research-article

Developing a Siamese Network for Intrusion Detection Systems

Authors:

Christos Tachtatzis,

Robert Atkinson,

Xavier BellekensAuthors Info & Claims

EuroMLSys '21: Proceedings of the 1st Workshop on Machine Learning and Systems

Pages 120 - 126

https://doi.org/10.1145/3437984.3458842

Published: 26 April 2021 Publication History

Abstract

Machine Learning (ML) for developing Intrusion Detection Systems (IDS) is a fast-evolving research area that has many unsolved domain challenges. Current IDS models face two challenges that limit their performance and robustness. Firstly, they require large datasets to train and their performance is highly dependent on the dataset size. Secondly, zero-day attacks demand that machine learning models are retrained in order to identify future attacks of this type. However, the sophistication and increasing rate of cyber attacks make retraining time prohibitive for practical implementation. This paper proposes a new IDS model that can learn from pair similarities rather than class discriminative features. Learning similarities requires less data for training and provides the ability to flexibly adapt to new cyber attacks, thus reducing the burden of retraining. The underlying model is based on Siamese Networks, therefore, given a number of instances, numerous similar and dissimilar pairs can be generated. The model is evaluated using three mainstream IDS datasets; CICIDS2017, KDD Cup'99, and NSL-KDD. The evaluation results confirm the ability of the Siamese Network model to suit IDS purposes by classifying cyber attacks based on similarity-based learning. This opens a new research direction for building adaptable IDS models using non-conventional ML techniques.

References

[1]

Anuja Kumar Acharya and Rajalakshmi Satapathy. 2020. A Deep Learning Based Approach towards the Automatic Diagnosis of Pneumonia from Chest Radio-Graphs. Biomedical and Pharmacology Journal 13, 1 (2020), 449--455.

[2]

Jane Bromley, Isabelle Guyon, Yann LeCun, Eduard Säckinger, and Roopak Shah. 1994. Signature Verification using a "Siamese" Time Delay Neural Network. In Advances in Neural Information Processing Systems. 737--744.

[3]

Canadian Institute for Cybersecurity. [n.d.]. NSL-KDD dataset. http://www.unb.ca/cic/datasets/nsl.html Accessed on 15/06/2018).

[4]

Raia Hadsell, Sumit Chopra, and Yann LeCun. 2006. Dimensionality Reduction by Learning an Invariant Mapping. In 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'06), Vol. 2. IEEE, 1735--1742.

Digital Library

[5]

Tarfa Hamed, Jason B Ernst, and Stefan C Kremer. 2018. A Survey and Taxonomy of Classifiers of Intrusion Detection Systems. In Computer and Network Security Essentials. Springer, 21--39.

[6]

S. Hettich and S. D. Bay. 1999. The UCI KDD Archive. http://kdd.ics.uci.edu (Accessed on 06/15/2018).

[7]

H. Hindy, D. Brosset, E. Bayne, A. K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens. 2020. A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems. IEEE Access 8 (2020), 104650--104675.

[8]

Md Delwar Hossain, Hideya Ochiai, Fall Doudou, and Youki Kadobayashi. 2020. SSH and FTP Brute-force Attacks Detection in Computer Networks: LSTM and Machine Learning Approaches. In 5th International Conference on Computer and Communication Systems (ICCCS). IEEE, 491--497. https://doi.org/10.1109/ICCCS49078.2020.9118459

[9]

Shou-Ching Hsiao, Da-Yu Kao, Zi-Yuan Liu, and Raylin Tso. 2019. Malware image classification using one-shot learning with siamese networks. Procedia Computer Science 159 (2019), 1863--1871.

