Transfer Learning based Intrusion Detection Systems
In recent times, organizations face many cyberattacks daily especially through Internet. The traditional approach has been that once new attack is identified, the models are re-trained. This thesis proposes the use of Transfer Learning in the aspect of Deep Learning for Intrusion Detection. Four source models are developed as below: 1. DNN Model for PortScan Attack 2. DNN Model for Botnet, DDoS, and PortScan Attacks 3. CNN Model for Botnet, DDoS, and PortScan Attacks 4. LSTM Model for Botnet, DDoS, and PortScan Attacks Each source model is transferred to learn about detecting target DoS attacks and Web attacks. For DoS attacks, the proposed approach achieves 96.8% F1-score for 15% training data that is approx. 10% more than the normal deep learning model. For Web attacks, 86.2% F1-score is achieved by the proposed model for 75% training data that is almost double than the F1-score of ID3 and LinearSVM.