Abstract
Intrusion Detection Systems (IDS) have become one of the organizations’ most important security controls due to their ability to detect cyberattacks while inspecting network traffic. During the last decade, IDS proposals have increasingly used machine learning techniques (ML-based IDS) to create attack detection models. As this trend gains traction, researchers discuss whether these IDS can detect unknown attacks. Most ML-based IDS are based on supervised learning, which means they are trained with a limited collection of attack examples. Therefore, detecting attacks that were not covered during the training phase could be challenging for these systems. This work evaluates the ability of ML-based IDS to detect unknown attacks. Our general idea is to understand what happens when a detection model trained with a particular attack A receives incoming data from an unknown attack B. Using the CIC-IDS2017 dataset, we found that supervised intrusion detection models, in most cases, cannot detect unknown attacks. The only exception occurs with DoS attacks. For example, an intrusion detection model trained with HTTP Flood DoS (GoldenEye) samples could detect a different HTTP DoS attack type (Slowloris).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
