Deep ResNIDS: A Multistage AI Framework for Novelty Detection in Network Traffic

Soumyadeep Hore; Ankit Shah; Nathaniel D. Bastian; Jalal Ghadermazi

Deep ResNIDS: A Multistage AI Framework for Novelty Detection in Network Traffic

Soumyadeep Hore, Ankit Shah, Nathaniel D. Bastian, Jalal Ghadermazi

22 Sept 2023 (modified: 25 Mar 2024)ICLR 2024 Conference Desk Rejected SubmissionEveryoneRevisionsBibTeX

Keywords: Multistage network intrusion detection system, novelty detector, anomaly detector, malicious packet classifier, sequential deep neural network architectures

TL;DR: A resilient multistage framework featuring a novel sequence of deep neural network architectures designed to identify emerging network traffic patterns.

Abstract: Ensuring computer and network system security is crucial in today's digital landscape. Network intrusion detection systems (NIDS) monitor network traffic to identify potential threats. However, traditional NIDS struggle to adapt to evolving cyberattack tactics. To address this, we propose an AI-enabled novelty detection framework to handle zero-day, out-of-distribution, and adversarial evasion attacks. Our framework comprises three sequential deep neural network architectures: one for the classifier and two for specific autoencoders, designed to effectively detect both known attack patterns and novel, previously unseen samples. We use innovative transfer learning, unfreezing specific neurons, and layer combinations to enhance resilience. Leveraging the one-shot learning approach in the transfer learning component of the framework, we demonstrate continuous improvement in detection accuracy for both known and novel network traffic patterns. Our experiments on benchmark intrusion detection data sets achieved, on average, 98.5% accuracy in detecting various attacks.

Primary Area: general machine learning (i.e., none of the above)

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 6310

Loading