DAHID: Domain Adaptive Host-based Intrusion Detection

Thumbnail Image

Files

120_oluwagbemiga_ajayi_Camera_Ready.pdf (488.29 KB)

Links to Files

https://ieeexplore.ieee.org/document/9527966

Permanent Link

https://doi.org/10.1109/CSR51186.2021.9527966
 http://hdl.handle.net/11603/23069

Collections

UMBC Information Systems Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2021-09-06

Type of Work

conference papers and proceedings
postprints
Text

Department

Program

Citation of Original Publication

Ajayi, Oluwagbemiga; Gangopadhyay, Aryya; DAHID: Domain Adaptive Host-based Intrusion Detection; 2021 IEEE International Conference on Cyber Security and Resilience (CSR), 6 September, 2021; https://doi.org/10.1109/CSR51186.2021.9527966

Rights

© 2021 IEEE.  Personal use of this material is permitted.  Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subjects

Abstract

Cybersecurity is becoming increasingly important with the explosion of attack surfaces as more cyber-physical systems are being deployed. It is impractical to create models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting labeled data and training models. Hence it is important to be able to develop models that can take advantage of knowledge available in an attack source domain to improve performance in a target domain with little domain specific data.In this work we proposed Domain Adaptive Host-based Intrusion Detection DAHID; an approach for detecting attacks in multiple domains for cybersecurity. Specifically, we implemented a deep learning model which utilizes a substantially smaller amount of target domain data for host-based intrusion detection. In our experiments, we used two datasets from Australian Defense Force Academy; ADFA-WD as the source domain and ADFA-WD:SAA as the target domain datasets. We recorded a significant improvement in Area Under Curve AUC from 83% to 91%, when we fine-tuned a deep learning model trained on ADFA-WD with as little as 20% of ADFA-WD:SAA. Our result shows transfer learning can help to alleviate the need of huge domain specific dataset in building host-based intrusion detection models.