Meta-Learning–Driven Intrusion Detection for Zero-Day Attack Adaptation in Cloud-Native Networks

Zero-day attacks are a very critical factor to cloud-native networks because they are evolving in nature, dynamic load, and highly distributed networks. Conventional intrusion detection systems (IDS) whose models are built on a fixed set of rules or under the watch of a supervised learning model find it difficult to generalize new attack patterns and changing traffic patterns which happen very fast. The article presents a Meta-Learning-Based Intrusion Detection Framework that is intended to allow adapting to zero-day attacks in cloud-native applications quickly. The given method is based on Model-Agnostic Meta-Learning (MAML) combined with deep neural network classifiers to acquire transferable representations with respect to a wide range of attack conditions. The features are container-level, network-flow, and system-call-based features, which are extracted out of cloud-native workloads on Kubernetes-based infrastructure. In meta-training, the model is presented with several attack tasks so that it is exposed to new, unseen attacks with little labeled samples. Hybrid dataset that is comprised of CICIDS2017, UNSW-NB15, and artificially created traces of zero-day attacks is used to evaluate the experiment. The proposed model attains a mean detecting precision of 96.8, F1-score of 0.964 and 21 percent faster detection speed than the traditional deep learning-based IDS models. The performances have shown better conformability, lower false positives and better strength in the face of concept drift. The results uphold that meta-learning is one of the most effective strategies in strengthening the resistance of zero-day attacks, and thus the suggested framework is ideal in the intrusion detection process of elastic cloud-native networks in real-time.