Abstract
A network intrusion detection system (NIDS) is an important technology for cyber security. Recently, machine learning based NIDSs are being actively researched as various machine learning techniques are proposed. However, existing NIDSs have limitation in terms of generality because they have been designed based on specific characteristics obtained from analyzing some partial datasets. Moreover, in reality, the NIDS datasets have a significantly imbalanced ratio between normal and abnormal data. It causes the minority class problem, which needs to be addressed for developing robust and reliable NIDSs working in various environments. This paper proposes a novel technique using service-aware dataset partitioning, which provides high scalability to handle huge and rapidly growing network data flexibly, and helps the classifier to improve the classification performance in terms of accuracy and speed. We evaluated our approach with the Kyoto2016 dataset, which is a well-known dataset for highly imbalanced data, using various classification algorithms and parameters for achieving the best performance and compared it with existing state-of-the-art approaches. Our experimental results indicated that our approach can classify network traffics rapidly and accurately with huge imbalanced datasets. We conclude that it can relieve serious existing issues of imbalanced datasets for modern machine learning based NIDS solutions.
Highlights
Network intrusion detection system (NIDS) is a core technology in modern networks that detects anomaly activities on the network by analyzing traffics
Various machine learning techniques have been used for implementing an NIDS, such as random forest (RF) and decision tree (DT), which is simple but has high classification performance, or a deep neural network (DNN), which has been actively researched recently due to the growth of neural network (NN) technology
This paper proposes a novel anomaly detection-based NIDS that is robust against these problems
Summary
Network intrusion detection system (NIDS) is a core technology in modern networks that detects anomaly activities on the network by analyzing traffics. Various machine learning techniques have been used for implementing an NIDS, such as random forest (RF) and decision tree (DT), which is simple but has high classification performance, or a deep neural network (DNN), which has been actively researched recently due to the growth of neural network (NN) technology. These methods have three critical issues to be used in NIDSs as follows. We develop a service-aware partitioning algorithm to process the growing network data with high efficiency This unique partitioning algorithm boosts classification accuracy and speed, and can sustain almost the same performance regardless of the various and dynamic network attacks.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
