A Transfer Learning Approach for Network Intrusion Detection

Peilun Wu, Hui Guo, Richard Buckland

Published 2019-09-05Version 1

Convolution Neural Network (ConvNet) offers a high potential to generalize input data. It has been widely used in many application areas, such as visual imagery, where comprehensive learning datasets are available and a ConvNet model can be well trained and perform the required function effectively. ConvNet can also be applied to network intrusion detection. However, the currently available datasets related to the network intrusion are often inadequate, which makes the ConvNet learning deficient, hence the trained model is not competent in detecting unknown intrusions. In this paper, we propose a ConvNet model using transfer learning for network intrusion detection. The model consists of two concatenated ConvNets and is built on a two-stage learning process: learning a base dataset and transferring the learned knowledge to the learning of the target dataset. Our experiments on the NSL-KDD dataset show that the proposed model can improve the detection accuracy not only on the test dataset containing mostly known attacks (KDDTest+) but also on the test dataset featuring many novel attacks (KDDTest-21) -- about 2.68\% improvement on KDDTest+ and 22.02\% on KDDTest-21 can be achieved, as compared to the traditional ConvNet model.