Exploring Intrusion Detection Knowledge Transfer Between Network Environments

Patrik Goldschmidt

PhD candidate at Kempelen Institute of Intelligent Technologies

With the rise of information technology and the Internet, the number of cybersecurity incidents has grown immensely. As a response, the research area of Intrusion Detection Systems (IDSs), aiming to detect and mitigate cyber threats, has gained significant attention. Our research focuses on Network IDSs (NIDSs), which aim to detect attacks on the network level. Nevertheless, the domain is plagued by numerous data-related issues such as scarcity, high labelling cost, privacy, high variability, and an ever-changing threat landscape. Due to these reasons, the usability of machine learning (ML)-based network intrusion detection systems (ML-NIDSs) is significantly hampered in real-world scenarios. Therefore, most practical detectors employ ML only occasionally for specific tasks while still heavily relying on static signatures, heuristics, and substantial human supervision. This research aims to increase the trustworthiness and practical usability of ML-NIDSs by investigating the knowledge transfer between various network environments. We believe that determining the transferability of the network traffic base knowledge, along with investigating invariant features of network attacks, would help the community in a more rigorous NIDS research evaluation. In turn, it has the potential to improve the trustworthiness and willingness of practitioners to employ ML-NIDS in real-world networks.

Keywords: network intrusion detection, data-centric AI, transfer learning, AI trustworthiness

Scientific area: Cybersecurity → Cyberthreat Detection → Intrusion Detection → Network

Bio: Patrik is a research assistant at Kempelen Institute of Intelligent Technologies and a Ph.D. candidate at the Faculty of Information Technology, Brno University of Technology. He specializes in computer networking and information system security using artificial intelligence and machine learning. Since he believes that developing ever-increasing complex models does not bring significant improvements to the security domain anymore, he focuses on the data-centric AI perspective. His research comprises network intrusion detection, which suffers from various data-related issues, creating a gap between academic research and real-world needs. In his research, Patrik aims to bridge this gap by increasing detection models’ robustness and exploring their transferability across various network environments.

Visiting period: 18.05.2024 – 10.08.2024 at INRIA Rennes