DOI: 10.14569/IJACSA.2023.0140743

A Dynamic Intrusion Detection System Capable of Detecting Unknown Attacks

Author 1: Na Xing
Author 2: Shuai Zhao
Author 3: Yuehai Wang
Author 4: Keqing Ning
Author 5: Xiufeng Liu

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 14 Issue 7, 2023.

Abstract: In recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Keywords: Intrusion detection systems; transformer; DUA-IDS; data playback; variable perspectives features; Knowledge distillation

Na Xing, Shuai Zhao, Yuehai Wang, Keqing Ning and Xiufeng Liu, “A Dynamic Intrusion Detection System Capable of Detecting Unknown Attacks” International Journal of Advanced Computer Science and Applications(IJACSA), 14(7), 2023. http://dx.doi.org/10.14569/IJACSA.2023.0140743

@article{Xing2023,
title = {A Dynamic Intrusion Detection System Capable of Detecting Unknown Attacks},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2023.0140743},
url = {http://dx.doi.org/10.14569/IJACSA.2023.0140743},
year = {2023},
publisher = {The Science and Information Organization},
volume = {14},
number = {7},
author = {Na Xing and Shuai Zhao and Yuehai Wang and Keqing Ning and Xiufeng Liu}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

IntelliSys 2025

28-29 August 2025

Future Technologies Conference 2025

6-7 November 2025

Healthcare Conference 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

IntelliSys 2026

3-4 September 2026

Computer Vision Conference 2026

15-16 October 2026