2 research outputs found
Collaborative Feature Maps of Networks and Hosts for AI-driven Intrusion Detection
Intrusion Detection Systems (IDS) are critical security mechanisms that
protect against a wide variety of network threats and malicious behaviors on
networks or hosts. As both Network-based IDS (NIDS) or Host-based IDS (HIDS)
have been widely investigated, this paper aims to present a Combined Intrusion
Detection System (CIDS) that integrates network and host data in order to
improve IDS performance. Due to the scarcity of datasets that include both
network packet and host data, we present a novel CIDS dataset formation
framework that can handle log files from a variety of operating systems and
align log entities with network flows. A new CIDS dataset named SCVIC-CIDS-2021
is derived from the meta-data from the well-known benchmark dataset,
CIC-IDS-2018 by utilizing the proposed framework. Furthermore, a
transformer-based deep learning model named CIDS-Net is proposed that can take
network flow and host features as inputs and outperform baseline models that
rely on network flow features only. Experimental results to evaluate the
proposed CIDS-Net under the SCVIC-CIDS-2021 dataset support the hypothesis for
the benefits of combining host and flow features as the proposed CIDS-Net can
improve the macro F1 score of baseline solutions by 6.36% (up to 99.89%).Comment: IEEE Global Communications Conference (Globecom), 2022, 6 pages, 3
figures 4 table