RIDE: Real-time Intrusion Detection via Explainable Machine Learning Implemented in a Memristor Hardware Architecture

TL;DR

This paper presents a real-time, explainable intrusion detection system that combines recurrent autoencoders and decision trees, implemented on memristor hardware, achieving high accuracy and microsecond-level speed.

Contribution

It introduces a novel packet-level detection method using recurrent autoencoders and decision trees, optimized for memristor hardware for real-time performance.

Findings

Achieves nearly 99.9% detection accuracy on real-world datasets.

Provides a four-order-of-magnitude speedup over traditional methods.

Demonstrates effective explainability through decision tree implementation.

Abstract

Deep Learning (DL) based methods have shown great promise in network intrusion detection by identifying malicious network traffic behavior patterns with high accuracy, but their applications to real-time, packet-level detections in high-speed communication networks are challenging due to the high computation time and resource requirements of Deep Neural Networks (DNNs), as well as lack of explainability. To this end, we propose a packet-level network intrusion detection solution that makes novel use of Recurrent Autoencoders to integrate an arbitrary-length sequence of packets into a more compact joint feature embedding, which is fed into a DNN-based classifier. To enable explainability and support real-time detections at micro-second speed, we further develop a Software-Hardware Co-Design approach to efficiently realize the proposed solution by converting the learned detection policies into decision trees and implementing them using an emerging architecture based on memristor devices. By jointly optimizing associated software and hardware constraints, we show that our approach leads to an extremely efficient, real-time solution with high detection accuracy at the packet level. Evaluation results on real-world datasets (e.g., UNSW and CIC-IDS datasets) demonstrate nearly three-nines detection accuracy with a substantial speedup of nearly four orders of magnitude.