A Grassmannian Approach to Zero-Shot Learning for Network Intrusion Detection
This addresses network intrusion detection for cybersecurity by enabling detection of new attack classes without labeled examples, though it is incremental as it adapts an existing method to a new domain.
The paper tackles the problem of detecting new network attacks with insufficient labeled data by proposing a zero-shot learning approach using Grassmann manifold distances, achieving successful results on KDD Cup 99 and NSL-KDD datasets.
One of the main problems in Network Intrusion Detection comes from constant rise of new attacks, so that not enough labeled examples are available for the new classes of attacks. Traditional Machine Learning approaches hardly address such problem. This can be overcome with Zero-Shot Learning, a new approach in the field of Computer Vision, which can be described in two stages: the Attribute Learning and the Inference Stage. The goal of this paper is to propose a new Inference Stage algorithm for Network Intrusion Detection. In order to attain this objective, we firstly put forward an experimental setup for the evaluation of the Zero-Shot Learning in Network Intrusion Detection related tasks. Secondly, a decision tree based algorithm is applied to extract rules for generating the attributes in the AL stage. Finally, using a representation of a Zero-Shot Class as a point in the Grassmann manifold, an explicit formula for the shortest distance between points in that manifold can be used to compute the geodesic distance between the Zero-Shot Classes which represent the new attacks and the Known Classes corresponding to the attack categories. The experimental results in the datasets KDD Cup 99 and NSL-KDD show that our approach with Zero-Shot Learning successfully addresses the Network Intrusion Detection problem.