Papers
Topics
Authors
Recent
Search
2000 character limit reached

Real-time Network Intrusion Detection via Decision Transformers

Published 12 Dec 2023 in cs.CR and cs.AI | (2312.07696v2)

Abstract: Many cybersecurity problems that require real-time decision-making based on temporal observations can be abstracted as a sequence modeling problem, e.g., network intrusion detection from a sequence of arriving packets. Existing approaches like reinforcement learning may not be suitable for such cybersecurity decision problems, since the Markovian property may not necessarily hold and the underlying network states are often not observable. In this paper, we cast the problem of real-time network intrusion detection as casual sequence modeling and draw upon the power of the transformer architecture for real-time decision-making. By conditioning a causal decision transformer on past trajectories, consisting of the rewards, network packets, and detection decisions, our proposed framework will generate future detection decisions to achieve the desired return. It enables decision transformers to be applied to real-time network intrusion detection, as well as a novel tradeoff between the accuracy and timeliness of detection. The proposed solution is evaluated on public network intrusion detection datasets and outperforms several baseline algorithms using reinforcement learning and sequence modeling, in terms of detection accuracy and timeliness.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Dynamic Heterogeneous Learning Games for Opportunistic Access in LTE-Based Macro/Femtocell Deployments. IEEE Transactions on Wireless Communications.
  2. Layer normalization. arXiv preprint arXiv:1607.06450.
  3. An empirical evaluation of generic convolutional and recurrent networks for sequence modeling. arXiv preprint arXiv:1803.01271.
  4. When does return-conditioned supervised learning work for offline reinforcement learning? Advances in Neural Information Processing Systems, 35: 1542–1553.
  5. Adversarial environment reinforcement learning algorithm for intrusion detection. Computer Networks, 159: 96–109.
  6. Minimizing Return Gaps with Discrete Communications in Decentralized POMDP. arXiv preprint arXiv:2308.03358.
  7. Distributional-Utility Actor-Critic for Network Slice Performance Guarantee. In Proceedings of the Twenty-fourth International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing, 161–170.
  8. Bringing fairness to actor-critic reinforcement learning for network utility optimization. In IEEE INFOCOM 2021-IEEE Conference on Computer Communications, 1–10. IEEE.
  9. Explainable Learning-Based Intrusion Detection Supported by Memristors. In 2023 IEEE Conference on Artificial Intelligence (CAI), 195–196. IEEE.
  10. RIDE: Real-time Intrusion Detection via Explainable Machine Learning Implemented in a Memristor Hardware Architecture. arXiv:2311.16018.
  11. Decision transformer: Reinforcement learning via sequence modeling. Advances in neural information processing systems, 34: 15084–15097.
  12. ContiFormer: Continuous-Time Transformer for Irregular Time Series Modeling. In Thirty-seventh Conference on Neural Information Processing Systems.
  13. Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 82: 761–768.
  14. Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets.
  15. AccMER: Accelerating Multi-Agent Experience Replay with Cache Locality-aware Prioritization. arXiv preprint arXiv:2306.00187.
  16. Long short-term memory. Neural computation, 9(8): 1735–1780.
  17. Threat analysis of IoT networks using artificial neural network intrusion detection system. In 2016 International Symposium on Networks, Computers and Communications (ISNCC), 1–6. IEEE.
  18. An intrusion detection system for fog computing and IoT based logistic systems using a smart data approach. International Journal of Digital Content Technology and its Applications, 10(5).
  19. Offline reinforcement learning as one big sequence modeling problem. Advances in neural information processing systems, 34: 1273–1286.
  20. Offline reinforcement learning: Tutorial, review, and perspectives on open problems. arXiv preprint arXiv:2005.01643.
  21. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications, 141: 112963.
  22. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot. Sensors, 17(9): 1967.
  23. Remix: Regret minimization for monotonic value function factorization in multiagent reinforcement learning. arXiv preprint arXiv:2302.05593.
  24. MAC-PO: Multi-agent experience replay via collective priority optimization. arXiv preprint arXiv:2302.10418.
  25. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 military communications and information systems conference (MilCIS), 1–6. IEEE.
  26. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set).
  27. Deep reinforcement learning for cyber security. IEEE Transactions on Neural Networks and Learning Systems.
  28. A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow. In 2016 11th International conference on availability, reliability and security (ARES), 147–156. IEEE.
  29. Improving language understanding by generative pre-training.
  30. ID-RDRL: a deep reinforcement learning-based feature selection intrusion detection model. Scientific Reports, 12(1): 15370.
  31. MAFSIDS: a reinforcement learning-based intrusion detection model for multi-agent feature selection networks. Journal of Big Data, 10: 1–30.
  32. Attention is all you need. Advances in neural information processing systems, 30.
  33. Transformer embeddings of irregularly spaced events and their participants. arXiv preprint arXiv:2201.00044.
  34. Full-circuit implementation of transformer network based on memristor. IEEE Transactions on Circuits and Systems I: Regular Papers, 69(4): 1395–1407.
  35. Autoencoder and its various variants. In 2018 IEEE international conference on systems, man, and cybernetics (SMC), 415–419. IEEE.
  36. Continuous-Time Decision Transformer for Healthcare Applications. In International Conference on Artificial Intelligence and Statistics, 6245–6262. PMLR.
  37. PAC: Assisted Value Factorization with Counterfactual Predictions in Multi-Agent Reinforcement Learning. Advances in Neural Information Processing Systems, 35: 15757–15769.
  38. Value functions factorization with latent state information sharing in decentralized multi-agent policy gradients. IEEE Transactions on Emerging Topics in Computational Intelligence.
  39. Federated Learning with Online Adaptive Heterogeneous Local Models. In Workshop on Federated Learning: Recent Advances and New Challenges (in Conjunction with NeurIPS 2022).
  40. Transformer hawkes process. In International conference on machine learning, 11692–11702. PMLR.
Citations (11)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up