Network Intrusion Detection Systems (IDS) aim to detect the presence of an intruder by analyzing network packets arriving at an internet connected device. Data-driven deep learning systems, popular due to their superior performance compared to traditional IDS, depend on availability of high quality training data for diverse intrusion classes. A way to overcome this limitation is through transferable learning, where training for one intrusion class can lead to detection of unseen intrusion classes after deployment. In this paper, we provide a detailed study on the transferability of intrusion detection. We investigate practical federated learning configurations to enhance the transferability of intrusion detection. We propose two techniques to significantly improve the transferability of a federated intrusion detection system. The code for this work can be found at https://github.com/ghosh64/transferability.

翻译：网络入侵检测系统（IDS）旨在通过分析到达联网设备的网络数据包来检测入侵者的存在。基于数据驱动的深度学习系统因其相较于传统IDS的优越性能而广受欢迎，但其依赖于针对不同入侵类别的高质量训练数据的可用性。克服这一局限的一种方法是通过迁移学习，即针对某一入侵类别的训练可以在部署后实现未知入侵类别的检测。本文对入侵检测的可迁移性进行了详细研究。我们探索了实用的联邦学习配置以增强入侵检测的可迁移性，提出了两种显著提升联邦入侵检测系统可迁移性的技术。本工作的代码可在 https://github.com/ghosh64/transferability 获取。