Skip to Main content Skip to Navigation
Conference papers

A near-autonomous and incremental intrusion detection system through active learning of known and unknown attacks

Lynda Boukela 1 Gongxuan Zhang 1 Meziane Yacoub 2 Samia Bouzefrane 3 
2 CEDRIC - MSDMA - CEDRIC. Méthodes statistiques de data-mining et apprentissage
CEDRIC - Centre d'études et de recherche en informatique et communications
3 CEDRIC - ROC - CEDRIC. Réseaux et Objets Connectés
CEDRIC - Centre d'études et de recherche en informatique et communications
Abstract : Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled. Therefore, in this paper, after highlighting these issues, we present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks. The IDS is composed of supervised and unsupervised modules, namely, a Deep Neural Network (DNN) and the K-Nearest Neighbors (KNN) algorithm, respectively. The proposed system is near-autonomous since the intervention of the expert is minimized through the active learning (AL) approach. A query strategy for the labeling process is presented, it aims at teaching the supervised module to detect unknown attacks and improve the detection of the already-known attacks. This teaching is achieved through sliding windows (SW) in an incremental fashion where the DNN is retrained when the data is available over time, thus rendering the IDS adaptive to cope with the evolutionary aspect of the network traffic. A set of experiments was conducted on the CICIDS2017 dataset in order to evaluate the performance of the IDS, promising results were obtained.
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03381663
Contributor : Samia BOUZEFRANE Connect in order to contact the contributor
Submitted on : Sunday, October 17, 2021 - 5:02:39 PM
Last modification on : Wednesday, September 28, 2022 - 5:57:57 AM
Long-term archiving on: : Tuesday, January 18, 2022 - 6:21:13 PM

File

SPAC2021_paper_44.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Lynda Boukela, Gongxuan Zhang, Meziane Yacoub, Samia Bouzefrane. A near-autonomous and incremental intrusion detection system through active learning of known and unknown attacks. IEEE International Conference on Security, Pattern Analysis, and Cybernetics, Jun 2021, Chengdu, China. pp.374-379, ⟨10.1109/SPAC53836.2021.9539947⟩. ⟨hal-03381663⟩

Share

Metrics

Record views

49

Files downloads

68