DEVELOPING CROSS-DOMAIN INTRUSION DETECTION SYSTEMS

Abstract

Digital transformation has continued to make a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and Internet ofthings (IoT) like no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; so, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models but it is impractical to create attack detection models with acceptable performance for every single attack scenario and various computing infrastructures partly due to the cost of collecting quality labeled data and training models. Hence there is a need to develop models that can take advantage of the knowledge available in a high-resource source domain to improve the performance of a low-resource target domain model. In this research, we propose a cross-domain deep learning-based approach for attack detection in both Network Intrusion Detection Systems (NIDS) and Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different data representation combination techniques and transfer learning, we leverage the knowledge from a well-performing source domain model to improve the performance of a similar model in the target domain. Results show that the proposed cross-domain approach recorded significant improvement in target domains of NIDS and HIDS when compared with the result from existing approaches.