Robust and Explainable Divide-and-Conquer Learning for Intrusion Detection
Yan Zhou, Kevin Hamlen, Michael De Lucia, Murat Kantarcioglu, Latifur Khan, Sharad Mehrotra, Ananthram Swami, Bhavani Thuraisingham
TL;DR
This paper introduces a divide-and-conquer learning approach for intrusion detection that creates lightweight, accurate, and explainable models suitable for resource-limited devices, enhancing robustness and efficiency.
Contribution
It proposes a correlation-aware divide-and-conquer method that decomposes complex intrusion detection tasks into simpler subproblems for lightweight modeling.
Findings
Achieved up to 43.3% higher local accuracy
Reduced model size by up to 257 times
Improved adversarial robustness and explainability
Abstract
Machine learning-based intrusion detection requires complex models to capture patterns in high-dimensional, noisy, and class-imbalanced raw network traffic, yet deploying such models remains impractical on resource-constrained devices with limited processing power and memory. In this paper, we present a correlation-aware divide-and-conquer learning technique that decomposes a complex learning problem into smaller, more manageable subproblems. This enables lightweight models as simple as decision trees to be trained on focused subtasks, yielding up to 43.3% higher local accuracy and up to 257 times reduction in model size on real-world network intrusion detection datasets, while also improving adversarial robustness and explainability.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.