The ever-evolving landscape of network security is continually molded by the dynamic evolution of attack vectors and the relentless emergence of new, highly sophisticated attacks. Attackers consistently employ increasingly advanced techniques, rendering their actions elusive and formidable. In response to this ever-growing threat, the demand for intelligent and autonomous security systems has reached paramount importance. In this paper, we introduce AIS-NIDS (An Intelligent and Self-Sustaining Network Intrusion Detection System), an innovative network intrusion detection system (NIDS) that delves into the realm of packet-level analysis. By doing so, AIS-NIDS is capable of identifying threats with intricate payload-level details, a level of granularity that traditional NIDS relying solely on flow-level data may overlook. The defining feature of AIS-NIDS is its dual functionality, driven by autonomous and intelligent learning. It not only autonomously distinguishes between benign and unknown attacks using machine learning models but also conducts incremental learning, adapting to new attack classes. In essence, AIS-NIDS bridges the gap between traditional NIDS and the next generation of intelligent systems, endowing the system with the capacity for independent decision-making and real-time adaptability in the face of evolving threats. Our extensive experiments stand as a testament to AIS-NIDS’ ability to efficiently manage and identify new attack classes, thus establishing it as a valuable asset in the reinforcement of network infrastructures. Through our experimentation, we have demonstrated the practical efficacy of the proposed approach by simulating a real-world scenario in which certain attack classes are unknown. AIS-NIDS not only effectively identified these unknown threats but also autonomously learned to recognize them as it encountered them, enhancing the system’s capabilities for future encounters with these threats.
Read full abstract