M-IDAS: MULTI-MODAL INTRUSION DETECTION AND ANALYTIC SYSTEM

23 Sept 2023 (modified: 25 Mar 2024)ICLR 2024 Conference Withdrawn SubmissionEveryoneRevisionsBibTeX
Keywords: Multi-modal, Intrusion detection, Interpretation analysis
TL;DR: We propose the M-IDAS, a novel intrusion detection model that emphasizes enhanced detection and interpretation analytics by integrating multi-modal fusion representations from varied intrusion data sources.
Abstract: The analysis of modern intrusion often needs to consider the correlation between patterns from different channels such as network traffic, host behavior, and device status to achieve accurate intrusion detection. However, existing research predominantly employs single-modal data for intrusion detection & explanation, a method that, though operationally straightforward, provides constrained representational capacity for complex cases. How to leverage multi-modal fusion representations for intrusion detection and interpretation from diverse data channels remains a key challenge. In this paper, we propose a new cross-domain multi-modal intrusion detection model called Multi-modal Intrusion Detection and Analytic System, M-IDAS, which is based on bidirectional encoder representations from transformers. This model employs modal fusion to unify different intrusion data and pre-trains attack behavior context representations from extensive unlabeled multi-modal fused data. The pre-trained model can be fine-tuned with minimal labeled data specific to tasks, achieving state-of-the-art performance across various intrusion detection scenarios. Notably, through an analysis of model attentions during detection, we provide traceability and interpretative insights into network attack behaviors, offering a profound understanding of the network attack process.
Supplementary Material: pdf
Primary Area: visualization or interpretation of learned representations
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 7414
Loading