Keywords

1 Introduction

While the advent of the Internet has brought immense convenience to our daily lives in recent decades, it has also unavoidably introduced dozens of new challenges. As people nowadays spend more time in cyberspace than real world no matter living or working, attacking on network activities with various kinds of intrusion techniques to prey privacy information or corporation confidential information has never stop. Therefore, as a counterpart, the intrusion detection system (IDS) which safeguard the integrity and availability of key assets has always been a hot research topic in computer and network security community. In contrast to host-based IDS which are distributed at end point users’ system, network intrusion detection system (NIDS) primarily characterized as a solution inside the data transfer pipeline between computers that can monitor the network traffic and alert or even take active response measures when malicious behavior is spotted [4]. Other than some NIDS designed for specific network environment [16, 19, 24] like Hadoop-based platforms or particular cloud system, most general NIDS researches [10, 14, 33, 38] were performed on network intrusion detection datasets to demonstrate and compare their effectiveness and generalization ability in a data-driven fashion.

Among several limitations of existing algorithms, data imbalance in different classes, especially the lack of data in rarely seen attacking categories, is a one of the most challenging problems. However, it is also a very common phenomenon in network intrusion detection datasets considering the difficulty in data collection or generation. Benign traffic is no doubt the majority part of internet data transfer, not to mention the inherent nature of malicious network activity as of being disguised. While the performance of most traditional ML-based method declines significantly in the case of learning from imbalanced data, a large amount of researches try to address this problem by various approaches [5, 8, 20, 28, 34, 36, 38]. Recently, contrastive learning has drawn a lot of attention with impressive performance improvement [27, 35] in computer vision and natural language processing. Besides supervised contrastive learning, instance-level discrimination framework in self-supervised fashion have also shown promising result with few-Shot classification [21] and quickly being used in NIDS research [22].

Inspired by the success of contrastive learning and adversarial learning in CV and NLP, in this paper we proposed a self-supervised adversarial learning (SSAL) approach for network intrusion detection. The main contributions of this paper are as follows:

  • First, we utilized an adversarial learning approach for NIDS with design of netflow-based adversarial examples, which improves robustness on class-imbalanced datasets by explicitly suppressing the vulnerability in the representation space and maximizing the similarity between clean examples and their adversarial perturbations.

  • We proposed a 2-stage pre-train style self-supervised learning in SSAL that leverages instance-level self-supervised contrastive learning and adversarial data augmentation to achieve a better representation over limited sample, which has not been proposed for NIDS to the best of our knowledge.

  • We conducted a experimental evaluation with existing methods on multiple datasets including UNSW-NB15 [26] and CIC-IDS-2017/2018 [31], which shows boosted performance of several machine learning baselines across different datasets.

2 Related Work

In this section we summarize the algorithms and research work related to this study.

2.1 Network Intrusion Detection System

Data-driven methods have been developed and deployed for NIDSs for more than two decades [9]. In order to achieve an effective NIDS, various methods including both machine learning (ML) and deep learning (DL) techniques have been proposed by research community.

Traditional machine learning algorithm such as KNN, PCA, SVM, and tree-based models have all been adopted with intrusion detection, and often used as baseline for particular improved module. For example, Gao et al. [11] used classification and regression trees (CARTs) on NSL-KDD datasets with a ensemble scheme where multiple trees were trained on adjusted sampling. Karatas et al. [17] addressed the dataset imbalance problem by reducing the imbalance ratio using Synthetic Minority Oversampling Technique (SMOTE), and used different ML algorithms as a baseline for cross comparison that shows improved detection ability for minority class attacks.

Recent studies suggested that the use of DL algorithms for NIDSs have much superior performance than the ML-based methods. RNN and autoencoder [1] was pointed to be the most frequently used models for NIDS in past decades. Regarding data imbalance, Yu et al. proposed a CNN-based few shot learning model to improve the detection reliability of network attack categories with the few sample problem. Manocchio proposed FlowGAN [23] which utilized generative models for data augmentation. However, most DL schemes are more complex and require extensive computing resources compare to ML-based methods.

