Full Program
Summary:
Network intrusion detection remains a critical challenge in cybersecurity. While supervised machine learning models achieve state-of-the-art performance their reliance on large labelled datasets makes them impractical for many real-world applications. Anomaly detection methods which train exclusively on benign traffic to identify malicious activity suffer from high false positive rates limiting their usability. Recently self-supervised learning techniques have demonstrated improved performance with lower false positive rates by learning discriminative latent representations of benign traffic. In particular contrastive self-supervised models achieve this by minimising the distance between similar (positive) views of benign traffic while maximising it between dissimilar (negative) views. Existing approaches generate positive views through data augmentation and treat other samples as negatives. In contrast this work introduces a novel paradigm for network intrusion detection where augmented samples are treated as negative views—representing potentially malicious distributions—while other benign samples serve as positive views. This change results improved performance and efficiency.Author(s):
Jack Wilkie
University of Strathclyde
United Kingdom
Hanan Hindy
Ain Shams University
Egypt
Christos Tachtatzis
University of Strathclyde
United Kingdom
Robert Atkinson
University of Strathclyde
United Kingdom