Leveraging Siamese networks for one-shot intrusion detection model

Hindy, Hanan and Tachtatzis, Christos and Atkinson, Robert and Brosset, David and Bures, Miroslav and Andonovic, Ivan and Michie, Craig and Bellekens, Xavier (2022) Leveraging Siamese networks for one-shot intrusion detection model. Journal of Intelligent Information Systems, 60 (2). pp. 407-436. ISSN 1573-7675 (https://doi.org/10.1007/s10844-022-00747-z)

Preview

Text. Filename: Hindy_etal_JIIS_2022_Leveraging_Siamese_networks_for_one_shot.pdf Final Published Version License: Download (1MB)| Preview

Abstract

The use of supervised Machine Learning (ML) to enhance Intrusion Detection Systems (IDS) has been the subject of significant research. Supervised ML is based upon learning by example, demanding significant volumes of representative instances for effective training and the need to retrain the model for every unseen cyber-attack class. However, retraining the models in-situ renders the network susceptible to attacks owing to the time-window required to acquire a sufficient volume of data. Although anomaly detection systems provide a coarse-grained defence against unseen attacks, these approaches are significantly less accurate and suffer from high false-positive rates. Here, a complementary approach referred to as “One-Shot Learning”, whereby a limited number of examples of a new attack-class is used to identify a new attack-class (out of many) is detailed. The model grants a new cyber-attack classification opportunity for classes that were not seen during training without retraining. A Siamese Network is trained to differentiate between classes based on pairs similarities, rather than features, allowing to identify new and previously unseen attacks. The performance of a pre-trained model to classify new attack-classes based only on one example is evaluated using three mainstream IDS datasets; CICIDS2017, NSL-KDD, and KDD Cup’99. The results confirm the adaptability of the model in classifying unseen attacks and the trade-off between performance and the need for distinctive class representations.

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Article
  ID code:	82445
  Dates:	Date Event 5 November 2022 Published 9 September 2022 Accepted
  Notes:	Special Issue: AI meets Cybersecurity
  Subjects:	Science > Mathematics > Electronic computers. Computer science Technology > Electrical engineering. Electronics Nuclear engineering
  Department:	Faculty of Engineering > Electronic and Electrical Engineering Strategic Research Themes > Measurement Science and Enabling Technologies
  Depositing user:	Pure Administrator
  Date deposited:	22 Sep 2022 14:45
  Last modified:	16 Apr 2024 19:11
  URI:	https://strathprints.strath.ac.uk/id/eprint/82445