TL;DR
3D-IDS introduces a novel approach for intrusion detection by disentangling features and dynamically fusing network topology, significantly improving detection of known and unknown attacks in encrypted traffic.
Contribution
The paper proposes a two-step feature disentanglement and dynamic graph diffusion scheme, enhancing detection accuracy and explainability in network intrusion detection systems.
Findings
Outperforms existing methods in detecting unknown threats.
Effectively disentangles complex attack features.
Improves explainability of intrusion detection models.
Abstract
Network-based intrusion detection system (NIDS) monitors network traffic for malicious activities, forming the frontline defense against increasing attacks over information infrastructures. Although promising, our quantitative analysis shows that existing methods perform inconsistently in declaring various unknown attacks (e.g., 9% and 35% F1 respectively for two distinct unknown threats for an SVM-based method) or detecting diverse known attacks (e.g., 31% F1 for the Backdoor and 93% F1 for DDoS by a GCN-based state-of-the-art method), and reveals that the underlying cause is entangled distributions of flow features. This motivates us to propose 3D-IDS, a novel method that aims to tackle the above issues through two-step feature disentanglements and a dynamic graph diffusion scheme. Specifically, we first disentangle traffic features by a non-parameterized optimization based on mutual…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsDiffusion
