Abstract:In this paper, we explore transferability in learning between different attack classes in a network intrusion detection setup. We evaluate transferability of attack classes by training a deep learning model with a specific attack class and testing it on a separate attack class. We observe the effects of real and synthetically generated data augmentation techniques on transferability. We investigate the nature of observed transferability relationships, which can be either symmetric or asymmetric. We also examine explainability of the transferability relationships using the recursive feature elimination algorithm. We study data preprocessing techniques to boost model performance. The code for this work can be found at <a class="link-external link-https" href="https://github.com/ghosh64/transferability" rel="external noopener nofollow">this https URL</a>.

What problem does this paper attempt to address?

The main problem that this paper attempts to solve is the transfer learning ability of deep - learning models in Network Intrusion Detection Systems (NIDS), especially the transferability between different attack classes. Specifically, the author hopes to explore the following aspects: 1. **Feasibility of transfer learning between different attack categories**: - The author trains a deep - learning model to identify specific types of attacks and tests its ability to recognize other unseen attack types. This helps to understand whether the model can generalize to unknown or new - type attacks. 2. **The influence of data augmentation techniques on transferability**: - Research how real - data and synthetic - data augmentation techniques affect the effect of transfer learning. This includes using SMOTE to generate synthetic data and resampling the original data by bootstrapping. 3. **The relationship between feature selection and transferability**: - Use the Recursive Feature Elimination (RFE) algorithm to analyze which features are crucial for the transferability of different attack categories. This helps to understand the similarities and differences between different attack types. 4. **The influence of data pre - processing techniques on transferability**: - Explore how different data pre - processing methods (such as differential input, time - averaging, and Discrete Cosine Transform) can improve the transfer performance of the model. ### Specific research questions of the paper - **Effectiveness of transfer learning**: Evaluate the transfer effect of deep - learning models between different attack categories to determine whether the model can learn from known attacks and apply to unknown attacks. - **Symmetry and asymmetry of transfer relationships**: Research the symmetry or asymmetry of transfer relationships between different attack categories, for example, whether the transfer effects between certain attack categories are consistent in both directions. - **The role of data augmentation techniques**: Verify whether data augmentation techniques (such as SMOTE and bootstrapping) can improve the performance of the model in transfer learning. - **The influence of feature selection**: Use feature selection methods (such as RFE) to find features that are crucial for transfer learning and explain the transfer relationships between different attack categories. - **The effect of data pre - processing**: Evaluate the improvement effect of different data pre - processing techniques (such as differential input, time - averaging, and DCT) on the performance of transfer learning. ### Summary This paper aims to explore how to use existing attack data to train models so that they can better deal with unknown or new - type attacks by in - depth research on the application of transfer learning in network intrusion detection. This not only helps to improve the generalization ability of existing models but also provides valuable references for future research.

A Study on Transferability of Deep Learning Models for Network Intrusion Detection

Improving Transferability of Network Intrusion Detection in a Federated Learning Setup

Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

Demystifying the Transferability of Adversarial Attacks in Computer Networks

A Transfer Learning Approach for Network Intrusion Detection

Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings

A Survey on Transferability of Adversarial Examples across Deep Neural Networks

Towards Network Traffic Monitoring Using Deep Transfer Learning

Applying Transfer Learning Approaches for Intrusion Detection in Software-Defined Networking

Transfer Adversarial Attacks Across Industrial Intelligent Systems.

Divergence-Based Transferability Analysis for Self-Adaptive Smart Grid Intrusion Detection With Transfer Learning

Understanding and Enhancing the Transferability of Adversarial Examples

Reinforcement Learning Meets Network Intrusion Detection: A Transferable and Adaptable Framework for Anomaly Behavior Identification

Delving into Transferable Adversarial Examples and Black-box Attacks

On the Transferability of Adversarial Attacksagainst Neural Text Classifier

TAD: Transfer Learning-based Multi-Adversarial Detection of Evasion Attacks against Network Intrusion Detection Systems

A Comparative Study of Using Deep Learning Algorithms in Network Intrusion Detection

Application of deep learning to enhance the accuracy of intrusion detection in modern computer networks

Big data analysis and distributed deep learning for next-generation intrusion detection system optimization

Dependable Intrusion Detection System for IoT: A Deep Transfer Learning-based Approach

Machine learning approaches to network intrusion detection for contemporary internet traffic