Go to OpenReview Archive homepageNeurosymbolic Artificial Intelligence for Robust Network Intrusion Detection: From Scratch to Transfer Learning
Abstract: Network Intrusion Detection Systems (NIDS) play a vital role in protecting digital infrastructures
against increasingly sophisticated cyber threats. In this paper, we extend ODXU, a Neurosymbolic
AI (NSAI) framework that integrates deep embedded clustering for feature extraction, symbolic
reasoning using XGBoost, and comprehensive uncertainty quantification (UQ) to enhance robustness,
interpretability, and generalization in NIDS. The extended ODXU incorporates score-based methods
(e.g., Confidence Scoring, Shannon Entropy) and metamodel-based techniques, including SHAP
values and Information Gain, to assess the reliability of predictions. Experimental results on the
CIC-IDS-2017 dataset show that ODXU outperforms traditional neural models across six evaluation
metrics, including classification accuracy and false omission rate. While transfer learning has seen
widespread adoption in fields such as computer vision and natural language processing, its potential
in cybersecurity has not been thoroughly explored. To bridge this gap, we develop a transfer learning
strategy that enables the reuse of a pre-trained ODXU model on a different dataset. Our ablation
study on ACI-IoT-2023 demonstrates that the optimal transfer configuration involves reusing the
pre-trained autoencoder, retraining the clustering module, and fine-tuning the XGBoost classifier, and
outperforms traditional neural models when trained with as few as 16,000 samples (approximately
50% of the training data). Additionally, results show that metamodel-based UQ methods consistently
outperform score-based approaches on both datasets.
Loading