Abstract
Traditional network-based intrusion detection sys-tems using deep packet inspection are not feasible for modern high-speed networks due to slow processing and inability to read encrypted packet content. As an alternative to packet-based intrusion detection, researchers have focused on flow-based intrusion detection techniques. Flow-based intrusion detection systems analyze IP flow records for attack detection. IP flow records contain summarized traffic information. However, flow data is very large in high-speed networks and cannot be processed in real-time by the intrusion detection system. In this paper, an efficient multi-stage model for intrusion detection using IP flows records is proposed. The first stage in the model classifies the traffic as normal or malicious. The malicious flows are further analyzed by a second stage. The second stage associates an attack type with malicious IP flows. The proposed multi-stage model is efficient because the majority of IP flows are discarded in the first stage and only malicious flows are examined in detail. We also describe the implementation of our model using machine learning techniques.
Highlights
Network-based Intrusion detection system (NIDS) analyze network traffic to detect malicious activities
Traditional approaches for intrusion detection scan the complete packet content. This method is termed as deep packet inspection (DPI) [18]
We suggest the use of one and multi-class classification technique for first and second stage intrusion detection processes respectively
Summary
Network-based Intrusion detection system (NIDS) analyze network traffic to detect malicious activities. The IP flow records contain aggregate packet information and describe the network traffic in a summarized form. The extraction of flow records from the network consists of two processes; flow export and flow collection [20]. The process of transferring flow records between the flow exporter and collector is defined by a flow export and collection protocol. We suggest the use of one and multi-class classification technique for first and second stage intrusion detection processes respectively. Our future work will include a rigorous evaluation of different one-class and multi-class techniques for flow-based intrusion detection. The best performing classification technique will be combined in a multi-stage model for a comprehensive flowbased intrusion detection framework. The multi-stage model will be evaluated on various flow-based intrusion datasets to obtain the performance results.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