2.2 NIDS Datasets

High-quality data sets are definitely required to fully evaluate the performance of various intrusion detection systems. Many contributions have been published in recent years containing representative network flow data with different kinds of preproccess, which are provided mainly in three categories of formats.

Packet Based Data. The most original and commonly used format is packet based data captured in pcap format and contains payload. Early NIDS datasets does not provide packet based data because it takes too much storage space. But datasets published more recently like CIC-IDS-2017/2018, UNSW-NB15 and LITNET-2020 [7] tend to provide both pcap files and flow based features for the benefit of comparison between different NIDS methods.

Flow Based Data. Flow based data is much more condensed compare to packet based data. It aims to describes the behavior of whole network connection session by aggregate all packets sharing same properties within a time window. Commonly used flow-based formats includes NetFlow [6], OpenFlow [25] and NFStream [2]. CICFlowmeter (formerly known as ISCXFlowMeter [32]) is another important network flow format generator, which tranfers pcap files into more than 80 netflow features, since it was published by Canadian Institute for Cybersecurity therefore used by both CICIDS-2017 and CICIDS-2018.

Other Data. This summarize all data sets that are neither purely packet-based nor flow-based. For example, The KDD CUP 1999 [18] contains host-based attributes like number of failed logins, which can only obtained from above network interface. As a consequence, dataset of this category has its own set of attributes and can not be unified with each other.

2.3 Contrastive Learning

Contrastive learning techniques has been widely used in metric learning such as triplet loss [30] and contrastive loss [13]. While in recent self-supervised approaches, contrastive learning mostly shares a core idea of minimizing various kinds of contrastive loss (i.e. NCE [12], infoNCE [27]) evaluated on pairs of data augmentations. Typically, augmentations are obtained by data transformation (i.e. rotation, cropping, color Jittering in CV, or masking in NLP), but using “adversarial augmentations” as challenging training pairs that maximize the contrastive loss shows more robustness in recently study [15].

3 Approach

In this section, we will explain the main algorithms of our proposed self-supervised adversarial learning framework for data imbalance network intrusion detection.

Fig. 1.
figure 1

preprocess pipeline from PCAP files to flow-based feature vector

Full size image

3.1 Data Preprocessing

To build a comparable cross-dataset evaluation process, we adopt commonly used datasets UNSW-NB15, CIC-IDS-2017 and CIC-IDS-2018, as they not only contain a wide range of attack scenarios but also provide original pcap files that can be easily processed into unified feature set. CIC-IDS-2017 dataset is made up of 5 days network traffic with 7 different network attacking, which forms 51GB size of data. The benign traffic was generated with profile system to protect user privacy. It provides both network traffic (pcap files) and event logs for attack label on each machine. CIC-IDS-2018 dataset is also created by CICFlowMeter but with both benign and malicous profile system, and has more than 400GB pcap data among 17 days. UNSW-NB15 was release in 2015 by Australian Centre for Cyber Security (ACCS) that contains a total of 100 GB of pcap files, consist of 2,218,761 (87.35%) benign flows and 321,283 (12.65%) attack ones.

After obtaining original PCAP files, we follow the setting from [29] and take 43 extended feature dimension from the latest netflow version 9 flow-record format [6] for flow-based feature extraction (full feature set can be obtained from [29]). Netflow was proposed by Cisco and has become one of the most commonly used flow-based formats for recording network traffic. A network flow stream is an aggregation of a sequence of packets in a continuous session (of TCP connection by default) with the same source IP, source port, destination IP, destination port, and transport protocol. The distribution of our processed unified dataset is shown at Table 1.

Table 1. Distribution of Unified Dataset
Full size table

Session stream separation might be a little tricky since streams obtained by only quintuple may not be accurate and contain too much data packets. Inspired by [37], other than following tcp handshake flags, we further segment streams by a timeout mechanism to cut idle stream into more pieces with periodic reset. The procedure of generating NIDS datasets with unified feature set is show in Fig. 1.

