An Easy-to-use Framework to Build and Operate AI-based Intrusion Detection for In-situ Monitoring

Abstract

With a paradigm shift to untact environments, security threats on the network also have been significantly increasing all over the world. To monitor and detect intrusion attempts under enormous network traffic, Security Operation Center (SOC) essentially exploits various security devices. Above all, Network Intrusion Detection System (NIDS) has been operated in public/private sectors as a spearhead to fight against cyber threats. In particular, state-of-the-art technologies, especially ML and AI, have been being studied to achieve quick and accurate intrusion detection. Despite much effort to guarantee a secure network, however, SOCs are still struggling for overcoming various types of threats as well as attacks of similar form with benign traffic. Even though the advanced techniques may find out a complex and unknown attack, operating and managing them in real-world situations cause counterproductively more pressure to agents in the SOC. In order to solve these difficulties, this study introduces an easy-to-use framework to build intrusion detection models based on AI techniques, as well as to operate them depending on a situation using a graphical user interface. The framework supports generating various types of AI- and ML-based intrusion detection models with optimized parameters by only a few steps. Furthermore, an interactive graphical interface makes it easier to manage detection models according to different threat situations. Finally, the performance of models made by the framework is evaluated in terms of accuracy, especially under the real-world SOC environment with live network traffic.