A Network Intrusion Detection System for Concept Drifting Network Traffic Data.

Deep neural network architectures have recently achieved state-of-the-art results learning flexible and effective intrusion detection models. Since attackers constantly use new attack vectors to avoid being detected, concept drift commonly occurs in the network traffic by degrading the effect of the detection model over time also when deep neural networks are used for intrusion detection. To combat concept drift, we describe a methodology to update a deep neural network architecture over a network traffic data stream. It integrates a concept drift detection mechanism to discover incoming traffic that deviates from the past and triggers the fine-tuning of the deep neural network architecture to fit the drifted data. The methodology leads to high predictive accuracy in presence of network traffic data with zero-day attacks.