In a constantly evolving environment, such as a Network environment, an Anomaly-based Network Intrusion Detection System (A-NIDS) must be capable of continuously adapting without forgetting previously learned tasks, thereby avoiding the phenomenon of Catastrophic Forgetting (CF) of old threats. In anomaly-based or fault detection systems, datasets are usually highly unbalanced, making the development of a classifier more challenging. In this scenario, a possible solution to mitigate these issues is Class Incremental Learning (CIL). In this work, a CIL Framework for an A-NIDS dedicated to denial of services attacks has been developed using the CICDDoS2019 dataset, synthesizing a Pseudo-Rehearsal strategy to mitigate CF. Every time a new class is added, a class model is trained with both real and generated samples. Different generative models have been tested to evaluate the one better suited to the problem at hand. Our tests show that the Gaussian Mixture Model is the best-performing one. Additionally, an analysis over the considered dataset has been performed, showing similar issues affecting CICIDS2017. Results indicate a minimal performance degradation with the usage of generated samples.
A Class Incremental Learning Framework for DDoS Detection / Borrini, Eugenio; De Santis, Enrico; Rizzi, Antonello. - (2025), pp. 1-9. ( 2025 IEEE Symposium on Computational Intelligence in Security, Defence and Biometrics, CISDB 2025 Trondheim; Norvegia ) [10.1109/cisdb64969.2025.11010305].
A Class Incremental Learning Framework for DDoS Detection
Borrini, Eugenio
;De Santis, Enrico;Rizzi, Antonello
2025
Abstract
In a constantly evolving environment, such as a Network environment, an Anomaly-based Network Intrusion Detection System (A-NIDS) must be capable of continuously adapting without forgetting previously learned tasks, thereby avoiding the phenomenon of Catastrophic Forgetting (CF) of old threats. In anomaly-based or fault detection systems, datasets are usually highly unbalanced, making the development of a classifier more challenging. In this scenario, a possible solution to mitigate these issues is Class Incremental Learning (CIL). In this work, a CIL Framework for an A-NIDS dedicated to denial of services attacks has been developed using the CICDDoS2019 dataset, synthesizing a Pseudo-Rehearsal strategy to mitigate CF. Every time a new class is added, a class model is trained with both real and generated samples. Different generative models have been tested to evaluate the one better suited to the problem at hand. Our tests show that the Gaussian Mixture Model is the best-performing one. Additionally, an analysis over the considered dataset has been performed, showing similar issues affecting CICIDS2017. Results indicate a minimal performance degradation with the usage of generated samples.| File | Dimensione | Formato | |
|---|---|---|---|
|
Borrini_A Class Incremental Learning_2025.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.36 MB
Formato
Adobe PDF
|
1.36 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
