Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

Abstract:

Artificial Intelligence (AI) techniques provide effective solutions for the detection of many aberrant network traffic patterns and attack flows. However, the validation of these techniques often relies on one training dataset. Recent results show that such training may fail in the face of dynamically-changing cyberattacks. Given the increased sophistication of cyberattacks nowadays, it is imperative to examine and improve the performance of such AI models. This paper proposes a defensive AI engine combined with a twofold feature selection technique and hyperparameter optimization of the AI model. In this work, we utilize the proposed system for binary attack flow identification and the AI models are trained and validated on the CICIDS2017 dataset. The system is then evaluated using synthesized atypical attack flows to mimic real-world scenarios. We demonstrate the effectiveness of the proposed atypical attack flow detection approach using several Deep Learning and Machine Learning models including DNN, Linear-SVC, and Stacked Decision Tree Classifier (S-DTC). Simulation results demonstrate that the proposed defensive AI engine significantly improves the True Positive Rate (TPR) of AI models on multiple atypical attacks.