AI-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysis

Abstract

Current intrusion detection systems, which rely on signature-based detection using rules derived from the inspection of past traffic flows and their signatures, are incapable of detecting new types of attacks. They also face challenges from large-scale traffic networks when deployed in the inline mode. This paper presents the SAID method combining signature-based and AI-powered deep analysis, called PAID, controllable by a flow sensing strategy for accelerating the intrusion detection in large-scale networks. PAID is designed as a parallel ensemble learning of DNN, XGB, and GBM to boost the deep analysis in terms of speed and quality. In order to enhance the performance of PAID, we also propose a method to augment the quality of the training dataset by compressing samples in the majority classes and generating more realistic samples in minority classes. Moreover, SAID includes a flow sensing strategy based on a configurable sampling cycle and window for analyzing the large-scale traffic network. Well-known datasets, such as CSE-CIC-IDS2018 and NSL-KDD, are used to demonstrate the performance of PAID. Our deep experiments prove that PAID obtains the same remarkable precision and F1-score of 99.97% and 99.69%, respectively. It also outperforms the other recent methods, and the typical PAID-based inspection time per flow (i.e., 4.89μs/flow) is fast enough to detect and prevent intrusions in real-time for large-scale networks.