LAUSR

Smart community networks bring great comfort and convenience for people, but also increase security risks of exposing system vulnerabilities and private data to network intruders. This problem has become more prominent as the ever-increasing zero-day attacks which may escape the existing intrusion detection system (IDS) through unknown vulnerabilities. In this article, to keep up with the continuous change of attacks, we conceive an evolvable IDS (EIDS), where the detection model is incrementally updated to turn newfound “unknown” attacks into “known” attacks. In order to discover zero-day attacks, we develop an open-set intrusion detection model based on discriminative auto-encoder. Since the geographically dispersed detectors may suffer from different attack variants, we propose a federated incremental learning based model update method to aggregate the knowledge from different detectors and update the detection model incrementally, which avoids the cumbersome model retraining. To the best of our knowledge, there are rarely few studies considering the federated incremental update of the distributed intrusion detection models. In this way, the “detecting-learning-updating” process forms an evolution cycle, which enables the EIDS to evolve in an autonomous manner. Finally, the experiments conducted on three public datasets demonstrate that EIDS can conduct open-set intrusion detection with an accuracy over 0.86 and significantly reduce over 90 percent of the model update time compared to the centralized model retraining.