Abstract
Cybercrime is growing at a rapid pace, and its techniques are becoming more sophisticated. In order to actively cope with such threats, new approaches based on machine learning and requiring less administrator intervention have been proposed, but there are still many technical difficulties in detecting security attacks in real time. To solve this problem, we propose a new machine learning-based real-time intrusion detection algorithm. Unlike the existing approaches, the one proposed can detect the presence of an attack every time a packet is received, enabling real-time detection. In addition, our algorithm effectively reduces the system load, which may significantly increase from real-time detection, compared to non-real-time detection. In the algorithm, the increase in the number of memory accesses can be minimized (to below 30 %) compared to conventional methods. Since the proposed method is pure software-based approach, it has excellent scalability and flexibility against various attacks. Therefore, the proposed method cannot support the high classification performance of the hardware-based method but also the high flexibility of the software-based method simultaneously, it can effectively detect and prevent various cyber-attacks.
Highlights
N ETWORK speed is increasing day by day, and at the same time, the rate of cybercrimes is increasing rapidly [1]
The most important advantage of our approach is that it can improve the performance of machine learning-based intrusion detection systems in close to real time
In order to calculate the performance of the PACKET-BASED EARLY DETECTORS (PED) and the HYBRID LAZY DETECTOR (HLD)-S based on the threshold value, the classification for each class is calculated in advance according to threshold values that are increased at a certain step size
Summary
N ETWORK speed is increasing day by day, and at the same time, the rate of cybercrimes is increasing rapidly [1]. Pak et al.: Hybrid classification for high-speed and high-accuracy network intrusion detection systems slow machine learning algorithms Because of this limitation, today’s machine learning-based security systems only monitor statistical characteristic values for each session, instead of detecting per-packet attacks, and they just determine whether a network attack exists after the session ends [3]–[8]. It shows almost the same system load, compared to the existing session-based approaches Due to this unique characteristic, unlike the existing methods, the proposed algorithm can detect attacks in real time. It is software-based, it can provide very high performance, compared to the existing session-based approaches, and high flexibility and high scalability provided only by the softwarebased method Such merits are the most important characteristics needed to increase network security.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
