Abstract
In this paper, we present a new approach to NIDS deployment based on machine learning. This new approach is based on detecting attackers by analyzing the relationship between computers over time. The basic idea that we rely on is that the behaviors of attackers’ computers are different from those of other computers, because the timings and durations of their connections are different and therefore easy to detect. This approach does not analyze each network packet statistically. It analyzes, over a period of time, all traffic to obtain temporal behaviors and to determine if the IP is an attacker instead of that packet. IP behavior analysis reduces drastically the number of alerts generated. Our approach collects all interactions between computers, transforms them into time series, classifies them, and assembles them into a complex temporal behavioral network. This process results in the complex characteristics of each computer that allow us to detect which are the attackers’ addresses. To reduce the computational efforts of previous approaches, we propose to use visibility graphs instead of other time series classification methods, based on signal processing techniques. This new approach, in contrast to previous approaches, uses visibility graphs and reduces the computational time for time series classification. However, the accuracy of the model is maintained.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
