A Long-Lasting Reinforcement Learning Intrusion Detection Model

Abstract

Several works have proposed highly accurate network-based intrusion detection schemes through machine learning techniques. However, they are unable to address changes in network traffic behavior over time. Authors often assume periodic model updates, but without taking into account the challenges they entail. This paper proposes a long-lasting reinforcement learning model for intrusion detection that withstands long periods without model updates. Our proposal builds machine learning models through reinforcement learning to keep their accuracy for longer periods. Then, we cope it with a verification technique to ensure that only reliable classifications are accepted over time. Experiments performed using a dataset spanning a year of real network traffic, composed of 10 TB of data, show that the technique we propose remains reliable for ten months without model updates. Additionally, our proposal increases its accuracy when coped with the verification technique.