Implementing continual learning in autoencoders for Network Intrusion Detection Systems in a practical use case
Keywords
Loading...
Authors
Issue Date
2024-06-27
Language
en
Document type
Journal Title
Journal ISSN
Volume Title
Publisher
Title
ISSN
Volume
Issue
Startpage
Endpage
DOI
Abstract
To detect intrusions in and therefore protect a computer network, network intrusion detection
systems (NIDS) are broadly used software solutions. Machine learning has shown potential
to be used in these systems. However, implementing such a solution has drawbacks. Primar ily, anomaly-based NIDS can suffer from catastrophic forgetting and have difficulties adapting
to changing environments. As a solution, academics have proposed the concept of continual
learning. In this thesis, possibilities are explored to implement continual learning in NIDS. In
particular, experience replay will be used in an unsupervised autoencoder NIDS.
It first validates the approach on academic datasets, CICIDS-2017 and Kyoto2006, and
then validates the findings on data collected from Northwave Cyber Security. For CICIDS 2017 and real data, no improvement in AUC has been observed. On Kyoto2006, experience
replay improved the AUC for unseen data from 0.6024 to 0.6806, which is an improvement of
7.84%. While this shows potential, more work needs to be done to conclusively evaluate the
performance. This work serves as exploratory study to an implementation of continual learning
in the context of anomaly-based unsupervised NIDS.
Description
Citation
Supervisor
Faculty
Faculteit der Sociale Wetenschappen