Rasd is a framework designed for semantic shift detection and adaptation in learning-based multi-class network intrusion detection systems. It comprises two main components:
- Utilizes a centroid-based loss function to detect shifts.
- Selects a representative subset of detected shift samples, approximating the entire distribution.
- Manually labels this subset to train a Pseudo-Labeler, which is then used to pseudo-label the remaining unselected samples.
For further details, please refer to the main paper.
Before running Rasd, ensure you have the necessary dependencies installed. These dependencies are listed in the 'requirements.txt' file. You can install them using the following command:
pip install -r requirements.txtHere is the content of 'requirements.txt':
torch==2.0.1
numpy==1.25.0
pandas==1.5.3
scipy==1.10.1
sklearn==1.2.2
deap==1.4
optuna==3.2.0
tqdm==4.65.0
You can download the pre-trained models and the processed data from the following link:
The contents of the download are as follows:
RasdData.zip: Contains the processed data.RasdModels.zip: Contains the pre-trained models.
Download and extract these files into the main directory of Rasd (i.e., Rasd/). This will ensure that the data and models are properly organized and ready for use.
To utilize Rasd with our settings, please follow these steps to set up the required datasets and run the framework.
First, download the datasets as mentioned in the Models and Data section. Ensure that the files are organized in the following directories:
data/CICIDS2017/for IDS2017data/CICIDS2018/for IDS2018
You can directly download and unzip the datasets into the main directory of Rasd (i.e., Rasd/).
To run Rasd, use the following command:
python Main.pyYou can customize the execution using various command-line options:
Switch between datasets using the '--dataset_name' option.
Example:
python Main.py --dataset_name "CICIDS2017"Options
"CICIDS2017" and "CICIDS2018"Set the detection thresholds using the '--acceptance_err' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07Options
0.01, 0.02, 0.03, 0.04, 0.05, 0.06, 0.07, 0.08, 0.09, and 0.1Use pre-trained models or train new models using the '--train_mode' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07 --train_mode "pre-train"Options
"pre-train" and "train-new"Select the operation mode (detection only or detection & adaptation) using the '--Mode' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07 --train_mode "pre-train" --Mode "Detection"Options
"Detection" and "Both"Choose the detection method using the '--Detection_Method' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07 --train_mode "pre-train" --Mode "Detection" --Detection_Method "Rasd"Options
"Rasd", "LSL", and "CADE"Set the selection rate for building a subset for manual labeling using the '--selection_rate' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07 --train_mode "pre-train" --Mode "Detection" --Detection_Method "Rasd" --selection_rate 0.05Options
0.01, 0.02, 0.03, 0.04, and 0.05Set the batch size for splitting the pool of detected samples using the '--selection_batch_size' option.
Example:
python Main.py --dataset_name "CICIDS2017" --acceptance_err 0.07 --train_mode "pre-train" --Mode "Detection" --Detection_Method "Rasd" --selection_rate 0.05 --selection_batch_size 3000Options
3000, 2000, and 1000@inproceedings{alotaibi24rasd,
title={Rasd: Semantic Shift Detection and Adaptation for Network Intrusion Detection},
author={Alotaibi, Fahad and Maffeis, Sergio},
booktitle={the 39th International Conference on ICT Systems Security and Privacy Protection (SEC 2024)},
pages={16--30},
year={2024},
organization={Springer}
}
If you have any questions or need further assistance, please feel free to reach out to me at any time:
- Email:
f.alotaibi21@imperial.ac.uk - Alternate Email:
fahadalkarshmi@gmail.com