamese Network for Intrusion Detection Systems'. Together they form a unique fingerprint.Student theses
-
Intrusion Detection Systems using Machine Learning and Deep Learning techniques
Hindy, H. (Author), Coull, N. (Supervisor), Bayne, E. (Supervisor), Elsayed, S. H. (Supervisor) & Bellekens, X. (Supervisor), 7 Sept 2021Student thesis: Doctoral Thesis
File