Trustworthy Intrusion Detection: Confidence Estimation Using Latent Space
Ioannis Pitsiorlas, George Arvanitakis, Marios Kountouris
TL;DR
This work addresses the reliability of anomaly detection in Intrusion Detection Systems by introducing a confidence metric derived from a Variational Autoencoder's latent space. The approach uses Mahalanobis distance in the latent space to quantify how representative an unknown sample is of the training data, thereby estimating the expected error $\hat{e}$ and producing a confidence score $\mathcal{C}$ that correlates with $\hat{e}$ (reported around $r=0.45$). The method is validated on the NSL-KDD dataset for a binary normal-vs-malicious task, with careful tuning of latent dimensionality and KL weight $\beta$, and is compared against Choquet–Mahalanobis and naïve distances. The results show that latent-space confidence can reduce false positives and improve trust in IDS outputs, with practical implications for real-time secure monitoring, while also outlining avenues for broader datasets and multi-class extensions.
Abstract
This work introduces a novel method for enhancing confidence in anomaly detection in Intrusion Detection Systems (IDS) through the use of a Variational Autoencoder (VAE) architecture. By developing a confidence metric derived from latent space representations, we aim to improve the reliability of IDS predictions against cyberattacks. Applied to the NSL-KDD dataset, our approach focuses on binary classification tasks to effectively distinguish between normal and malicious network activities. The methodology demonstrates a significant enhancement in anomaly detection, evidenced by a notable correlation of 0.45 between the reconstruction error and the proposed metric. Our findings highlight the potential of employing VAEs for more accurate and trustworthy anomaly detection in network security.