A Deep Learning Ensemble Approach to Detecting Unknown Network Attacks

The majority of the intrusion detection solutions proposed using machine learning and deep learning approaches are based on known attack classes only. Comprehensive threat detection systems should consider both known and unknown attacks. Rapidly changing network environment and the advanced tools and techniques used by adversaries to launch new sophisticated attacks highlight a growing need to build intrusion detection systems that are more realistic, diverse, and robust to detect known and unknown attacks. We employed deep-learning models in our experiments to detect unknown threats, never introduced before to the model. This paper also studied the bias issues in connection with unknown threats detection. Many recent research studies based on conventional machine learning may report biased results and restricted training due to relying only on a single dataset; thus, there are existing threats that the model is unaware of, although the model may have high accuracy (in the known territories). This study presents a realistic IDS approach in which a deep learning classifiers' ensemble is trained on four benchmark IDS datasets for testing the unknown attack instances. Specifically, the model has no prior knowledge of some labels and traffic patterns in those experiments. The architecture proposed builds a deep learning ensemble using classifiers well-known to process and produce good results for sequential data. Our empirical results indicate that the proposed ensemble model can detect a range of unknown attacks with reasonable performance measures and a practical approach towards building a comprehensive IDS solution.