A sequential deep learning framework for a robust and resilient network intrusion detection system

Abstract

Ensuring the security and integrity of computer and network systems is of utmost importance in today’s digital landscape. Network intrusion detection systems (NIDS) play a critical role in continuously monitoring network traffic and identifying unauthorized or potentially malicious activities that could compromise the confidentiality, availability, and integrity of these systems. However, traditional NIDS face a daunting challenge in effectively adapting to the evolving tactics of cyber attackers. To address this challenge, we propose a multistage artificial intelligence enabled framework for intrusion detection in network traffic, capable of handling zero-day, out-of-distribution, and adversarial evasion attacks. Our framework comprises three sequential deep neural network (DNN) architectures: one for the classifier and two for specific autoencoders, designed to effectively detect both known attack patterns and novel, previously unseen samples. We introduce an innovative transfer learning technique where specific combinations of neurons and layers in the DNN architectures are frozen during one-shot learning to enhance the framework’s robustness to novel attacks. To validate the effectiveness of our framework, we conducted extensive experimentation using publicly available benchmark intrusion detection data sets. Leveraging the one-shot learning approach in the transfer learning component of the framework, we demonstrate continuous improvement in detection accuracy for both known and novel network traffic patterns. The results demonstrate the effectiveness of the multiple stages in the framework by achieving, on average, 98.5% accuracy in detecting various attacks.