A Cross-Domain Intrusion Detection Method Based on Nonlinear Augmented Explicit Features

Abstract

The purpose of Intrusion Detection Systems (IDS) is to identify security issues in data transmitted by various devices and communication protocols. For domains with sparse data, such as the Internet of Things (IoT), cross-domain models are applied to solve the sparse problem by transfer knowledge from the source domain with rich data to the target domain. However, most of the cross-domain intrusion detection methods map different explicit features in the source and target domains to implicit features in a common implicit space, which weakens the interpretability of these methods. To enhance the interpretability of cross-domain models, we propose a Cross-Domain Intrusion Detection Method Based on Nonlinear Augmented Explicit Features (NAEF). Specifically, we augment the feature space of the source and target domains as the combination of shared features, source domain specific features and target domain specific features. Moreover, we model the nonlinear mapping relationship from shared features to special features in the source and target domains separately. Then, the original features in the source and target domains are mapped to uniform explicit features in the augmented space by migration of the nonlinear mapping relationship. Additionally, a classifier based on ensemble learning and attention mechanism balances the data distribution and selects important features to enhance detection performance. Our experimental results demonstrate the effectiveness of the proposed NAEF method on four public datasets.