Improving the Reliability of Network Intrusion Detection Systems through Dataset Integration

TL;DR

This paper introduces R-NIDS, a methodology for integrating multiple datasets to improve the robustness and generalization of ML-based Network Intrusion Detection Systems, demonstrated with the new UNK21 dataset.

Contribution

The work presents R-NIDS, a novel dataset integration approach, and the UNK21 dataset, enhancing ML model robustness for NIDS through diverse data aggregation.

Findings

Models trained on UNK21 generalize better across datasets.

Integrated datasets improve detection accuracy and robustness.

Statistical analysis confirms the effectiveness of the approach.

Abstract

This work presents Reliable-NIDS (R-NIDS), a novel methodology for Machine Learning (ML) based Network Intrusion Detection Systems (NIDSs) that allows ML models to work on integrated datasets, empowering the learning process with diverse information from different datasets. Therefore, R-NIDS targets the design of more robust models, that generalize better than traditional approaches. We also propose a new dataset, called UNK21. It is built from three of the most well-known network datasets (UGR'16, USNW-NB15 and NLS-KDD), each one gathered from its own network environment, with different features and classes, by using a data aggregation approach present in R-NIDS. Following R-NIDS, in this work we propose to build two well-known ML models (a linear and a non-linear one) based on the information of three of the most common datasets in the literature for NIDS evaluation, those integrated in UNK21. The results that the proposed methodology offers show how these two ML models trained as a NIDS solution could benefit from this approach, being able to generalize better when training on the newly proposed UNK21 dataset. Furthermore, these results are carefully analyzed with statistical tools that provide high confidence on our conclusions.