A context-aware robust intrusion detection system: a reinforcement learning-based approach

Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to detect malicious activities in the network. However, most of the existing IDSs are incapable of providing higher accuracy and less false positive rate (FPR). Therefore, there is a need for adaptive techniques to detect network intrusions that maintain a balance between accuracy and FPR. In this paper, we present a context-adaptive IDS that uses multiple independent deep reinforcement learning agents distributed across the network for accurate detection and classification of new and complex attacks. We have done extensive experimentation using three benchmark datasets including NSL-KDD, UNSW-NB15 and AWID on our model that shows better accuracy and less FPR compared to the state-of-the-art systems. Further, we analysed the robustness of our model against adversarial attack and observed only a small decrease in accuracy as compared to the existing models. To further improve the robustness of the system, we implemented the concept of denoising autoencoder. Also, we have shown the usability of our system in real-life application with changes in the attack pattern.