Document type
Journal articles
Document subtype
Full paper
Title
Reinforcement Learning for Intrusion Detection: More Model Longness and Fewer Updates
Participants in the publication
Roger R. dos Santos (Author)
Eduardo K. Viegas (Author)
Altair O. Santin (Author)
Vinicius V. Cogo (Author)
Dep. Informática
LASIGE
Summary
Several works have used machine learning techniques for network-based intrusion detection over the past few years. While proposed schemes have been able to provide high detection accuracies, they do not adequately handle the changes in network traffic behavior as time passes. Researchers often assume that model updates can be performed periodically as needed, although this is not easily feasible in real-world scenarios. This paper proposes a new intrusion detection model based on a reinforcement learning approach that aims to support extended periods without model updates. The proposal is divided into two strategies. First, it applies machine learning scheme as a reinforcement learning task to long-term learning -maintaining high reliability and high classification accuracies over time. Second, model updates are performed using a transfer learning technique coped with a sliding window mechanism that significantly decreases the need for computational resources and human intervention. Experiments performed using a new dataset spanning 8TB of data and four years of real network traffic indicate that current approaches in the literature cannot handle the evolving behavior of network traffic. Nevertheless, the proposed technique without periodic model updates achieves similar accuracy rates to traditional detection schemes implemented with semestral updates. In the case of performing periodic updates on our proposed model, it decreases the false positives up to 8%, false negatives up to 34%, with an accuracy variation up to only 6%, while demanding only seven days of training data and almost five times fewer computational resources when compared to traditional approaches.
Date of Acceptance
2022-09
Date of Publication
2023
Where published
IEEE Transactions on Network and Service Management (TNSM)
Publication Identifiers
ISSN - 1932-4537
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Number of pages
17
Starting page
2040
Last page
2055
Document Identifiers
DOI -
https://doi.org/10.1109/tnsm.2022.3207094
URL -
http://dx.doi.org/10.1109/tnsm.2022.3207094
Rankings
SCIMAGO Q1 (2021) - 1.618 - Computer Networks and Communication
Download