Data Contamination Defense Method for Intelligent Network Intrusion Detection Systems Based on Edge Examples

Liu Guangrui; Zhang Weizhe; Li Xinjie

doi:10.7544/issn1000-1239.20220509

Journal of Computer Research and Development > 2022 > 59(10): 2348-2361. > DOI: 10.7544/issn1000-1239.20220509 CSTR: 32373.14.issn1000-1239.20220509

Liu Guangrui, Zhang Weizhe, Li Xinjie. Data Contamination Defense Method for Intelligent Network Intrusion Detection Systems Based on Edge Examples[J]. Journal of Computer Research and Development, 2022, 59(10): 2348-2361. DOI: 10.7544/issn1000-1239.20220509

Citation:

PDF (2637 KB)

Data Contamination Defense Method for Intelligent Network Intrusion Detection Systems Based on Edge Examples

¹(School of Cyberspace Science, Harbin Institute of Technology, Harbin 150001)
²(Peng Cheng Laboratory, Shenzhen, Guangdong 518055)

Funds: This work was supported by the National Key Research and Development Program of China (2020YFB1406902), the Key-Area Research and Development Program of Guangdong Province (2020B0101360001), Shenzhen Science and Technology Research and Development Foundation (JCYJ20190806143418198), the Fundamental Research Funds for the Central Universities (HIT.OCEF.2021007), and the Peng Cheng Laboratory Project (PCL2021A02).

More Information

Published Date: September 30, 2022

Graphical Abstract

Abstract

Abstract

Artificial intelligence has been widely used in network intrusion detection systems. Due to the concept drift of traffic samples, the models used for malicious traffic identification must be updated frequently to adapt to new feature distributions. The effectiveness of the updated model depends on the quality of the new training samples, so it is essential to prevent data contamination. However, contamination filtering of traffic samples still relies on expert experience, which leads to the problems such as the immense workload of sample screening, unstable model accuracy, and vulnerability to poisoning attacks during the model update. Existing works cannot achieve contamination filtering or model repair while maintaining model performance. We design a general model update method for intelligent network intrusion detection systems to solve the above problems. In this paper, we first design the EdgeGAN algorithm to make the generative adversarial network fit the model edge example distribution through fuzzing. Then a subset of contaminated examples is identified by examining the MSE values of the new training samples and the original model and checking the F\-β scores of the updated model on the old edge examples. The influence of poisoned examples is suppressed by letting the model learn malicious edge examples, and the model is guaranteed to recover quickly after poisoning. Finally, the effectiveness of the update method on contamination filtering and model restoration is verified by experimental testing on 5 typical intelligent network intrusion detection systems. Compared with the state-of-the-art methods, the new method improves the detection rate of poisoned examples by 12.50% and the restoration effect of poisoned models by 6.38%. The method is applicable to protect the update process of any common intelligent network intrusion detection systems, which can reduce the manual sample screening work, effectively reduce the cost of poison detection and model repair, and provide guarantees for model performance and robustness. The new method can also protect similar intelligent threat detection models.
- network intrusion detection,
- data contamination,
- poisoning attack,
- generative adversarial network,
- edge example

FullText(HTML)

References (0)

[1]	Yu Ruiqi, Zhang Xinyun, Ren Shuang. A Review of Quantum Machine Learning Algorithms Based on Variational Quantum Circuit[J]. Journal of Computer Research and Development, 2025, 62(4): 821-851. DOI: 10.7544/issn1000-1239.202330979
[2]	Qian Luoxiong, Chen Mei, Ma Xueyan, Zhang Chi, Zhang Jinhong. Multi-View Clustering Based on Adaptive Tensor Singular Value Shrinkage[J]. Journal of Computer Research and Development, 2025, 62(3): 733-750. DOI: 10.7544/issn1000-1239.202330785
[3]	Pan Shijie, Gao Fei, Wan Linchun, Qin Sujuan, Wen Qiaoyan. Quantum Algorithm for Spectral Regression[J]. Journal of Computer Research and Development, 2021, 58(9): 1835-1842. DOI: 10.7544/issn1000-1239.2021.20210366
[4]	Yu Runlong, Zhao Hongke, Wang Zhong, Ye Yuyang, Zhang Peining, Liu Qi, Chen Enhong. Negatively Correlated Search with Asymmetry for Real-Parameter Optimization Problems[J]. Journal of Computer Research and Development, 2019, 56(8): 1746-1757. DOI: 10.7544/issn1000-1239.2019.20190198
[5]	Zhang Cheng, Wang Dong, Shen Chuan, Cheng Hong, Chen Lan, Wei Sui. Separable Compressive Imaging Method Based on Singular Value Decomposition[J]. Journal of Computer Research and Development, 2016, 53(12): 2816-2823. DOI: 10.7544/issn1000-1239.2016.20150414
[6]	Ning Xin, Li Weijun, Li Haoguang, Liu Wenjie. Uncorrelated Locality Preserving Discriminant Analysis Based on Bionics[J]. Journal of Computer Research and Development, 2016, 53(11): 2623-2629. DOI: 10.7544/issn1000-1239.2016.20150630
[7]	Zhao Feng, Huang Qingming, Gao Wen. An Image Matching Algorithm Based on Singular Value Decomposition[J]. Journal of Computer Research and Development, 2010, 47(1): 23-32.
[8]	Lin Yuan, Luo Siwei, and Yang Liner. Recommendation-Based Grid Resource Matching Algorithm[J]. Journal of Computer Research and Development, 2009, 46(11): 1814-1820.
[9]	Sun Yong, Wu Bo, and Feng Yanpeng. A Policy-and Value- Iteration Algorithm for POMDP[J]. Journal of Computer Research and Development, 2008, 45(10): 1763-1768.
[10]	Zhang Shihui, Kong Lingfu, and Feng Liang. An Improved Hestenes SVD Method and Its Parallel Computing and Application in Parallel Robot[J]. Journal of Computer Research and Development, 2008, 45(4): 716-724.

Cited By

Cited by

Periodical cited type(2)

1.	李光. 基于区块链技术的建筑工程质量管理策略. 中国建筑装饰装修. 2025(02): 75-77 .
2.	Jing He，Xiaofeng Ma，Dawei Zhang，Feng Peng. Supervised and revocable decentralized identity privacy protection scheme. Security and Safety. 2024(04): 113-135 .