当前位置: X-MOL 学术Int. J. Inf. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A context-aware robust intrusion detection system: a reinforcement learning-based approach
International Journal of Information Security ( IF 2.4 ) Pub Date : 2019-12-03 , DOI: 10.1007/s10207-019-00482-7
Kamalakanta Sethi , E. Sai Rupesh , Rahul Kumar , Padmalochan Bera , Y. Venu Madhav

Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to detect malicious activities in the network. However, most of the existing IDSs are incapable of providing higher accuracy and less false positive rate (FPR). Therefore, there is a need for adaptive techniques to detect network intrusions that maintain a balance between accuracy and FPR. In this paper, we present a context-adaptive IDS that uses multiple independent deep reinforcement learning agents distributed across the network for accurate detection and classification of new and complex attacks. We have done extensive experimentation using three benchmark datasets including NSL-KDD, UNSW-NB15 and AWID on our model that shows better accuracy and less FPR compared to the state-of-the-art systems. Further, we analysed the robustness of our model against adversarial attack and observed only a small decrease in accuracy as compared to the existing models. To further improve the robustness of the system, we implemented the concept of denoising autoencoder. Also, we have shown the usability of our system in real-life application with changes in the attack pattern.



中文翻译:

上下文感知的鲁棒入侵检测系统:一种基于强化学习的方法

检测和预防企业网络和系统中的入侵非常重要,但是具有挑战性的问题是由于网络的不断发展和广泛使用,这些网络一直面临着新颖的攻击。入侵检测系统(IDS)监视网络流量和系统级应用程序,以检测网络中的恶意活动。但是,大多数现有的IDS无法提供更高的准确性和更少的误报率(FPR)。因此,需要一种自适应技术来检测保持准确度与FPR之间平衡的网络入侵。在本文中,我们提出了一种上下文自适应的IDS,该IDS使用分布在网络中的多个独立的深度强化学习代理来准确检测和分类新的复杂攻击。我们在模型上使用了三个基准数据集(包括NSL-KDD,UNSW-NB15和AWID)进行了广泛的实验,与最新系统相比,该数据集显示出更高的准确性和更少的FPR。此外,我们分析了我们模型对抗对抗攻击的鲁棒性,与现有模型相比,仅观察到了准确性的小幅下降。为了进一步提高系统的鲁棒性,我们实施了降噪自动编码器的概念。此外,我们还展示了随着攻击方式的变化,系统在现实生活中的可用性。我们分析了我们的模型对抗对抗性攻击的鲁棒性,并且观察到与现有模型相比,准确性仅出现了小幅下降。为了进一步提高系统的鲁棒性,我们实现了自动编码器降噪的概念。此外,我们还展示了随着攻击方式的变化,系统在现实生活中的可用性。我们分析了我们的模型对抗对抗性攻击的鲁棒性,并且观察到与现有模型相比,准确性仅出现了小幅下降。为了进一步提高系统的鲁棒性,我们实现了自动编码器降噪的概念。此外,我们还展示了随着攻击方式的变化,系统在现实生活中的可用性。

更新日期:2019-12-03
down
wechat
bug