← All Projects
Project Deployed

ThreatEvolve: Continual Learning for Emerging Attack Classes

An intrusion-detection model that incorporates new attack categories over time using elastic weight consolidation, without retraining from scratch.

Overview

ThreatEvolve simulates a NIDS deployment that must learn to detect newly emerging attack types across sequential "task" phases, using elastic weight consolidation (EWC) to protect previously learned attack signatures from catastrophic forgetting.

Architecture

A shared feature extractor with a growing classification head; EWC penalty terms computed from a Fisher information estimate constrain updates to parameters important for earlier tasks as new attack classes are introduced.

Client / Edge
Model Pipeline
Output / API

Tech Stack

PyTorch Avalanche CIC-IDS2018 Docker

Screenshots

Screenshot 1
Screenshot 2

Lessons Learned

EWC alone was insufficient once more than four sequential tasks were introduced — forgetting crept back in; adding a small rehearsal buffer of past-attack samples alongside EWC closed most of the remaining gap.

ls -la ./related-projects/