Intrusion Detection Systems (IDS) play a crucial role in ensuring the security of computer networks. Machine learning has emerged as a popular approach for intrusion detection due to its ability to analyze and detect patterns in large volumes of data. However, current ML-based IDS solutions often struggle to keep pace with the ever-changing nature of attack patterns and the emergence of new attack types. Additionally, these solutions face challenges related to class imbalance, where the number of instances belonging to different classes (normal and intrusions) is significantly imbalanced, which hinders their ability to effectively detect minor classes. In this paper, we propose a novel multi-agent reinforcement learning (RL) architecture, enabling automatic, efficient, and robust network intrusion detection. To enhance the capabilities of the proposed model, we have improved the DQN algorithm by implementing the weighted mean square loss function and employing cost-sensitive learning techniques. Our solution introduces a resilient architecture designed to accommodate the addition of new attacks and effectively adapt to changes in existing attack patterns. Experimental results realized using CIC-IDS-2017 dataset, demonstrate that our approach can effectively handle the class imbalance problem and provide a fine grained classification of attacks with a very low false positive rate. In comparison to the current state-of-the-art works, our solution demonstrates a significant superiority in both detection rate and false positive rate.

翻译：入侵检测系统（IDS）在确保计算机网络安全性方面发挥着关键作用。机器学习因其能够分析和检测海量数据中的模式，已成为入侵检测的主流方法。然而，当前基于机器学习的入侵检测解决方案往往难以适应攻击模式不断变化的特性以及新型攻击类型的出现。此外，这些解决方案还面临着类别不平衡问题的挑战，即不同类别（正常流量与入侵行为）的样本数量严重失衡，这阻碍了模型有效检测少数类别的能力。本文提出一种新颖的多智能体强化学习架构，能够实现自动化、高效且鲁棒的网络入侵检测。为增强所提模型的性能，我们通过实现加权均方损失函数并采用代价敏感学习技术，对DQN算法进行了改进。我们的解决方案引入了一种弹性架构，旨在适应新增攻击类型并有效应对现有攻击模式的变化。基于CIC-IDS-2017数据集实现的实验结果表明，该方法能有效处理类别不平衡问题，并以极低的误报率提供细粒度的攻击分类。与当前最先进的研究成果相比，我们的解决方案在检测率和误报率方面均展现出显著优势。