MEMBER: A multi-task learning model with hybrid deep features for network intrusion detection

Abstract

With the continuous occurrence of cybersecurity incidents, network intrusion detection has become one of the most critical issues in cyber ecosystems. Although previous machine learning-based approaches have made significant progress, their generalization ability is limited due to the following critical challenges. First, intrusion detection is severely affected by the class imbalance problem in many network scenarios, with some attack types representing only a very small subset of the entire training set. Second, cyberattacks are becoming increasingly sophisticated, and hence, it is becoming more challenging for existing methods to extract robust representations. Third, most existing methods generally leverage only a particular aspect of the network traffic features and treat model training as a single-task learning problem, thus ignoring the discriminative ability of different feature types and the performance enhancement of integrating multiple machine learning tasks. In this paper, we propose a Multi-task lEarning Model with hyBrid dEep featuRes (MEMBER) to address the aforementioned challenges. Based on a Convolutional Neural Network (CNN) with embedded spatial and channel attention mechanisms, MEMBER innovatively introduces two auxiliary tasks (i.e., an auto-encoder (AE) enhanced with a memory module and a distance-based prototype network) to boost the model generalization ability and alleviate the performance degradation suffered in imbalanced network environments. Extensive experiments on several benchmark datasets demonstrate the superiority and robustness of our proposed MEMBER in terms of both F1 score and stability.