AWC‐NIDS: Attack‐wise customized network intrusion detection system using machine learning, concurrency, and distributed systems

Abstract

SummaryWith digitization and modern network applications, information security has gained a tremendous importance. Therefore, accurate and efficient detection systems are crucial for maintaining proactive security in computer networks. Machine learning (ML) has shown great potential as a promising solution since it can teach a machine to distinguish malicious and normal network activities. However, recently proposed methods are suffering from at least one of the following: detection accuracy, false alarm rate, and computational complexity issues. The main reason behind this problem is the complexity of the model in terms of attack types. From the ML perspective, intrusion detection is a classification problem where each attack type is identified by a set of different features, and features are used for classifying network activities. Thus, training an ML algorithm to detect more than one attack type leads to a more complex model; the increasing number of used features contributes positively to the model complexity, and may result in relatively lower detection accuracy or a higher false positive rate. To tackle this problem, this study proposes an attack‐wise customized network intrusion detection system (AWC‐NIDS) based on ML, concurrency, and distributed systems to achieve accurate and efficient network‐wide intrusion detection. Since CICIDS2017 contains many modern attacks, it was used for model development and performance evaluation. The experimental results showed that the proposed methodology achieved high classification performance for all datasets with a small number of features. However, it was observed that the lowest accuracy was achieved for the comprehensive dataset (which contains all attack types); for the single attack‐type datasets, the obtained accuracy was above 99%. This finding proves the concept of attack‐wise customization for intrusion detection and shows the significance of the proposed methodology. In conclusion, this framework is promising for implementing robust and accurate cybersecurity systems for traditional and modern networking.