INCREMENTAL LEARNING FOR EDGE NETWORK INTRUSION DETECTION
DOI:
https://doi.org/10.59277/RRST-EE.2023.3.9Keywords:
Edge computing, supervised learning, incremental learning, intrusion detectionAbstract
The paper presents incremental learning as a solution for adapting intrusion detection systems to the dynamic edge network conditions. Extreme gradient boost trees are proposed and evaluated with the Network Security Laboratory - Knowledge Discovery in Databases (NSL-KDD) benchmark dataset. The accuracy of the XGBoost classifier model improves by 15% with 1% of the KDD-test+ data used for training. A mechanism based on unsupervised learning that triggers retraining of the XGBoost classifier is suggested. These results are relevant in the context of model retraining on resource scarce environments (relative to a cloud environment), such as the network edge or edge devices.
References
5G Americas, Becoming 5G-Advanced: the 3GPP 2025 Roadmap (2022). Accessed: May 26, 2023. [Online]. Available: https://www.5gamericas.org/wp-content/uploads/2022/12/Becoming-5G-Advanced-the-3GPP-2025-Roadmap-InDesign.pdf
European Union Agency for Cybersecurity, ENISA Threat Landscape for 5G Networks Report, ENISA (2020). Accessed: Feb. 15, 2023. [Online]. Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks.
G. Nencioni, R. G. Garroppo, and R. F. Olimid, 5G Multi-access Edge Computing: Security, Dependability, and Performance, arXiv preprint arXiv:2107.13374 (2021).
A. F. Glavan, D. Gheorghica, and V. Croitoru, Multi-access edge computing analysis of risks and security measures, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, in reviewing.
AT&T Cybersecurity Insights, AT&T Cybersecurity 2023 Edge Ecosystem (2023). Accessed: May 27, 2023. [Online]. Available: https://cdn-cybersecurity.att.com/docs/industry-reports/cybersecurity-insights-report-edge-ecosystem.pdf
M. Almseidin, M. Alzubi, S. Kovacs, and M. Alkasassbeh, Evaluation of Machine Learning Algorithms for Intrusion Detection System, 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), pp. 000277-000282, IEEE (2017).
A. Kumari and A. K. Mehta, A Hybrid Intrusion Detection System Based on Decision Tree and Support Vector Machine, 2020 IEEE 5th International Conference on Computing Communication and Automation, ICCCA 2020, pp. 396–400 (2020), doi: 10.1109/ICCCA49541.2020.9250753.
K. K. Nguyen, D. T. Hoang, D. Niyato, P. Wang, D. Nguyen, and E. Dutkiewicz, Cyberattack detection in mobile cloud computing: A deep learning approach, IEEE Wireless Communications and Networking Conference, WCNC, vol. 2018-April, pp. 1–6 (2018), doi: 10.1109/WCNC.2018.8376973.
P. Wang, K. M. Chao, H. C. Lin, W. H. Lin, and C. C. Lo, An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine, Proceedings - 13th IEEE International Conference on E-Business Engineering, ICEBE, pp. 56–63 (2017), doi: 10.1109/ICEBE.2016.020.
S. Khamaiseh, E. Serra, Z. Li, and D. Xu, Detecting Saturation Attacks in SDN via Machine Learning, 2019 4th International Conference on Computing, Communications and Security, ICCCS 2019, pp. 1-8 (2019), doi: 10.1109/CCCS.2019.8888049.
Edge Computing vs. Cloud Computing: Major Differences - Unite.AI, Accessed: May 29, 2023. [Online]. Available: https://www.unite.ai/edge-computing-vs-cloud-computing-major-differences/
A. Lakshmi, A disease prediction model using spotted hyena search optimization and bi-lstm, Rev. Roum. Sci. Techn. – Électrotechn. Et Énerg, vol. 68, no. 1, pp. 113–118 (2023).
H. Gupta et al., Category boosting machine learning algorithm for breast cancer prediction, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, vol. 66, no. 3, pp. 201–206 (2021).
N. Sabri, A. Tlemçani, and A. Chouder, Real-time diagnosis of battery cells for stand-alone photovoltaic system using machine learning techniques, Rev. Roum. Sci. Techn.– Électrotechn. et Énerg, vol. 66, no. 2, pp. 105–110 (2021).
L. Dhanabal and S. P. Shantharajah, A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms, International Journal of Advanced Research in Computer and Communication Engineering, vol. 4, no. 6, pp.446-452 (2015), doi: 10.17148/IJARCCE.2015.4696.
T. Su, H. Sun, J. Zhu, S. Wang, and Y. Li, BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset, IEEE Access, vol. 8, pp. 29575–29585 (2020), doi: 10.1109/ACCESS.2020.2972627.
K. H. Le, K. H. Le-Minh, and H. T. Thai, BrainyEdge: An AI-enabled framework for IoT edge computing, ICT Express, vol. 9, no. 2, pp. 211–221 (2023), doi: 10.1016/J.ICTE.2021.12.007.
T. Wang, Q. Lv, B. Hu, and D. Sun, A Few-Shot Class-Incremental Learning Approach for Intrusion Detection, Proceedings - International Conference on Computer Communications and Networks, ICCCN, vol. 2021-July (2021), doi: 10.1109/ICCCN52240.2021.9522260.