Digital Library

[10]

Poulmanogo Illy, Georges Kaddoum, Christian Miranda Moreira, Kuljeet Kaur, and Sahil Garg. 2019. Securing Fog-to-Things Environment Using Intrusion Detection System Based On Ensemble Learning. In 2019 IEEE Wireless Communications and Networking Conference (WCNC) (Marrakesh, Morocco). IEEE, 1--7. https://doi.org/10.1109/WCNC.2019.8885534

Digital Library

[11]

Shanshan Jiao, Jiabao Wang, Zhisong Pan, Guyu Hu, Junhua Zou, and Mingyong Zeng. 2019. Multi-layer Joint Classification-Metric Deep Learning for Top View Image Person Re-identification. In 2019 IEEE 2nd International Conference on Electronics and Communication Engineering (ICECE). IEEE, 47--50.

[12]

Diederik P. Kingma and Jimmy Ba. 2015. Adam: A Method for Stochastic Optimization. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1412.6980

[13]

Gregory Koch, Richard Zemel, and Ruslan Salakhutdinov. 2015. Siamese Neural Networks for One-Shot Image Recognition. In ICML Deep Learning Workshop, Vol. 2.

[14]

Brenden M. Lake, Ruslan Salakhutdinov, and Joshua B. Tenenbaum. 2015. Human-level Concept Learning through Probabilistic Program Induction. Science 350, 6266 (2015), 1332--1338.

[15]

Bingdong Li, Jeff Springer, George Bebis, and Mehmet Hadi Gunes. 2013. A Survey of Network Flow Applications. Journal of Network and Computer Applications 36, 2 (2013), 567--581.

Digital Library

[16]

Yanmiao Li, Yingying Xu, Zhi Liu, Haixia Hou, Yushuo Zheng, Yang Xin, Yuefeng Zhao, and Lizhen Cui. 2020. Robust Detection for Network Intrusion of Industrial IoT based on Multi-CNN Fusion. Measurement 154 (2020), 107450. https://doi.org/10.1016/j.measurement.2019.107450

[17]

Petro Liashchynskyi and Pavlo Liashchynskyi. 2019. Grid Search, Random Search, Genetic Algorithm: A Big Comparison for NAS. arXiv preprint arXiv:1912.06059 (2019).

[18]

Xialei Liu, Joost van de Weijer, and Andrew D. Bagdanov. 2017. RankIQA: Learning From Rankings for No-Reference Image Quality Assessment. In The IEEE International Conference on Computer Vision (ICCV).

[19]

Serafeim Moustakidis and Patrik Karlsson. 2020. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity 3, 1 (2020), 1--13.

[20]

Maël Nogues, David Brosset, Hanan Hindy, Xavier Bellekens, and Yvon Kermarrec. 2020. Labelled Network Capture Generation for Anomaly Detection. In Foundations and Practice of Security, Abdelmalek Benzekri, Michel Barbeau, Guang Gong, Romain Laborde, and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing, Cham, 98--113.

[21]

S. Pang, S. Qiao, T. Song, J. Zhao, and P. Zheng. 2019. An Improved Convolutional Network Architecture Based on Residual Modeling for Person Re-Identification in Edge Computing. IEEE Access 7 (2019), 106749--106760.

[22]

Nuttachot Promrit, Sajjaporn Waijanya, and Kran Thaweesith. 2019. The Evaluation of Thai Poem's Content Consistency using Siamese Network. In Proceedings of the 2019 3rd International Conference on Natural Language Processing and Information Retrieval. 115--120.

Digital Library

[23]

Ullas P Ramakrishnan and JK Tandon. 2018. The Evolving Landscape of Cyber Threats. Vidwat 11, 1 (2018), 31--35.

[24]

Sashank J. Reddi, Satyen Kale, and Sanjiv Kumar. 2018. On the Convergence of Adam and Beyond. In International Conference on Learning Representations. https://openreview.net/forum?id=ryQu7f-RZ

[25]

Yuji Roh, Geon Heo, and Steven Euijong Whang. 2021. A survey on data collection for machine learning: a big data-ai integration perspective. IEEE Transactions on Knowledge and Data Engineering 33, 4 (2021), 1328--1347.

