RIDE: Real-time Intrusion Detection via Explainable Machine Learning Implemented in a Memristor Hardware Architecture (2311.16018v1)
Abstract: Deep Learning (DL) based methods have shown great promise in network intrusion detection by identifying malicious network traffic behavior patterns with high accuracy, but their applications to real-time, packet-level detections in high-speed communication networks are challenging due to the high computation time and resource requirements of Deep Neural Networks (DNNs), as well as lack of explainability. To this end, we propose a packet-level network intrusion detection solution that makes novel use of Recurrent Autoencoders to integrate an arbitrary-length sequence of packets into a more compact joint feature embedding, which is fed into a DNN-based classifier. To enable explainability and support real-time detections at micro-second speed, we further develop a Software-Hardware Co-Design approach to efficiently realize the proposed solution by converting the learned detection policies into decision trees and implementing them using an emerging architecture based on memristor devices. By jointly optimizing associated software and hardware constraints, we show that our approach leads to an extremely efficient, real-time solution with high detection accuracy at the packet level. Evaluation results on real-world datasets (e.g., UNSW and CIC-IDS datasets) demonstrate nearly three-nines detection accuracy with a substantial speedup of nearly four orders of magnitude.
- Resistive random access memory (reram) based on metal oxides. Proceedings of the IEEE, 98(12):2237–2251, 2010.
- Dynamic heterogeneous learning games for opportunistic access in lte-based macro/femtocell deployments. IEEE Transactions on Wireless Communications, 2015.
- Verifiable reinforcement learning via policy extraction, 2018.
- Pruning decision trees with misclassification costs. In European Conference on Machine Learning, pages 131–136. Springer, 1998.
- Yangyin Chen. Reram: History, status, and future. IEEE Transactions on Electron Devices, 67(4):1420–1433, 2020.
- Distributed attack detection scheme using deep learning approach for internet of things. Future Generation Computer Systems, 82:761–768, 2018.
- Payload-byte: A tool for extracting and labeling packet capture files of modern network intrusion detection datasets. 2022.
- Decision trees within a molecular memristor. Nature, 597(7874):51–56, 2021.
- Memristors as adjustable boundaries for an analog implementation of decision trees. 2019.
- Intrusion detection using payload embeddings. IEEE Access, 10:4015–4030, 2021.
- Threat analysis of iot networks using artificial neural network intrusion detection system. In 2016 International Symposium on Networks, Computers and Communications (ISNCC), pages 1–6. IEEE, 2016.
- An intrusion detection system for fog computing and iot based logistic systems using a smart data approach. International Journal of Digital Content Technology and its Applications, 10(5), 2016.
- Analog content-addressable memories with memristors. Nature communications, 11(1):1638, 2020.
- Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot. Sensors, 17(9):1967, 2017.
- Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). 2015.
- A host-based intrusion detection and mitigation framework for smart home iot using openflow. In 2016 11th International conference on availability, reliability and security (ARES), pages 147–156. IEEE, 2016.
- Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116, 2018.
- Deep learning code fragments for code clone detection. In Proceedings of the 31st IEEE/ACM international conference on automated software engineering, pages 87–98, 2016.
- A classification algorithm of cart decision tree based on mapreduce attribute weights. 2018.