IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

A network intrusion detection system is critical for cyber security against illegitimate attacks. In terms of feature perspectives, the network traffic may include a variety of elements such as attack reference, attack type, a sub-category of attack, host information, malicious scripts, etc. In terms of network perspectives, network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic. It is challenging to identify a specific attack due to complex features and data imbalance issues. To address these issues, this paper proposed an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic (IDS-INT). IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data. First, detailed information about each type of attack is gathered from network interaction descriptions, which include network nodes, attack type, reference, host information, etc. Second, the transformer-based transfer learning approach is developed to learn the detailed feature representation using their semantic anchors. Third, the Synthetic Minority Oversampling Technique (SMOTE) is implemented to balance abnormal traffic and detect minority attacks. Fourth, the Convolution Neural Network (CNN) model is designed to extract deep features from the balanced network traffic. Finally, the hybrid approach of the CNN-Long Short-Term Memory (CNN-LSTM) model is developed to detect different types of attacks from the deep features. Detailed experiments are conducted to test the proposed approach using three standard datasets, i.e., UNSW-NB15, CIC-IDS2017, and NSL-KDD. An explainable AI approach is implemented to interpret the proposed method and develop the trustable model.