Replay or Regret: Evaluating Continual Learning Methods for Robust Intrusion Detection

Nicholas Costagliola; Goktug Ekinci; Nathaniel D. Bastian; Lance Fiondella; Gokhan Kul

doi:10.1109/MILCOM64451.2025.11310341

Back

Conference proceeding

Replay or Regret: Evaluating Continual Learning Methods for Robust Intrusion Detection

Nicholas Costagliola, Goktug Ekinci, Nathaniel D. Bastian, Lance Fiondella and Gokhan Kul

MILCOM IEEE Military Communications Conference, pp.1-6

10/06/2025

DOI: https://doi.org/10.1109/MILCOM64451.2025.11310341

Abstract

Adaptation models

catastrophic forgetting

continual learning

Continuing education

Machine learning

Maintenance engineering

Metalearning

Metals

Military communication

model-agnostic meta-learning

Network intrusion detection

Network intrusion detection systems

Network security

Training

Network intrusion detection systems (NIDS) are essential in defending online assets from bad actors. Machine learning (ML) has proven to be an effective tool due to its ability to accurately detect complex patterns in network data. Maintaining high model performance, however, is a constant challenge, as malicious actors are non-static and the distribution, frequency and variety of attacks a network experiences constantly changes. Continual Learning (CL) has emerged as a new paradigm for ML-based NIDS to constantly adapt to changing threats and network environments, but faces many key issues, most of all the catastrophic forgetting problem. This paper provides an empirical analysis of different training strategies of CL and model-agnostic metal learning (MAML) to mitigate the effects of catastrophic forgetting within the network security domain. We show that regularization strategies prove ineffective in network security to prevent catastrophic forgetting, and that replay is the most effective way to ameliorate catastrophic forgetting. We also demonstrate that model repair with MAML, while effective for select classes, causes dramatic performance degradation to other classes. This work should prove useful in future research into the efficacy of traditional continual learning strategies in ML-NIDS, and their potential applications.

Metrics

1 Record Views

Details

Title: Replay or Regret: Evaluating Continual Learning Methods for Robust Intrusion Detection
Creators: Nicholas Costagliola - University of Massachusetts Dartmouth
Goktug Ekinci - University of Massachusetts Dartmouth
Nathaniel D. Bastian - United States Military Academy
Lance Fiondella - University of Massachusetts Dartmouth
Gokhan Kul - University of Massachusetts Dartmouth
Publication Details: MILCOM IEEE Military Communications Conference, pp.1-6
Publisher: IEEE
Grant note: U.S. Military Academy (10.13039/100009923)
Academic Unit: Department of Computer and Information Science; Department of Electrical and Computer Engineering; Cybersecurity Center
Language: English
Resource Type: Conference proceeding
ISBN: 9798331502928
DOI: https://doi.org/10.1109/MILCOM64451.2025.11310341
Record Identifier: 9914515430101301

Replay or Regret: Evaluating Continual Learning Methods for Robust Intrusion Detection

Abstract

Related links

Metrics

Details