A. A. Ghorbani, M. Tavallaee, E. Bagheri, and W. Lu, A detailed analysis of the KDD CUP 99 data set, 2009 IEEE symposium on computational intelligence for security and defense applications, pp. 1-6 (2009), doi: 10.1109/CISDA.2009.5356528.
NSL-KDD | Datasets | Research | Canadian Institute for Cybersecurity | UNB, Accessed: May 27, 2023. [Online]. Available: https://www.unb.ca/cic/datasets/nsl.html.
K. Sadaf and J. Sultana, Intrusion detection based on autoencoder and isolation forest in fog computing, IEEE Access, vol. 8, pp. 167059–167068 (2020), doi: 10.1109/ACCESS.2020.3022855.
M. Haggag, M. M. Tantawy, and M. M. S. El-Soudani, Implementing a deep learning model for intrusion detection on apache spark platform, IEEE Access, vol. 8, pp. 163660–163672 (2020), doi: 10.1109/ACCESS.2020.3019931.
Real-time machine learning: challenges and solutions, Accessed: May 30, 2023. [Online]. Available: https://huyenchip.com/2022/01/02/real-time-machine-learning-challenges-and-solutions.html#towards-continual-learning (accessed May 30, 2023).
K. Guo, Z. Liang, R. Shi, C. Hu, and Z. Li, Transparent Learning: An Incremental Machine Learning Framework Based on Transparent Computing, IEEE Network, vol. 32, no. 1, pp. 146–151 (2018), doi: 10.1109/MNET.2018.1700154.
A.F Glavan and V. Croitoru, Autoencoders and AutoML for intrusion detection, in ECAI 2023 15th Edition International Conference on Electronics, Computers and Artificial Intelligence. in press (2023)
XGBoost Documentation — xgboost 1.7.5 documentation, Accessed: May 28, 2023. [Online]. Available: https://xgboost.readthedocs.io/en/stable/.
What is XGBoost? An Introduction to XGBoost Algorithm in Machine Learning | Simplilearn, Accessed: May 28, 2023. [Online]. Available: https://www.simplilearn.com/what-is-xgboost-algorithm-in-machine-learning-article.
Python API Reference — xgboost 1.7.5 documentation, Accessed: May 28, 2023. [Online]. Available: https://xgboost.readthedocs.io/en/stable/python/python_api.html
Project Jupyter | Try Jupyter, Accessed: May 29, 2023. [Online]. Available: https://jupyter.org/try.
DataTechNotes: Classification Example with XGBClassifier in Python, Accessed: May 28, 2023. [Online]. Available: https://www.datatechnotes.com/2019/07/classification-example-with.html.
scikit-learn: machine learning in Python — scikit-learn 1.2.2 documentation, Accessed: May 28, 2023. [Online]. Available: https://scikit-learn.org/stable/
Accuracy, Precision, and Recall in Deep Learning | Paperspace Blog, Accessed: May 28, 2023. [Online]. Available: https://blog.paperspace.com/deep-learning-metrics-precision-recall-accuracy/.
Z. Chen and B Liu, Continual Learning and Catastrophic Forgetting, Lifelong Machine Learning, pp. 55-75. Cham: Springer International Publishing (2018).
V. Sridharan, M. Gurusamy, and A. Leon-Garcia, Anomalous Rule Detection using Machine Learning in Software Defined Networks, IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2019 – Proceedings, pp. 1-6 (2019), doi: 10.1109/NFV-SDN47374.2019.9039984.
S. Dong, Y. Xia, and T. Peng, Network Abnormal Traffic Detection Model Based on Semi-Supervised Deep Reinforcement Learning, IEEE Transactions on Network and Service Management, vol. 18, no. 4, pp. 4197–4212 (2021), doi: 10.1109/TNSM.2021.3120804.
E. Raff, B. Filar, and J. Holt, Getting Passive Aggressive about False Positives: Patching Deployed Malware Detectors, IEEE International Conference on Data Mining Workshops, ICDMW, vol. 2020-November, pp. 506–515 (2020), doi: 10.1109/ICDMW51313.2020.00074.
K Means Clustering | Method to get most optimal K value, Accessed: May 30, 2023. [Online]. Available: https://www.analyticsvidhya.com/blog/2021/05/k-mean-getting-the-optimal-number-of-clusters/.
A. F. Glavan and V. Croitoru, Cloud environment assessment using clustering techniques on microservices dataset, 14th International Conference on Communications, COMM 2022 – Proceedings, pp. 1-6 (2022), doi: 10.1109/COMM54429.2022.9817204.
Y. Liu, R. H. Weisberg, and C. N. K. Mooers, Performance evaluation of the self-organizing map for feature extraction, Journal of Geophysical Research: Oceans, vol. 111, no. C5, p. 5018 (2006), doi: 10.1029/2005JC003117.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 REVUE ROUMAINE DES SCIENCES TECHNIQUES — SÉRIE ÉLECTROTECHNIQUE ET ÉNERGÉTIQUE
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.