[26]

Setareh Roshan, Yoan Miche, Anton Akusok, and Amaury Lendasse. 2018. Adaptive and Online Network Intrusion detection system using clustering and Extreme Learning Machines. Journal of the Franklin Institute 355, 4 (2018), 1752--1779.

[27]

Martin Sarnovsky and Jan Paralic. 2020. Hierarchical Intrusion Detection using Machine Learning and Knowledge Model. Symmetry 12, 2 (2020), 203. https://doi.org/10.3390/sym12020203

[28]

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. 2018. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In ICISSP. SciTePress, 108--116. https://doi.org/10.5220/0006639801080116

[29]

X. Sun, J. Dai, P. Liu, A. Singhal, and J. Yen. 2018. Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths. IEEE Transactions on Information Forensics and Security 13, 10 (2018), 2506--2521. https://doi.org/10.1109/TIFS.2018.2821095 ID: 1.

[30]

Muhammad Tahir, Mingchu Li, Naeem Ayoub, and Muhammad Aamir. 2019. Efficacy Improvement of Anomaly Detection by Using Intelligence Sharing Scheme. Applied Sciences 9, 3 (2019), 364.

[31]

Zhijie Tang, Peng Wang, and Junfeng Wang. 2020. ConvProtoNet: Deep prototype induction towards better class representation for few-shot malware classification. Applied Sciences 10, 8 (2020), 2847.

[32]

Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani. 2009. A Detailed Analysis of the KDD CUP 99 Data Set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (Ottawa, ON, Canada). IEEE, 1-6. https://doi.org/10.1109/CISDA.2009.5356528

[33]

Trung Kien Tran, Hiroshi Sato, and Masao Kubo. 2019. Image-based unknown malware classification with few-shot learning models. In 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW). IEEE, 401--407.

[34]

UCI. 1999. KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. (Accessed on 12/07/2018).

[35]

R. Vinayakumar, Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, Ameer Al-Nemrat, and Sitalakshmi Venkatraman. 2019. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access 7 (2019), 41525--41550. https://doi.org/10.1109/ACCESS.2019.2895334

[36]

Qiang Wang, Zhu Teng, Junliang Xing, Jin Gao, Weiming Hu, and Stephen Maybank. 2018. Learning Attentions: Residual Attentional Siamese Network for High Performance Online Visual Tracking. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 4854--4863.

[37]

Bill Wilson. 2018. The Machine Learning Dictionary. https://web.archive.org/web/20180826151959/http://www.cse.unsw.edu.au/~billw/mldict.html (Accessed on 06/29/2020).

[38]

Yujia Wu, Jing Li, Jia Wu, and Jun Chang. 2020. Siamese capsule networks with global and local features for text classification. Neurocomputing 390 (2020), 88--98.

Cited By

Ambekar NSamal SDevi NThokchom S(2025)FASNet: Federated Adversarial Siamese Networks for Robust Malware Image ClassificationJournal of Parallel and Distributed Computing10.1016/j.jpdc.2025.105039(105039)Online publication date: Jan-2025
https://doi.org/10.1016/j.jpdc.2025.105039
Althiyabi TAhmad IAlassafi M(2024)Enhancing IoT Security: A Few-Shot Learning Approach for Intrusion DetectionMathematics10.3390/math1207105512:7(1055)Online publication date: 31-Mar-2024
https://doi.org/10.3390/math12071055
Zang MZheng CDittmann LZilberman N(2024)Toward Continuous Threat Defense: in-Network Traffic Analysis for IoT GatewaysIEEE Internet of Things Journal10.1109/JIOT.2023.332377111:6(9244-9257)Online publication date: 15-Mar-2024
https://doi.org/10.1109/JIOT.2023.3323771
Show More Cited By

Index Terms

Developing a Siamese Network for Intrusion Detection Systems
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
      1. Neural networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Network security

