A Hybrid Deep Generative Local Metric Learning Method for Intrusion Detection

Advancement in information technology and widespread use of digital networks have led to an increasing number of malicious activities and intrusions targeting software and systems. There are various Machine Learning techniques have been utilized for Intrusion Detection Systems (IDS) to protect computers and networks from network based and host-based attacks. However, there are harmful categories of attacks where their information resembles other attacks to lead IDS detection astray. In this chapter, we propose a hybrid model designed to detect abnormal intrusions such as Remote to Local (R2L) and User to Root (U2R). The proposed model leverages an unsupervised learning algorithm that applies back-propagation to learn the identity function of attacks data and also reduce the dimension of dataset and cluster the data. Furthermore, we apply the Generative Local Metric Learning (GLML) on cluster to learn local metrics within each cluster to apply a robust nearest neighbor classifier. The empirical results on NSL-KDD dataset demonstrate that our model outperforms previous models designed to detect two major harmful attacks (U2R and R2L).