Abstract
Current machine learning approaches for network-based intrusion detection do not cope with new network traffic behavior, which requires periodic computationally and time-consuming model updates. In light of this limitation, this paper proposes a novel stream learning intrusion detection model that maintains system accuracy, even in the presence of unknown traffic behavior. It also eases the model update process by incrementally incorporating new knowledge into the machine learning model. Experiments performed using a recent realistic dataset of network behaviors have shown that the proposed technique detects potentially unreliable classifications. Moreover, the proposed model can incorporate the new network traffic behavior from model updates to improve the system accuracy while maintaining its reliability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 305–316, May 2010
Abreu, V., Santin, A.O., Viegas, E.K., Stihler, M.: A multi-domain role activation model. In: IEEE International Conference on Communications (ICC), pp. 3–8 (2017)
Viegas, E., Santin, A., Bessan, A., Neves, N.: BigFlow: real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Gener. Comput. Syst. 93, 473–485 (2019)
Gates, C., Taylor, C.: Challenging the anomaly detection paradigm: a provocative discussion. In: Proceedings of the 2006 Workshop New Security Paradigms, pp. 21–29 (2007)
Tavallaee, M., Stakhanova, N., Ghorbani, A.A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. 5, 516–524 (2010)
He, H., Chen, S., Li, K., Xu, X.: Incremental learning from stream data. IEEE Trans. Neural Netw. 22(12), 1901–14 (2011)
Viegas, E., Santin, A., Oliveira, L.: Toward a reliable anomaly-based intrusion detection in real-world environments. Comput. Netw. 27, 200–216 (2017)
Al Tobi, A.M., Duncan, I.: Improving intrusion detection model prediction by threshold adaptation. Information 10, 1–42 (2019)
Singh, P., Venkatesan, M.: Hybrid approach for intrusion detection system. In: Proceedings of the 2018 International Conference on Current Trends Towards Converging Technologies ICCTCT, pp. 1–5 (2018)
Viegas, E., Santin, A.O., Abreu, V., Oliveira, L.S.: Enabling anomaly-based intrusion detection through model generalization. In: IEEE Symposium on Computers and Communications (ISCC), pp. 934–939 (2018)
Peng, K., Leung, V., Huang, Q.: Clustering approach based on mini batch kmeans for intrusion detection system over Big Data. IEEE Access 6, 11897–11906 (2018)
Vicentini, C., Santin, A., Viegas, E., Abreu, V.: SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming. J. Netw. Comput. Appl. 126, 133–149 (2019)
Muallem, A., Shetty, S., Hong, L., Pan, J.: TDDEHT: Threat Detection Using Distributed Ensembles of Hoeffding Trees on streaming cyber datasets. In: Proceedings of the IEEE Military Communications Conference MILCOM, pp. 219–224 (2019)
Viegas, E., Santin, A., Neves, N., Bessani, A., Abreu, V.: A resilient stream learning intrusion detection mechanism for real-time analysis of network traffic. In: IEEE Global Telecommunications Conference GLOBECOM, pp. 978–983 (2017)
MOA. https://moa.cms.waikato.ac.nz/. Accessed 10 Dec 2019
Tan, S.C., Ting, K.M., Liu, T.F.: Fast anomaly detection for streaming data. In: IJCAI International Joint Conference on Artificial Intelligence, vol. 22, no. 1, pp. 1511–1516 (2011)
Acknowledgments
The authors thank CNPq (Conselho Nacional de Desenvolvimento Científico e Tecnológico) for partial financial support (grant 430972/2018-0 and 315322/2018-7) and the FCT through the LASIGE Research Unit (ref. UIDB/00408/2020).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Viegas, E.K., Santin, A.O., Cogo, V.V., Abreu, V. (2020). Facing the Unknown: A Stream Learning Intrusion Detection System for Reliable Model Updates. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_78
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_78
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)