A Novel Lightweight NIDS Framework for Detecting Anomalous Data Traffic in Contemporary Networks

Abstract

Network Intrusion Detection Systems (NIDSs) have been proposed in the literature as security tools for detecting anomalous and intrusive network data traffic. However, the existing NIDS frameworks are computation-intensive, thereby making them unsuitable for deployment in resource-constrained networks with limited computational capabilities. This paper aims to address this issue by proposing computationally efficient NIDS framework for detecting anomalous data traffic in resource-constrained networks. The proposed NIDS framework uses an ensemble-based classifier model comprising multiple classifiers, which enables it to achieve high accuracy and detection rate across a wide range of low-footprint and stealth network attacks. The proposed framework also uses feature scaling and dimensionality reduction techniques to minimize the overall computational overhead. The proposed framework consists of two stages. In the first stage, four distinct base-level classifiers are utilized. The classification probabilities of the first stage are used in the modified meta-level classifier. The modified meta-level classifier is trained on the class probabilities of the base-level classifiers combined using a novel proposed probability function. The performance of the proposed NIDS framework is evaluated on a proprietary testbed dataset and two benchmark datasets namely CICIDS-2017 and UNSW-NB15. The results reveal that the proposed NIDS framework provides better performance than the existing NIDS frameworks in terms of false positive rate, despite using a significantly lower number of input features for its analysis.