The success of a deep learning-based network intrusion detection systems (NIDS) relies on large-scale, labeled, realistic traffic. However, automated labeling of realistic traffic, such as by sand-box and rule-based approaches, is prone to errors, which in turn affects deep learning-based NIDS.
To solve the problems, a research team led by Yuefei ZHU published their new research on 15 Feb 2024 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.
The team proposed MMCo, a Co-teaching-like method using multimodal information and parallel, heterogeneous networks to detect malicious traffic with noisy labels. Unlike existing methods, (1) MMCo is the first LNL method that uses multimodality to maintain disagreement; and (2) the parallel networks in MMCo are heterogeneous and input different modalities of samples, which can mitigate self-control degradation and enhance robustness.
In the research, they choose CNN and RNN to learn semantic and spatio-temporal modal information from the traffic. In each mini-batch, CNN and RNN are fed with different modalities of the same subset. CNN and RNN select for each other the samples they consider more important, i.e., the samples with different distinguish or less loss among all mini-batches. Only these samples will be used for updating the parameters of the networks. The experimental results show that MMCo can maintain a higher disagreement compared with the existing methods, thus helping the classifiers to learn more correct knowledge, with about 10% higher accuracy.
Future work can focus on investigating the analysis of the representations of two networks in multimodal networks using explainable artificial intelligence, which may help identify and clean malicious traffic with noisy labels.
DOI: 10.1007/s11704-023-2386-4