Recommendations

Leveraging siamese networks for one-shot intrusion detection model
Abstract
The use of supervised Machine Learning (ML) to enhance Intrusion Detection Systems (IDS) has been the subject of significant research. Supervised ML is based upon learning by example, demanding significant volumes of representative instances for ...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroMLSys '21: Proceedings of the 1st Workshop on Machine Learning and Systems

April 2021

130 pages

ISBN:9781450382984

DOI:10.1145/3437984

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

EuroSys '21

Sponsor:

SIGOPS

EuroSys '21: Sixteenth European Conference on Computer Systems

April 26, 2021

Online, United Kingdom

Acceptance Rates

EuroMLSys '21 Paper Acceptance Rate 18 of 26 submissions, 69%;

Overall Acceptance Rate 18 of 26 submissions, 69%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
306
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)9

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ambekar NSamal SDevi NThokchom S(2025)FASNet: Federated Adversarial Siamese Networks for Robust Malware Image ClassificationJournal of Parallel and Distributed Computing10.1016/j.jpdc.2025.105039(105039)Online publication date: Jan-2025
https://doi.org/10.1016/j.jpdc.2025.105039
Althiyabi TAhmad IAlassafi M(2024)Enhancing IoT Security: A Few-Shot Learning Approach for Intrusion DetectionMathematics10.3390/math1207105512:7(1055)Online publication date: 31-Mar-2024
https://doi.org/10.3390/math12071055
Zang MZheng CDittmann LZilberman N(2024)Toward Continuous Threat Defense: in-Network Traffic Analysis for IoT GatewaysIEEE Internet of Things Journal10.1109/JIOT.2023.332377111:6(9244-9257)Online publication date: 15-Mar-2024
https://doi.org/10.1109/JIOT.2023.3323771
Wang YFang C(2024)Network Traffic Anomaly Detection Based on Siamese U-Net2024 9th International Conference on Intelligent Computing and Signal Processing (ICSP)10.1109/ICSP62122.2024.10743534(445-448)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICSP62122.2024.10743534
Han SNam HKang JKim KCho SLee S(2024)CODE-SMASH: Source-Code Vulnerability Detection Using Siamese and Multi-Level Neural ArchitectureIEEE Access10.1109/ACCESS.2024.343232312(102492-102504)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3432323
AŞAN C(2023)THE ROLE OF CYBER SITUATIONAL AWARENESS OF HUMANS IN SOCIAL ENGINEERING CYBER ATTACKS ON THE MARITIME DOMAINMersin University Journal of Maritime Faculty10.47512/meujmaf.13702745:2(22-36)Online publication date: 31-Dec-2023
https://doi.org/10.47512/meujmaf.1370274
Zakariah MAlQahtani SAl-Rakhami M(2023)Machine Learning-Based Adaptive Synthetic Sampling Technique for Intrusion DetectionApplied Sciences10.3390/app1311650413:11(6504)Online publication date: 26-May-2023
https://doi.org/10.3390/app13116504
Pawlicki MKozik RChoraś M(2023)Improving Siamese Neural Networks with Border Extraction Sampling for the use in Real-Time Network Intrusion Detection2023 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN54540.2023.10191496(1-8)Online publication date: 18-Jun-2023
https://doi.org/10.1109/IJCNN54540.2023.10191496
Mirsadeghi SBahsi HVaarandi RInoubli W(2023)Learning From Few Cyber-Attacks: Addressing the Class Imbalance Problem in Machine Learning-Based Intrusion Detection in Software-Defined NetworkingIEEE Access10.1109/ACCESS.2023.334175511(140428-140442)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3341755
Ben Farah MUkwandu EHindy HBrosset DBures MAndonovic IBellekens X(2022)Cyber Security in the Maritime Industry: A Systematic Survey of Recent Advances and Future TrendsInformation10.3390/info1301002213:1(22)Online publication date: 6-Jan-2022
https://doi.org/10.3390/info13010022
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten