Abstract
Network intrusion detection remains one of the major challenges in cybersecurity. In recent years, many machine-learning-based methods have been designed to capture the dynamic and complex intrusion patterns to improve the performance of intrusion detection systems. However, two issues, including imbalanced training data and new unknown attacks, still hinder the development of a reliable network intrusion detection system. In this paper, we propose a novel few-shot learning-based Siamese capsule network to tackle the scarcity of abnormal network traffic training data and enhance the detection of unknown attacks. In specific, the well-designed deep learning network excels at capturing dynamic relationships across traffic features. In addition, an unsupervised subtype sampling scheme is seamlessly integrated with the Siamese network to improve the detection of network intrusion attacks under the circumstance of imbalanced training data. Experimental results have demonstrated that the metric learning framework is more suitable to extract subtle and distinctive features to identify both known and unknown attacks after the sampling scheme compared to other supervised learning methods. Compared to the state-of-the-art methods, our proposed method achieves superior performance to effectively detect both types of attacks.
Highlights
Network intrusion detection systems (NIDS) play important roles in network security in the past several decades [1,2,3]
LopezMartin et al [33] used the generative model of a variable autoencoder (VAE) in their work. eir model generated samples based on the distribution of labels
Sequential sampling is to sample each type according to the order of the samples on the data set available for training
Summary
Network intrusion detection systems (NIDS) play important roles in network security in the past several decades [1,2,3]. NIDS can distinguish abnormal network attacks from routine network traffic, ensuring communications safety. Many deep-learning-based methods, including deep autoencoder [4], convolutional neural network [5], and LSTM [6], have been proposed in recent NIDS studies to identify various complex, unknown attacks resulted from the growing popularity of the Internet of ings and cloudbased services [7]. Compared to the traditional machine learning methods, such as SVM [8], KNN [9], random forest [10], and boosting [11], deep-learning-based algorithms, have demonstrated better performance to address the growing complexity and diversity of types of attack. It is very difficult to obtain network attack samples because abnormal flow accounts for a small proportion of total flow, and traffic samples of newly emerging forms of attacks such as “zeroday” attacks are difficult to obtain
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
