L-IDS: A Lifelong Learning Approach for Intrusion Detection

Intrusion detection systems (IDS) represent a class of defensive security tools with the purpose of protecting the network from intruders in the network administrator's arsenal. Despite the high precision of traditional signature-based IDS, its effectiveness is still under question due to the growth of a number of encrypted attacks and the volume of network traffic. This is considered one of the main motivations for researchers to develop anomaly-based IDS, which usually suffer from a higher false positive rate. In this paper, we propose and implement a lifelong-learning anomaly detection IDS (L-IDS) with the capability of the network environment's adaption to limit the false positive rate of anomaly detector in the range of signature-based IDS. We consider Snort as a baseline and UNSW-NB15 as the ground truth in the evaluation of our proposal. We demonstrate how L-IDS achieves a higher level of precision in comparison with the existing signature-based IDS.