- Dataset: Leipzig Intrusion Detection Data Set (LID-DS), 2018, NSL-KDD.
- Architecture: Siamese-CNN (few-shot learning), treating the dataset like an image dataset.
- Proposed architecture performs 6% better than vanilla CNN.
Previous works
- Laskov et al.: Used KNN, MLP, K-means, SVM, Decision Tree for intrusion detection and compared their performances using ROC curves.
- Le et al.; Kim and Kim: Conducted study to solve high false alarm rates, using SVM, KNN.
- Kim et al.: Used LSTM (language modeling method) for abnormal behavior based intrusion detection. Used better approach to resolve high false alarm rate.
- Khan et al.: Used CNN on KDD99.
- Upadhyay et al.: Used CNN on KDD99.
- Two types of intrusion detection: Misuse detection & Anomaly detection.
- Attack types: DoS (Denial of Service), U2R (User versus Root), R2L (Remote versus Local), Probe attack.
- Datasets used in previous research: KDD99, UNM (System call data), ADFA (2013, Relevant for modern systems, System call data).
- Few-shot learning: Meta-learning & Metric-learning.
- Steps of the work: LID-DS, preprocessing, image generation, Siamese Network, Siamese-CNN, and N-way K-Shot Learning.
Possible improvement(s)
- Could have tried ‘image augmentation’ to diversify the dataset, as already treating the dataset like images.