Abstract
Malicious traffic on the Internet has become an increasingly serious problem, and several artificial intelligence (AI)-based malicious traffic detection methods have been proposed. Generally, AI-based methods need numerous benign and specific types of malicious traffic training instances to achieve better detection results. However, for attacks with only a few instances, known as the few-shot attacks, these methods often perform poorly, and how to train a model for detecting few-shot attacks is a huge challenge. For this problem, we propose a novel intrusion detection system based on generative adversarial networks and model-agnostic meta-learning. The system adopts a hybrid detection mechanism where an anomaly-based classifier determines whether incoming traffic is malicious and a signature-based classifier identifies the class of malicious traffic. In the system, the samples of few-shot attacks are augmented by maximizing the use of meta-knowledge and then applied to assist the detection of few-shot attacks to obtain better detection results. The experiments show that for CSE-CIC-IDS2018 and Bot-IoT datasets, this system can detect malicious traffic with 94.3%/1.8% TPR/FPR and 99.8%/0.1% TPR/FPR, respectively, and also can identify the class of the few-shot attacks with 95.2% and 91.9% accuracy, respectively. Compared with other related methods, the system improves the accuracy of identifying few-shot attacks on these two datasets by at least 2.2% and 1.5%, respectively. Additionally, a parameter visualization process is designed, which shows the fast-adaptive property and better generalization capability of the system.
Similar content being viewed by others
Data availability statement
All data generated and analysed during the current study are available from the corresponding author on reasonable request.
References
Tariq M, Ali M, Naeem F, Poor HV (2020) Vulnerability assessment of 6g-enabled smart grid cyber-physical systems. IEEE Int Things J 8(7):5468–5475
Wan Haslina H et al (2019) Current research on internet of things (iot) security: a survey. Comput Netw 148:283–294
Khraisat A, Alazab A (2021) A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecurity 4(1):1–27
Bhati BS, Rai CS (2020) Analysis of support vector machine-based intrusion detection techniques. Arabian J Sci Eng 45(4):2371–2383
Resende PA, Drummond AC (2018) A survey of random forest based methods for intrusion detection systems. ACM Comput Surv (CSUR) 51(3):1–36
Drewek-Ossowicka A, Pietrołaj M, Rumiński J (2021) A survey of neural networks usage for intrusion detection systems. J Ambient Intell Human Comput 12(1):497–514
Latchoumi TP, Reddy MS, Balamurugan K (2020) Applied machine learning predictive analytics to sql injection attack detection and prevention. Eur J Molecular Clinical Med 7(02):2020
Guo Y (2023) A review of machine learning-based zero-day attack detection: challenges and future directions. Comput Commun 198:175–185
Lee J, Park K (2021) Gan-based imbalanced data intrusion detection system. Personal and Ubiquitous Comput 25(1):121–128
He J, Luo L, Xiao K, Fang X, Li Y (2022) Generate qualified adversarial attacks and foster enhanced models based on generative adversarial networks. Intell Data Anal 26(5):1359–1377
Huisman M, Van Rijn JN, Plaat A (2021) A survey of deep meta-learning. Artif Intell Rev 54(6):4483–4541
Finn C, Abbeel P, Levine S (2017) Model-agnostic meta-learning for fast adaptation of deep networks. In: International conference on machine learning, PMLR, pp 1126–1135
Wang T, Lv Q, Hu B, Sun D (2021) A few-shot class-incremental learning approach for intrusion detection. In: 2021 International conference on computer communications and networks (ICCCN), IEEE, pp 1–8
Feng T, Qi Q, Wang J, Liao J (2021) Few-shot class-adaptive anomaly detection with model-agnostic meta-learning. In: 2021 IFIP networking conference (IFIP Networking), pp 1–9
Anderson JP (1980) Computer security threat monitoring and surveillance. Anderson Company, Technical Report, James P
Ahmad Z, Shahid Khan A, Wai Shiang C, Abdullah J, Ahmad F (2021) Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans Emerging Telecommun Technol 32(1):e4150
Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P (2019) Network intrusion detection for iot security based on learning techniques. IEEE Commun Surv Tutorials 21(3):2671–2701
Aljamal I, Tekeoğlu A, Bekiroglu K, Sengupta S (2019) Hybrid intrusion detection system using machine learning techniques in cloud computing environments. In: 2019 IEEE 17th International conference on software engineering research, management and applications (SERA), pp 84–89
Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. Adv Neural Inf Process Syst 27
Xu C, Shen J, Du X (2020) A method of few-shot network intrusion detection based on meta-learning framework. IEEE Trans Inf Forensics Sec 15:3540–3552
Liang W, Hu Y, Zhou X, Pan Y, Kevin I, Wang K (2021) Variational few-shot learning for microservice-oriented intrusion detection in distributed industrial iot. IEEE Tran Industrial Inf 18(8):5087–5095
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1:108–116
Nsl-kdd dataset. http://nsl.cs.unb.ca/NSL-KDD/
Yu Y, Bian N (2020) An intrusion detection method using few-shot learning. IEEE Access 8:49730–49740
Yang J, Li H, Shao S, Zou F, Wu Y (2022) Fs-ids: a framework for intrusion detection based on few-shot learning. Comput Sec 122:102899
Wang Z-M, Tian J-Y , Qin J, Fang H, Chen L-M (2021) A few-shot learning-based siamese capsule network for intrusion detection with imbalanced training data. Computat Intell Neurosci 2021
Wu T, Fan H, Zhu H, You C, Zhou H (2022) Huang X (2022) Intrusion detection system combined enhanced random forest with smote algorithm. EURASIP J Adv Signal Process 1:1–20
Huang S, Lei K (2020) Igan-ids: an imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Netw 105:102177
Phaphuangwittayakul A, Guo Y, Ying F (2022) Fast adaptive meta-learning for few-shot image generation. IEEE Trans Multimed 24:2205–2217
Yang A, Lu C, Li J, Huang X, Ji T, Li X, Sheng Y (2022) Application of meta-learning in cyberspace security: a survey. Digital Commun Netw
Usama M, Asim M, Latif S, Qadir J, Ala-Al-Fuqaha (2019) Generative adversarial networks for launching and thwarting adversarial attacks on network intrusion detection systems. In: 2019 15th International wireless communications and mobile computing conference, IWCMC 2019, pp 78–83
Xie M, Liu B, Wang L, Li C, Kong Y, Tang R (2023) Auto encoder generative adversarial networks-based mineral prospectivity mapping in lhasa area, tibet. J Geochem Explorat 255:107326
Canadian Institute for Cybersecurity. Cse-cic-ids2018 on aws. https://www.unb.ca/cic/datasets/ids-2018.html
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Comput Syst 100:779–796
Ali BH, Sulaiman N, Al-Haddad SAR, Atan R, Hassan SLM (2022) Ddos detection using active and idle features of revised cicflowmeter and statistical approaches. In: 2022 4th International conference on advanced science and engineering (ICOASE), IEEE, pp 148–153
Node-red tool. https://nodered.org/
Argus tool. https://qosient.com/argus/index.shtml
Minarno AE, Aripa L, Azhar Y, Munarko Y (2023) Classification of malaria cell image using inception-v3 architecture. JOIV: Int J Inf Visualizat 7(2):273–278
Shahriar MH, Haque NI, Rahman MA, Alonso M (2020) G-ids: Generative adversarial networks assisted intrusion detection system. In: 2020 IEEE 44th Annual computers, software, and applications conference (COMPSAC), IEEE, pp 376–385
Tang B, Lu Y, Li Q, Bai Y, Yu J, Yu X (2023) A diffusion model based on network intrusion detection method for industrial cyber-physical systems. Sensors 23(3):1141
Aslansefat K, Sorokos I, Whiting D, Kolagari RT, Papadopoulos Y (2020) Safeml: safety monitoring of machine learning classifiers through statistical difference measures. In: International symposium on model-based safety and assessment, Springer, pp 197–211
Hammad M, Hewahi N, Elmedany W (2022) Mmm-rf: a novel high accuracy multinomial mixture model for network intrusion detection systems. Comput Sec 120:10277
Sarıkaya A, Günel Kılıç B, Demirci M (2022) Gru-gbm: A combined intrusion detection model using lightgbm and gated recurrent unit. Expert Syst 39(9):e13067
de Elias EM, Carriel VS, De Oliveira GW, Dos Santos AL, Nogueira M, Junior RH, Batista DM (2022) A hybrid cnn-lstm model for iiot edge privacy-aware intrusion detection. In: 2022 IEEE Latin-American conference on communications (LATINCOM), pp 1–6
Es GSR, Azees M, Vinodkumar CR, Parthasarathy G (2022) Hybrid optimization enabled deep learning technique for multi-level intrusion detection. Adv Eng Softw 173:103197
Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for iot intrusion detection. Knowl-Based Syst 279:110941
Wang N, Chen Y, Hu Y, Lou W, Hou YT (2021) Manda: on adversarial example detection for network intrusion detection system. In: IEEE INFOCOM 2021 - IEEE Conference on Computer Communications, pp 1–10
Msika S, Quintero A, Khomh F (2019) SIGMA: strengthening IDS with GAN and Metaheuristics Attacks. pp 1–11
Schonlau M, Zou RY (2020) The random forest algorithm for statistical learning. Stata J 20(1):3–29
Lin Z, Shi Y, Xue Z (2022) Idsgan: generative adversarial networks for attack generation against intrusion detection. In: Pacific-Asia conference on knowledge discovery and data mining, Springer, pp 79–91
Verkerken M, D’hooge L, Sudyana D, Lin Y-D, Wauters T, Volckaert B, Turck FD (2023) A novel multi-stage approach for hierarchical intrusion detection. IEEE Trans Netw Serv Manag
Acknowledgements
This work was supported by the Opening Project of Intelligent Policing Key Laboratory of Sichuan Province under grant number ZNJW2023KFQN00, the Chengdu Zhisuan Center for calculating resources, and the King Saud University, Riyadh, Saudi Arabia under project number (RSP2024R12).
Author information
Authors and Affiliations
Contributions
Conceptualization: He Junpeng; Methodology: He Junpeng; Formal analysis and investigation: He Junpeng, Yao Lingfeng; Writing - original draft preparation: He Junpeng; Writing - review and editing: Li Xiong, Muhammad Khurram Khan; Funding acquisition: Niu Weina, Zhang Xiaosong; Resources: Li Fagen; Supervision: Li Xiong.
Corresponding author
Ethics declarations
Competing Interests
The authors have no competing interests to declare that are relevant to the content of this article.
Ethical and informed consent
No data is used for human participants or animals.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
He, J., Yao, L., Li, X. et al. Model-agnostic generation-enhanced technology for few-shot intrusion detection. Appl Intell 54, 3181–3204 (2024). https://doi.org/10.1007/s10489-024-05290-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-024-05290-8