A Novel Concept drift based Real time intrusion detection and Post intrusion detection using Ensemble learning model

Abstract

As the size of the network traffic is increasing day-by-day, traditional network Intrusion Detection Systems (IDS) are difficult to predict the pre-attack detection on LAN networks due to complex change in packet behavior. Packet capturing, filtering and attack detection are the three essential steps in network anomaly detection (NAD) process to predict the packet behavior using Machine Learning (ML) techniques. Most of the traditional ML approaches such as support vector regression, multi-class Bayesian, Random forest, Adaboost etc. are used to classify the network anomaly patterns on limited training samples and feature space.  Also, a large number of traditional statistical measures such as entropy, concept drift, correlation, control charts, etc. are used to detect the network anomalies in real-time using the bounded limits. The main limitations in these statistical measures are, first, difficult to approximate the exact bounds in the complex network traffic; second, these measures require user defined threshold to change the initialization parameters; andfinally, these measure are applicable to limited network traces with pre-defined attack signatures.

In order to overcome these problems, a novel pre and post attack based NAD model has been proposed as well as developed over real-time n/ws. In this model, a novel statistical pre-attack detection technique and a hybrid ensemble learning technique are implemented on real-time network data. An ensemble learning technique is implemented on the training network traces to predict the future packet behavior with high true positive rate. As per the experimental results, the better model is the proposed anomaly detection model than the traditional ones in terms of attack detection accuracy, mean squared error rate and runtime.