Host-Based Intrusion Detection Model Using Siamese Network

As cyberattacks become more intelligent, the difficulty increases for traditional intrusion detection systems to detect advanced attacks that deviate from previously stored patterns. To solve this problem, a deep learning-based system model has emerged analyzes intelligent attack patterns through data learning. However, learning models have disadvantage of having re-learn each time new cyberattack method emerges. The required learn large amount is not efficient. In paper, an experiment was conducted using Leipzig Intrusion Detection Data Set (LID-DS), which host-based set released in 2018. addition, order evaluate and improve performance system, consisting pre-processing, vector-to-image processing, training testing steps proposed. steps, Siamese Convolutional Neural Network (Siamese-CNN) constructed few-shot method, shows excellent by small data. Siamese-CNN determines whether type same based on similarity score sample converted image. accuracy calculated technique. Vanilla (Vanilla-CNN) are compared confirm Siamese-CNN. result measuring accuracy, precision, recall, F1-score indicators, it confirmed recall proposed study increased about 6% Vanilla-CNN model.