DAHID: Domain Adaptive Host-based Intrusion Detection
Links to Fileshttps://ieeexplore.ieee.org/document/9527966
MetadataShow full item record
Type of Work6 pages
conference papers and proceedings
Citation of Original PublicationAjayi, Oluwagbemiga; Gangopadhyay, Aryya; DAHID: Domain Adaptive Host-based Intrusion Detection; 2021 IEEE International Conference on Cyber Security and Resilience (CSR), 6 September, 2021; https://doi.org/10.1109/CSR51186.2021.9527966
RightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Cybersecurity is becoming increasingly important with the explosion of attack surfaces as more cyber-physical systems are being deployed. It is impractical to create models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting labeled data and training models. Hence it is important to be able to develop models that can take advantage of knowledge available in an attack source domain to improve performance in a target domain with little domain specific data.In this work we proposed Domain Adaptive Host-based Intrusion Detection DAHID; an approach for detecting attacks in multiple domains for cybersecurity. Specifically, we implemented a deep learning model which utilizes a substantially smaller amount of target domain data for host-based intrusion detection. In our experiments, we used two datasets from Australian Defense Force Academy; ADFA-WD as the source domain and ADFA-WD:SAA as the target domain datasets. We recorded a significant improvement in Area Under Curve AUC from 83% to 91%, when we fine-tuned a deep learning model trained on ADFA-WD with as little as 20% of ADFA-WD:SAA. Our result shows transfer learning can help to alleviate the need of huge domain specific dataset in building host-based intrusion detection models.