Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates | Publication details

Back

Publication details

Document type
Journal articles

Document subtype
Full paper

Title
Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates

Participants in the publication
Roger R. dos Santos (Author)
Eduardo K. Viegas (Author)
Altair O. Santin (Author)
Vinicius V. Cogo (Author)
Dep. Informática
LASIGE

Summary
Several works have used machine learning techniques for network-based intrusion detection over the past few years. While proposed schemes have been able to provide high detection accuracies, they do not adequately handle the changes in network traffic behavior as time passes. Researchers often assume that model updates can be performed periodically as needed, although this is not easily feasible in real-world scenarios. This paper proposes a new intrusion detection model based on a reinforcement learning approach that aims to support extended periods without model updates. The proposal is divided into two strategies. First, it applies machine learning scheme as a reinforcement learning task to long-term learning -maintaining high reliability and high classification accuracies over time. Second, model updates are performed using a transfer learning technique coped with a sliding window mechanism that significantly decreases the need for computational resources and human intervention. Experiments performed using a new dataset spanning 8TB of data and four years of real network traffic indicate that current approaches in the literature cannot handle the evolving behavior of network traffic. Nevertheless, the proposed technique without periodic model updates achieves similar accuracy rates to traditional detection schemes implemented with semestral updates. In the case of performing periodic updates on our proposed model, it decreases the false positives up to 8%, false negatives up to 34%, with an accuracy variation up to only 6%, while demanding only seven days of training data and almost five times fewer computational resources when compared to traditional approaches.

Date of Acceptance
2022-09

Date of Publication
2023

Where published
IEEE Transactions on Network and Service Management (TNSM)

Publication Identifiers
ISSN - 1932-4537

Publisher
Institute of Electrical and Electronics Engineers (IEEE)

Volume
20

Number
2

Number of pages
17

Starting page
2040

Last page
2055

Document Identifiers
DOI - https://doi.org/10.1109/tnsm.2022.3207094
URL - http://dx.doi.org/10.1109/tnsm.2022.3207094

Rankings
SCIMAGO Q1 (2021) - 1.618 - Computer Networks and Communication

Download

Export

APA
Roger R. dos Santos, Eduardo K. Viegas, Altair O. Santin, Vinicius V. Cogo, (2023). Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates. IEEE Transactions on Network and Service Management (TNSM), 20, 2040-2055. ISSN 1932-4537. eISSN . http://dx.doi.org/10.1109/tnsm.2022.3207094

IEEE
Roger R. dos Santos, Eduardo K. Viegas, Altair O. Santin, Vinicius V. Cogo, "Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates" in IEEE Transactions on Network and Service Management (TNSM), vol. 20, pp. 2040-2055, 2023. 10.1109/tnsm.2022.3207094

BIBTEX
@article{55858, author = {Roger R. dos Santos and Eduardo K. Viegas and Altair O. Santin and Vinicius V. Cogo}, title = {Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates}, journal = {IEEE Transactions on Network and Service Management (TNSM)}, year = 2023, pages = {2040-2055}, volume = 20 }

BIBLIOS

Publication details

Export