Abstract:
Changes in network traffic behavior over time are neglected by authors who use machine learning techniques applied to intrusion detection. In general, it is assumed that ...View moreMetadata
Abstract:
Changes in network traffic behavior over time are neglected by authors who use machine learning techniques applied to intrusion detection. In general, it is assumed that periodic model updates are performed, regardless of the challenges related to such a task. This paper proposes a new multi-view intrusion detection model capable of reliably performing model updates without human assistance while also maintaining its accuracy over time. The proposal evaluates the classification’s confidence values in a multi-view configuration to maintain its reliability over time, even without model updates. Besides, it is able to perform model updates autonomously, according to the result of the multi-view classification. Our experiments, performed with 7TB of real network traffic over a 2-year interval, show that our proposed scheme can maintain its accuracy over time without model updates, rejecting only 14.2% of its classification. However, when autonomous model updates are performed, the rejection rate drops to just 8.8%, while also improving the model’s accuracy by 4.3%.
Date of Conference: 14-23 June 2021
Date Added to IEEE Xplore: 06 August 2021
ISBN Information: