Online Self-Supervised Deep Learning for Intrusion Detection Systems

TL;DR

The SSID framework enables IDS to adapt rapidly to time-varying characteristics of the network traffic, and eliminates the need for offline data collection, and is experimentally evaluated on public datasets and compared with well-known machine learning and deep learning models.

Abstract

This paper proposes a novel Self-Supervised Intrusion Detection (SSID) framework, which enables a fully online Deep Learning (DL) based Intrusion Detection System (IDS) that requires no human intervention or prior off-line learning. The proposed framework analyzes and labels incoming traffic packets based only on the decisions of the IDS itself using an Auto-Associative Deep Random Neural Network, and on an online estimate of its statistically measured trustworthiness. The SSID framework enables IDS to adapt rapidly to time-varying characteristics of the network traffic, and eliminates the need for offline data collection. This approach avoids human errors in data labeling, and human labor and computational costs of model training and data collection. The approach is experimentally evaluated on public datasets and compared with well-known {machine learning and deep learning} models, showing that this SSID framework is very useful and advantageous as an accurate and online learning DL-based IDS for IoT systems.

Figures (10)

• Figure 1: Particular structure of IDS used within the SSID framework during performance evaluation
• Figure 2: Detection and learning processes of IDS within the Fully Online Self-Supervised Intrusion Detection (SSID) framework
• Figure 3: Block diagram of the learning process in the SSID framework for online self-supervised learning of the parameters of IDS
• Figure 4: ROC curve for the performance of AADRNN-based IDS under the SSID framework for malicious traffic detection
• Figure 5: Predictions of SSID and the value of trust coefficient $\Gamma$ with respect to time