Real-time network intrusion detection using deferred decision and hybrid classifier

Abstract

The network intrusion detection system needs to detect intrusions in real-time without delay when an intrusion is attempted. To this end, various approaches, such as packet-based classifiers and session-based classifiers, have been developed, but there is a limitation in effectively reducing the detection delay. This study proposes a packet-based machine-learning model with a deferred decision and a single packet integration classifier with cumulative features based on this model to solve this problem fundamentally. A hybrid classifier that uses packet-based features and session-based features was combined to develop a new machine-learning-based network intrusion detection system. Unlike conventional methods, the proposed method could achieve very high detection accuracy and detect intrusions in real-time by minimizing the detection delay. In addition, it reached very high scalability, so it is easy to support high traffic rates and high concurrent session capacity. The performance was compared with various existing methods on various datasets. Through this, the superiority of the proposed method was proven. Overall, the current network can be protected more securely and quickly by applying the proposed method.