ThreatEvolve: Continual Learning for Emerging Attack Classes
An intrusion-detection model that incorporates new attack categories over time using elastic weight consolidation, without retraining from scratch.
Overview
ThreatEvolve simulates a NIDS deployment that must learn to detect newly emerging attack types across sequential "task" phases, using elastic weight consolidation (EWC) to protect previously learned attack signatures from catastrophic forgetting.
Architecture
A shared feature extractor with a growing classification head; EWC penalty terms computed from a Fisher information estimate constrain updates to parameters important for earlier tasks as new attack classes are introduced.
Tech Stack
Screenshots
Lessons Learned
EWC alone was insufficient once more than four sequential tasks were introduced — forgetting crept back in; adding a small rehearsal buffer of past-attack samples alongside EWC closed most of the remaining gap.
ls -la ./related-projects/
Edge-NIDS: On-Device Intrusion Detection for IoT
A quantized CNN intrusion-detection model deployed to an ARM Cortex-M microcontroller for real-time IoT traffic monitoring without cloud connectivity.
FedDiagnose: Cross-Hospital Federated Diagnostic Modeling
A simulated multi-hospital federated learning platform for chest X-ray classification, keeping patient imaging data local to each institution.
ReproBench: Automated Paper Reproduction Scorecard
A tooling suite that runs reproduced model checkpoints against held-out benchmarks and auto-generates a comparison scorecard against reported paper results.