3.2 Self-supervised Adversarial Learning

Fig. 2.
figure 2

Self-supervised Adversarial Learning vs. Vanilla Contrastive Learning

Full size image

In self-supervise styled contrastive learning (CL), the dataset \(\boldsymbol{D} = \{\textbf{x}_i\}_{n=1}^{N}\) is unlabeled, and each example \(\textbf{x}_i\) from a mini-batch is either paired with a positive sample \(\textbf{x}_i^{'}\) by transformations \(\boldsymbol{T}\) or a negative sample \(x_{j}\)/\(x_{j, j\ne i}^{'}\). CL seeks to learn an invariant representation of \(\textbf{x}_i\) by minimizing the distance between positive samples defined as:

$$\begin{aligned} \mathcal {L}_\text {CL}= - \log \frac{\exp (\text {sim}(\textbf{x}_i, \textbf{x}_j))}{\sum \exp (\text {sim}(\textbf{x}_i, \textbf{x}_k))} \end{aligned}$$
(1)

While Chen et al. demonstrate in SimCLR [3] that a temperature parameter \(\tau \) and a non-linear projector \(\boldsymbol{G}\) after backbone network is crucial to the performance of self-supervise CL, we adopt SimCLR loss \(\mathcal {L}_\text {SimCLR}\) for the base setting of SSAL:

$$\begin{aligned} \begin{aligned} \mathcal {L}_\text {SimCLR}(\textbf{x}_i,\textbf{x}_j)&= - \log \frac{\exp (\text {sim}(\textbf{z}_i, \textbf{z}_j) / \tau )}{\sum _{k=1}^{2N} \exp (\text {sim}(\textbf{z}_i, \textbf{z}_k) / \tau )}, \\ \text {where} \quad \textbf{h}_i&= f(\textbf{x}_i),\quad \textbf{h}_j = f(\textbf{x}_j), \\ \text {and} \quad \textbf{z}_i&= g(\textbf{h}_i),\quad \textbf{z}_j = g(\textbf{h}_j) \end{aligned} \end{aligned}$$
(2)

Adversarial Attack. The design of positive and negative sampling strategy is key to performance of CL models, and the robustness of model will largely depend on the difficulty of proposed sample pairs. As opposed to vanilla contrastive learning, self-supervise adversarial learning leverages adversarial augmentation to ease the difficulty in hard sample mining. Define the perturbation \(\epsilon \) using \(L_\infty \)-Norm attack for example:

$$\begin{aligned} \begin{aligned} \epsilon = \mathop {\mathrm {arg\,max}}\limits _{||\epsilon ||_\infty } \mathcal {L}_\text {SimCLR}(\textbf{x}_i,\textbf{x}_i + \epsilon ) \end{aligned} \end{aligned}$$
(3)

With perturbations \(\epsilon \) given in certain radius that lead to the most diverse positive pairs, we have a adversarial training scheme by both encouraging the learning algorithm to produce a more invariant representation upon updating parameter \(\theta \) and then find the \(\epsilon {'}\) under \(\theta {'}\) again. This pipeline is described in Fig. 2 (Fig. 3).

Fig. 3.
figure 3

Framework of proposed 2-stage SSAL NIDS training process

Full size image

3.3 Classifier Fine-Tune

With SSAL we can already pre-train the model without any class labels in adversarial fashion, but without class annotation pre-trained model cannot be directly used for class-level classification.

