Intrusion detection technique based on flow aggregation and latent semantic analysis

Abstract

Traditional network intrusion detection systems cannot identify new burgeoning invasive activities due to the inconspicuous features of malicious behaviors and the enormous increase of data transmitted via different devices. For the inconspicuous features, a novel aggregated flow-based inspection is suggested to amplify features of malicious behaviors. With regards to the enormous amount of data, a new data analysis method is introduced for efficiently classifying network traffic in this paper, which utilized the topic model to construct a doc-word matrix from statistical features and then analyzes latent semantic information to determine whether an aggregated flow is malicious. The performance of the proposed technique is evaluated using CIC-IDS2017, UNSW-NB15, and NSL-KDD datasets, with the results indicating that our technique achieves higher performance than other competing methods. Additionally, the ROC curves demonstrate that the proposed technique is capable of accurate classification even at a low sample rate.