The evolution of Internet and its related communication technologies have consistently increased the risk of cyberattacks. In this context, a crucial role is played by Intrusion Detection Systems (IDSs), which are security devices designed to identify and mitigate attacks to modern networks. In the last decade, data-driven approaches based on Machine Learning (ML) have gained more and more popularity for executing the classification tasks required by signature based IDSs. However, typical ML models adopted for this purpose are trained in static settings while new attacks – and variants of known attacks – dynamically emerge over time. As a consequence, there is the need of keeping the IDS capability constantly updated, which poses peculiar challenges especially in resourced-constrained scenarios. To this end, we propose a novel hierarchical model based on a binary classification of benign and malicious traffic performed by a Bayesian Neural Network that is trained continuously and efficiently by exploiting Continual Learning. A generative multiclass classifier is then adopted to incrementally classify new kinds of attacks with respect to the malicious traffic. We prove the effectiveness of our approach showing that it removes the need of storing network traffic data samples related to historical data, representative of all the kinds of attacks, while ensuring good detection capabilities.

Talpini, J., Sartori, F., Savi, M. (2024). Hierarchical Multiclass Continual Learning for Network Intrusion Detection. In 2024 IEEE 10th International Conference on Network Softwarization (NetSoft) (pp.263-267). IEEE [10.1109/NetSoft60951.2024.10588909].

Hierarchical Multiclass Continual Learning for Network Intrusion Detection

Talpini, J;Sartori, F;Savi, M
2024

Abstract

The evolution of Internet and its related communication technologies have consistently increased the risk of cyberattacks. In this context, a crucial role is played by Intrusion Detection Systems (IDSs), which are security devices designed to identify and mitigate attacks to modern networks. In the last decade, data-driven approaches based on Machine Learning (ML) have gained more and more popularity for executing the classification tasks required by signature based IDSs. However, typical ML models adopted for this purpose are trained in static settings while new attacks – and variants of known attacks – dynamically emerge over time. As a consequence, there is the need of keeping the IDS capability constantly updated, which poses peculiar challenges especially in resourced-constrained scenarios. To this end, we propose a novel hierarchical model based on a binary classification of benign and malicious traffic performed by a Bayesian Neural Network that is trained continuously and efficiently by exploiting Continual Learning. A generative multiclass classifier is then adopted to incrementally classify new kinds of attacks with respect to the malicious traffic. We prove the effectiveness of our approach showing that it removes the need of storing network traffic data samples related to historical data, representative of all the kinds of attacks, while ensuring good detection capabilities.
paper
Network Intrusion Detection; Machine Learning; Continual Learning
English
IEEE International Conference on Network Softwarization (IEEE NetSoft 2024) - 24-28 June 2024
2024
2024 IEEE 10th International Conference on Network Softwarization (NetSoft)
9798350369588
2024
263
267
https://ieeexplore.ieee.org/document/10588909
open
Talpini, J., Sartori, F., Savi, M. (2024). Hierarchical Multiclass Continual Learning for Network Intrusion Detection. In 2024 IEEE 10th International Conference on Network Softwarization (NetSoft) (pp.263-267). IEEE [10.1109/NetSoft60951.2024.10588909].
File in questo prodotto:
File Dimensione Formato  
Talpini-2024-NetSoft-AAM.pdf

accesso aperto

Descrizione: EU Contribution– NextGenerationEU– M. 4,C. 2, I. 1.1
Tipologia di allegato: Author’s Accepted Manuscript, AAM (Post-print)
Licenza: Creative Commons
Dimensione 764.73 kB
Formato Adobe PDF
764.73 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10281/483239
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
Social impact