Transfer Learning Framework for Detecting New Attacks in Cloud and non-Cloud IDN Environments
Machine learning based Intrusion Detection Systems (IDSs) have been explored by many researchers in the recent times and resulted in considerable success in dealing with known attacks by signature formation. However, new attacks due to their behavioral variation from the known attacks are unknown to the defender and are hard to discover using the known signatures and hence, remain as a challenging issue. In this paper, the challenge of detecting new attacks is handled through IDS collaboration using transfer learning. A Transfer learning framework is proposed by the authors for detecting new attacks with minimal labelled instances in cloud and non-cloud Intrusion Detection Network (IDN) environments. Transfer learning approach is applied to handle the detection of new attacks by modeling it as target task, involving a related source domain that has sufficient number of labeled instances. The learned knowledge from the source domain can be transformed to the target domain to compensate for the scarcity of labeled instances needed for new attack detection. To allow the smooth knowledge transfer among the domains which are having disparity in feature spaces and distributions, this paper presents a methodology for extraction of domain invariant features using manifold alignment process that transforms both source and target datasets into a common latent space. Extensive experimentation on multiple bench mark datasets was conducted in this paper. From the results, it is evident that the proposed method succussfully detects new attacks in cloud and non-cloud environments with high accuracy and low false positive rates.