ON THE GENERALIZATION AND ROBUSTNESS OF ML-BASED NETWORK INTRUSION DETECTION SYSTEMS

Author

Minxiao Wang, Southern Illinois University CarbondaleFollow

Date of Award

12-1-2024

Degree Name

Doctor of Philosophy

Department

Electrical and Computer Engineering

First Advisor

Weng, Ning

Abstract

Machine Learning (ML)-based Network Intrusion Detection Systems (NIDS) hold great promise for enhancing network security. As a security application, concerns persist regarding the generalization and robustness of ML-based NIDS. To facilitate real-world deployment, it is crucial to ensure the generalization and robustness of ML-based NIDS to attain a certain level of effectiveness. The current practices for ML-based NIDS are investigated, revealing challenges to generalization posed by tabular data representations and the need for tailored models in diverse network scenarios that reflect the lack of robustness. The unique characteristics of NIDS scenarios pose challenges to ML but also bring opportunities to solve them. Given ML-based NIDSs are data-driven methods, the unique network traffic data, which needs to be reconstructed representation, plays a pivotal role. This dissertation focuses on flexible network traffic representation to investigate its impact on the generalization and robustness of ML-based NIDS. This dissertation starts by delving into NIDS’s unique characteristics and challenges. Further, this dissertation introduces a comprehensive data augmentation framework for current ML-based NIDSs. In addition, this dissertation proposes a novel heterogeneous temporal graph network traffic representation and corresponding graph neural network NIDS model. This dissertation also studies adversarial attacks on NIDS, proposing a projecting-based traffic-space adversarial evasion attack generation method with a basic feature sequence traffic representation.