Feature-based transfer learning for network security

New and unseen network attacks pose a great threat to the signature-based detection systems. Consequently, machine learning-based approaches are designed to detect attacks, which rely on features extracted from network data. The problem is caused by different distribution of features in the training and testing datasets, which affects the performance of the learned models. Moreover, generating labeled datasets is very time-consuming and expensive, which undercuts the effectiveness of supervised learning approaches. In this paper, we propose using transfer learning to detect previously unseen attacks. The main idea is to learn the optimized representation to be invariant to the changes of attack behaviors from labeled training sets and non-labeled testing sets, which contain different types of attacks and feed the representation to a supervised classifier. To the best of our knowledge, this is the first effort to use a feature-based transfer learning technique to detect unseen variants of network attacks. Furthermore, this technique can be used with any common base classifier. We evaluated the technique on publicly available datasets, and the results demonstrate the effectiveness of transfer learning to detect new network attacks.

[1]  Li-Yong Ren,et al.  Using data mining to discover signatures in network-based intrusion detection , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[2]  Diane J. Cook,et al.  Transfer Learning across Feature-Rich Heterogeneous Feature Spaces via Feature-Space Remapping (FSR) , 2015, ACM Trans. Intell. Syst. Technol..

[3]  Lior Rokach,et al.  Unknown malware detection using network traffic classification , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[4]  Karel Bartos,et al.  Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants , 2016, USENIX Security Symposium.

[5]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[6]  Nick Feamster,et al.  Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces , 2010, NSDI.

[7]  Kate Saenko,et al.  Return of Frustratingly Easy Domain Adaptation , 2015, AAAI.

[8]  Dong Lin,et al.  Network Intrusion Detection and Mitigation Against Denial of Service Attack , 2013 .

[9]  Shuiping Gou,et al.  Distributed Transfer Network Learning Based Intrusion Detection , 2009, 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[10]  Philip S. Yu,et al.  Transfer Learning on Heterogenous Feature Spaces via Spectral Transformation , 2010, 2010 IEEE International Conference on Data Mining.

[11]  Qiang Yang,et al.  A Survey on Transfer Learning , 2010, IEEE Transactions on Knowledge and Data Engineering.

[12]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[13]  Jiawei Han,et al.  Knowledge transfer via multiple model local structure mapping , 2008, KDD.