Cross-domain network attack detection enabled by heterogeneous transfer learning

Abstract

In recent years, cybersecurity has been endlessly challenged by more and more sophisticated network attacks, due to lacking the ability to detect unknown attacks in time. Recent researches show that machine learning helps to improve the efficacy of network attack detection, by training network attack classification models with huge amount labeled data. However in internal networks, due to the scarcity of attack instances and lacking expert labor force to label the data, it is always difficult to obtain sufficient labeled data to train such models. To uncover unknown attacks with machine learning techniques in internal networks, we propose to exploit transfer learning to utilize public datasets that contains attack instances to train a prediction model that will be used for un-labeled internal datasets. The main problem is to address the heterogeneity between datasets. Specifically, we project two heterogeneous datasets into a common latent space and formulate an optimization problem to minimize the distance of two distributions in the common space. Then we apply MLP classifier to the projected data to identify attack instances in internal networks. We conduct experiments that perform transfer learning between the NSLKDD to UNSW-NB15 datasets. The results validate that the proposed method notably improves the cross-domain attack detection accuracy in learning scenarios, such as “DoS to DoS” and “R2L to Exploits”.