A Two-Stage approach with CVAE and extreme value theory for an intrusion detection system

- This research aims to provide the framework for developing an intelligent intrusion detection system capable of classifying known and unknown attacks to protect organizations and their related information systems from catastrophic loss. Specifically, we reduce the identification risk of inferring unknown attacks by first formulating the problem of fine-grained known/novel intrusion detection as a two-stage minimization problem, where the first stage seeks a score measure for minimizing the empirical risk of misclassifying the known attacks. We developed a hierarchical intrusion detection system based on classconditioned auto-encoders due to the complex nature of the problem. In the second phase, extreme value theory describesthe distribution of reconstruction mistakes to make
distinguishing between unknown and known attacks easier
since the former tend to have more significant reconstruction
errors. We constructed a benign clustering module to study the
multimodal distribution of benign traffic to reduce the number
of false positives. The proposed method is evaluated using
two widely used intrusion detection datasets, with positive
results showing improved detection rates for previously
undiscovered attacks while maintaining a low false positive
rate