Adaptive Network Intrusion Detection Systems Against Performance Degradation via Model Agnostic Meta-Learning

Goktug Ekinci; Alexandre Broggi; Lance Fiondella; Nathaniel D. Bastian; Gokhan Kul

doi:10.1145/3689935.3690396

Back

Conference proceeding

Adaptive Network Intrusion Detection Systems Against Performance Degradation via Model Agnostic Meta-Learning

Goktug Ekinci, Alexandre Broggi, Lance Fiondella, Nathaniel D. Bastian and Gokhan Kul

Proceedings of the 11th ACM Workshop on Adaptive and Autonomous Cyber Defense, pp.23-26

ACM Conferences

CCS '24: ACM SIGSAC Conference on Computer and Communications Security

11/11/2024

DOI: https://doi.org/10.1145/3689935.3690396

Abstract

Computing methodologies -- Artificial intelligence

Computing methodologies -- Machine learning

Networks

Networks -- Network properties -- Network security

Security and privacy -- Intrusion/anomaly detection and malware mitigation -- Intrusion detection systems

Software and its engineering

Network Intrusion Detection Systems (NIDS) are essential for identifying and mitigating cyber threats in dynamic network environments. However, maintaining high performance over time is challenging due to factors such as initial model limitations, data poisoning attacks, and the influx of low-quality data. Continual learning offers a potential solution, but the risk of performance degradation remains significant. This work proposes a novel approach to enhance the robustness and adaptability of NIDS through the integration of Model Agnostic Meta-Learning (MAML) and Open-Set Recognition (OSR). OSR allows the system to identify and handle previously unseen attack patterns, while MAML facilitates rapid model adaptation to new tasks with minimal additional data. By detecting performance degradation and employing MAML for model repair, our approach aims to maintain and improve NIDS performance over time. Our empirical feasibility evaluations demonstrate the effectiveness of our method in addressing the challenges of continual learning, providing a resilient and adaptive solution for cybersecurity applications.

Metrics

20 Record Views

Details

Title: Adaptive Network Intrusion Detection Systems Against Performance Degradation via Model Agnostic Meta-Learning
Creators: Goktug Ekinci - University of Massachusetts Dartmouth
Alexandre Broggi - University of Massachusetts Dartmouth
Lance Fiondella - University of Massachusetts Dartmouth
Nathaniel D. Bastian - United States Military Academy
Gokhan Kul - University of Massachusetts Dartmouth
Publication Details: Proceedings of the 11th ACM Workshop on Adaptive and Autonomous Cyber Defense, pp.23-26
Conference: CCS '24: ACM SIGSAC Conference on Computer and Communications Security
Series: ACM Conferences
Publisher: ACM
Number of pages: 4
Grant note: U.S. Military Academy (USMA): W911NF-22-2-0160 U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory: USMA 21050
This work was supported in part by the U.S. Military Academy (USMA) under Cooperative Agreement No. W911NF-22-2-0160 and the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory under Support Agreement No. USMA 21050. The views and conclusions expressed in this paper are those of the authors and do not reflect the official policy or position of the U.S. Military Academy, U.S. Army, U.S. Department of Defense, or U.S. Government.
Academic Unit: Department of Computer and Information Science; Department of Electrical and Computer Engineering
Language: English
Resource Type: Conference proceeding
ISBN: 9798400712319; 979-8-4007-1231-9
DOI: https://doi.org/10.1145/3689935.3690396
Record Identifier: 9914419509801301

Adaptive Network Intrusion Detection Systems Against Performance Degradation via Model Agnostic Meta-Learning

Abstract

Related links

Metrics

Details