Transfer learning for raw network traffic detection

Traditional machine learning models used for network intrusion detection systems rely on vast amounts of network traffic data with expertly engineered features. The abundance of computational and expert resources at the enterprise level allow for the employment of such models; however, these resources quickly dwindle in edge network scenarios. As Internet of Battlefield Things (IoBT) networks become common place in tactical environments, there is a need for improved and distributed models trained without these enterprise resources. Transfer learning – which allows us to take information learned in one domain and apply it to another – provides one way to create and distribute these models towards the edge. Using neural networks, we demonstrate the feasibility of transfer learning for intrusion detection using only raw network traffic in computationally limited environments. Our results show that with a transferred one-dimensional convolutional neural network model combined with a retrained random forest model, we obtain over 96% accuracy with only 5000 training samples on edge devices with an edge training time of approximately 67 s.
David A. Bierbrauer, Michael J. De Lucia, Krishna Reddy, Paul Maxwell, Nathaniel D. Bastian, Transfer learning for raw network traffic detection, Expert Systems with Applications, Volume 211, 2023, 118641, ISSN 0957-4174,