Therefore we froze the parameter \(\theta \) from pre-trained model f, and switch projector head g with a non-linear classifier \(\psi \). The training was conducted under standard multi-class single-label training:

$$\begin{aligned} \begin{aligned} \textbf{z}_{i}&= \psi (f(\textbf{x}_i)),\ \ \ for\ i=1,2,\dots ,N \\ p_{i,c}&= \sigma (z_{i,c}) = \frac{e^{z_{i,c}}}{\sum _{j=1}^M e^{z_{i,j}}}, \ \ \ for\ c=1,2,\dots ,M \\ \end{aligned} \end{aligned}$$
(4)

with cross entropy loss:

$$\begin{aligned} \begin{aligned} \mathcal {L}_{ce}(\textbf{x}_i,\textbf{l}_i) = -\sum _{c=1}^My_{i,c}\log (p_{i,c}) \end{aligned} \end{aligned}$$
(5)

The full process of proposed 2-stage SSAL for NIDS is shown in Algorithm 1.

figure a

4 Experiment Results

Metric and Implementation. The evaluation is conducted by comparing the classifier performance with various classification metrics. The intrusion detection datasets we evaluate on contain several attacking categories, which can be treated as both binary classification and multiple classification problem. While comparing performance under binary classification scenario, the basic terms used in the evaluation is as follow:

$$\begin{aligned} \begin{aligned} Accuracy(ACC)&= \frac{TP+TN}{TP+FP+TN+FN}, \\ Detection Rate(DR)&= \frac{TP}{TP+FN}, \quad a.k.aRecall, \\ Precision&= \frac{TP}{TP+FP}, \\ F1 Score&= \frac{2\times Precision \times Recall}{Precision + Recall}. \end{aligned} \end{aligned}$$
(6)

where TP stands for numbers of true positive samples, FN for false negative, and so forth.

For multi-class classification setting with more detailed label of attacking types, weighted average measure of above metric was adopted considering the proportion for each label in the dataset. To achieve a fair evaluation, five cross-validation splits are conducted and the mean is measured.

Evaluation on Unified Feature Dataset. With the unified feature set upon pre-processed UNSW-NB15 and CIC-IDS-2017/2018 dataset mentioned in Sect. 3.1, we conduct a evaluation across multiple datasets. For the purpose of comparison, we implemented a simple MLP and the Extra Trees model from [29] as baseline models. In Table 2, we can see that our SSAL method achieved outstanding result in all three datasets and exceed previous works in most metrics.

Table 2. Performance on unified dataset
Full size table
Table 3. Detailed performance of different classes on unified dataset.(ACC)
Full size table

Table 3 presents the detailed detection results of different attacking class on the merged NIDS dataset. While using the same backbone (Multi-Layer Perceptron), the performance of model with SSAL pre-train was largely improved on rare seen attacking data.

Further Ablation. To further demonstrate the superiority of our proposed method, we compare our method with different backbone networks with ablation studies upon SSAL modules. We first use two different frequently used backbones, MLP and CNN, and plug them with SSAL pre-train for representation learning. The evaluation result shown on Table 4 proves that SSAL can effectively enhance the ability of network intrusion detection systems. As for feature extraction, Table 5 shows the result of different classifiers when SSAL was used as a feature extractor. We first pre-train with all unlabeled training data with SSAL for feature extraction, then freese the network parameter and use SVM or k-NN as a classifier to check the representative ability of SSAL model.

Table 4. Performance with different backbone.(ACC)
Full size table
Table 5. Performance with different classifier.(ACC)
Full size table

5 Conclusion and Discussions

In this paper, we try to tackles the data imbalance problem in network intrusion detection with adversarial style data augmentation and self-supervised contrastive representation learning. More specifically, we proposed a self-supervised adversarial learning way to enhance the representative learning progress in deep learning based NIDS, which utilizing a instance-wise attack to yield a robust model by suppressing theirs adversarial vulnerability against perturbation samples. State-of-the-art performance was achieved on commonly used Experiments on multiple datasets show improvement of proposed learning framework against vanilla DL approach with same backbones.

In addiction to the conclusion, there are also some works could be done in the future. Although we among other researchers have made a lot of effort on data imbalance for network intrusion detection problems, there are still more gaps need to be filled to a robust and applicable NIDS. For instance, in our method the result from different feature sets shows noticeable performance gap. we believe that to further improve the representative ability of network flow data with a standard and comprehensive behavior feature set is key to better data-driven NIDS solution. Also we are looking forward to explore an universal end-to-end approach for more generalized NIDS which could greatly reduces the difficulty of system deployment.