Robust and Explainable Divide-and-Conquer Learning for Intrusion Detection
For practitioners deploying intrusion detection on resource-constrained devices, this method offers a practical trade-off between accuracy, model size, and explainability.
The paper presents a correlation-aware divide-and-conquer learning technique for intrusion detection that decomposes complex problems into subtasks, enabling lightweight models like decision trees to achieve up to 43.3% higher local accuracy and 257x model size reduction on real-world datasets, while improving adversarial robustness and explainability.
Machine learning-based intrusion detection requires complex models to capture patterns in high-dimensional, noisy, and class-imbalanced raw network traffic, yet deploying such models remains impractical on resource-constrained devices with limited processing power and memory. In this paper, we present a correlation-aware divide-and-conquer learning technique that decomposes a complex learning problem into smaller, more manageable subproblems. This enables lightweight models as simple as decision trees to be trained on focused subtasks, yielding up to 43.3% higher local accuracy and up to 257 times reduction in model size on real-world network intrusion detection datasets, while also improving adversarial robustness and explainability.