OOD-Robust Boosting Tree for Intrusion Detection Systems

Out-of-distribution (OOD) detection is indispensable to security applications because they are deployed in the real world, and therefore, often face zero-day attacks. Training machine learning-based applications in an i.i.d. setting, which assumes that training and test distributions are identical,...

Full description

Saved in:
Bibliographic Details
Main Authors: Koda, Satoru, Morikawa, Ikuya
Format: Conference Proceeding
Language:English
Subjects:
Boosting
Forestry
Gradient Boosting
Intrusion detection
Neural networks
Open-Set Recognition
Out-of-Distribution
Robustness
Tabular Data
Training
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Out-of-distribution (OOD) detection is indispensable to security applications because they are deployed in the real world, and therefore, often face zero-day attacks. Training machine learning-based applications in an i.i.d. setting, which assumes that training and test distributions are identical, brings vulnerability to OOD samples. This paper discusses OOD sample detection in a multi-class classification on tabular data. This aspect has not been fully discussed in the literature, but tabular data are commonly analyzed in security applications. A challenging issue for OOD detection in a multi-class classification is that classifiers often make overly confident prediction on OOD samples and thus fail to detecting them. To address this issue, we designed (i) a tree-based OOD data generation approach and (ii) a training strategy for gradient boosting tree-based classifiers to increase the robustness against OOD samples. In our experiments, our OOD-robust boosting tree and ten prior arts are evaluated on eight tabular datasets, including three intrusion detection system (IDS) datasets. Our proposed method improves OOD detection performance, when measured by the true positive rates, from 58.21% to 71.48%, while maintaining classification performance. We also demonstrate case studies on the vulnerability of security applications to unseen attacks through the experiments on the IDS datasets.
ISSN:2161-4407
DOI:10.1109/IJCNN54540.2023.10191603