Browsing by Author "Alotaibi, Fahad Mastor T"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    ItemRestricted
    Mitigating Distribution Shift and Label Noise in Deep Neural Network Based Network Intrusion Detection Systems
    (Saudi Digital Library, 2026) Alotaibi, Fahad Mastor T; Maffeis, Sergio
    Deep Neural Network (DNN)-based Network Intrusion Detection Systems (NIDS) have shown strong performance on offline benchmarks under controlled conditions. However, real-world deployment remains challenging. This thesis focuses on two key challenges: (i) distribution shift, in which benign traffic evolves and attackers continuously devise new strategies; and (ii) label noise, arising from imperfect automated labelling of large volumes of network traffic. To address these challenges, the thesis first provides a critical literature review and develops a structured taxonomy of techniques for handling distribution shift in NIDS and label noise in both NIDS and malware datasets. Building on these insights, it introduces three frameworks. Mateen adapts one-class anomaly detection to evolving benign traffic by combining selective labelling with an ensemble-based mechanism that identifies and responds to shifts with minimal manual effort. Rasd extends multi-class NIDS to detect and integrate newly emerging attack classes, substantially reducing labelling costs through strategic selection of a small, informative, and diverse subset. SLB mitigates label noise by partitioning the dataset into clean and noisy sets and iteratively refining both the model and the labels. Each framework is evaluated extensively across multiple datasets and compared with state-of-the-art baselines. Mateen improves the anomaly-detection F1 score by 4.13% under a light-shift scenario (CICIDS2017) and by 72.6% under an extreme-shift scenario (Kitsune). Rasd increases the novel class detection F1 score by 6.83% on CICIDS2017 and by 19.21% on CSE-CIC-IDS2018. SLB reduces the noise rate in CICIDS2017 (with 30% injected random noise) to below 1.2% and outperforms the vanilla baseline by 11.83% in macro F1. This thesis serves as a reference for researchers and practitioners in cyber security and artificial intelligence. Beyond its literature review and taxonomy, it contributes three frameworks that collectively enhance the robustness of DNN-based NIDS, achieving state-of-the-art results on the evaluated benchmarks.
    10 0

Copyright owned by the Saudi Digital Library (SDL) © 2026