Research Area:  Machine Learning
Classic network intrusion detection methods usually are supervised machine learning models, which are obtained by offline training and can achieve good performance in the initial stage of system construction. However, with the rapid and diverse evolution of intrusion methods, the learned knowledge is no longer suitable for new types of attacks. In addition, existing incremental learning approaches lack rapid learning capabilities and are hard to avoid potential risks and reduce property losses when there are few new samples. This can be attributed to the few-shot class-incremental intrusion detection issue. To address this issue, we propose a learning strategy, named ID-FSCIL, which could respond to the increase in attack categories by extending the origin detection system. It fully mines new intrusion patterns from few samples with meta-learning and maximizes the model’s generalization ability to deal with emerging attacks. Our evaluations show that ID-FSCIL significantly outperforms the state-of-the-art baselines on the NSL-KDD dataset under incremental learning settings.
Author(s) Name:  Tingting Wang; Qiujian Lv; Bo Hu; Degang Sun
Conferrence name:  International Conference on Computer Communications and Networks (ICCCN)
Publisher name:  IEEE
Volume Information:  Volume 2021
Paper Link:   https://ieeexplore.ieee.org/abstract/document/9522260