Close

Presentation

CND-IDS: Continual Novelty Detection for Intrusion Detection Systems
SessionAI Under Attack: Enhancing Privacy, Robustness, and Trust in ML Systems
DescriptionIntrusion detection systems (IDS) play a crucial role in IoT and network security by monitoring system data and alerting to suspicious activities. Machine learning (ML) has emerged as a promising solution for IDS, offering highly accurate intrusion detection. However, ML-IDS solutions often overlook two critical aspects needed to build reliable systems: continually changing data streams and a lack of attack labels. Streaming network traffic and associated cyber attacks are continually changing, which can degrade the performance of deployed ML models. Labeling attack data, such as zero-day attacks, in real-world intrusion scenarios may not be feasible, making the use of ML solutions that do not rely on attack labels
necessary. To address both these challenges, we propose CND-IDS, a continual novelty detection IDS framework which consists of (i) a learning-based feature extractor that continuously updates
new feature representations of the system data, and (ii) a novelty detector that identifies new cyber attacks by leveraging principal component analysis (PCA) reconstruction. Our results on realistic
intrusion datasets show that CND-IDS achieves up to 6.1× F-score improvement, and up to 6.5× improved forward transfer over the SOTA unsupervised continual learning algorithm
Authors
Sean Fuhrman
University of California, San Diego
Onat Gungor
University of California, Santa Barbara
Tajana Rosing
University of California, Santa Barbara
Event Type
Research Manuscript
TimeTuesday, June 2411:00am - 11:15am PDT
Location3006, Level 3
Topics
Security
Tracks
SEC1: AI/ML Security/Privacy
Next PresentationNext Presentation
Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution Environment