A context-aware robust intrusion detection system: a reinforcement learning-based approach

A context-aware robust intrusion detection system: a reinforcement learning-based approach

Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security Vol. 19; no. 6; pp. 657 - 678
Main Authors: Sethi, Kamalakanta, Sai Rupesh, E., Kumar, Rahul, Bera, Padmalochan, Venu Madhav, Y.
Format: Journal Article
Language:English
Published: Berlin/Heidelberg Springer Berlin Heidelberg 01-12-2020
Subjects:
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Management of Computing and Information Systems
Networks
Operating Systems
Regular Contribution
Context
Deep reinforcement learning (DRL) agent
Adversarial attack
UNSW-NB15
Denoising autoencoder
FPR
IDS
NSL-KDD
AWID
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to detect malicious activities in the network. However, most of the existing IDSs are incapable of providing higher accuracy and less false positive rate (FPR). Therefore, there is a need for adaptive techniques to detect network intrusions that maintain a balance between accuracy and FPR. In this paper, we present a context-adaptive IDS that uses multiple independent deep reinforcement learning agents distributed across the network for accurate detection and classification of new and complex attacks. We have done extensive experimentation using three benchmark datasets including NSL-KDD, UNSW-NB15 and AWID on our model that shows better accuracy and less FPR compared to the state-of-the-art systems. Further, we analysed the robustness of our model against adversarial attack and observed only a small decrease in accuracy as compared to the existing models. To further improve the robustness of the system, we implemented the concept of denoising autoencoder. Also, we have shown the usability of our system in real-life application with changes in the attack pattern.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-019-00482-7