Deep reinforcement learning voor het detecteren van netwerkintrusies

Student:Ruben Peeters
Richting:Master of Science in de industriƫle wetenschappen: informatica
Abstract (Eng):

In the current age of information and technology, cyber attacks are more prevalent than ever and the consequences of these attacks is growing exponentially. To combat this, many solutions like a network intrusion detection system have been proposed. However, many implementations of such a system cannot detect zero-day attacks and only perform well in their respective training environments. To combat both problems, deep reinforcement learning is proposed and which types of reinforcement learning perform best on such problems is researched. Furthermore, the influence of upgrades that boost the performance of reinforcement learning models in their usual use-case are analyzed and combined, to see if their positive effect seeps through to the domain of classification problems. Lastly, we attempt to analyze the generalization of the implemented models. After analyzing the results for on- and off-policy models, as well as upgrades to deep Q networks, it is deduced that deep reinforcement learning can in fact be used for classification problems. In the context of identical-dataset performance the on-policy algorithm, advantage actor critic, performs better on an implementation without normalization layers and off-policy deep Q networks are preferred in a more traditional implementation with normalization layers. When evaluating generalization, it becomes clear that the on-policy architecture has significantly better performance than the off-policy architecture. The separate upgrades to DQN do not translate into beneficial performance for identical-dataset analysis nor for generalization, however, when combined they have a positive effect for both cases.