Transformer-Based Approach for Intrusion Detection System

Abstract

Intrusion Detection Systems (IDS) have been used for years to protect enterprise hosts from cyberattacks. Traditional IDSs are usually based on simple methods, such as signatures or heuristics, that do not adapt to reactions against new threats that are constantly increasing. The objective of this paper is to develop an IDS based on a deep learning technique which is transformers. Unlike conventional models and thanks to their self-attention mechanism, transformers are characterized by an excellent ability to support complex patterns by very accurately modeling the context in sequential data. A host-based dataset containing system logs and network activities is used to train the transformer model that forms the core of the developed IDS. A detailed evaluation is used to compare our approach against existing methods based on machine learning and deep learning, showing significant improvements in precision, recall, and false positive rate. These results are very encouraging for developing robust IDSs that can be fine-tuned in real time to take into account new attacks