Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks (2404.01109v1)

Published 1 Apr 2024 in cs.CR and cs.AI

Abstract: Network attacks have became increasingly more sophisticated and stealthy due to the advances in technologies and the growing sophistication of attackers. Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection and be under the defence radar. Software Defined Network (SDN) is a network paradigm that implements dynamic configuration by separating the control plane from the network plane. This approach improves security aspects by facilitating the employment of network intrusion detection systems. Implementing Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. Concept drift is a term that describes the change in the relationship between the input data and the target value (label or class). The model is expected to degrade as certain forms of change occur. In this paper, the primary form of change will be in user behaviour (particularly changes in attacker behaviour). It is essential for a model to adapt itself to deviations in data distribution. SDN can help in monitoring changes in data distribution. This paper discusses changes in stealth attacker behaviour. The work described here investigates various concept drift detection algorithms. An incremental hybrid adaptive Network Intrusion Detection System (NIDS) is proposed to tackle the issue of concept drift in SDN. It can detect known and unknown attacks. The model is evaluated over different datasets showing promising results.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. “Machine learning based intrusion detection system for software defined networks” In 2017 seventh international conference on emerging security technologies (EST), 2017, pp. 138–143 IEEE
  2. “Flow-based intrusion detection system for SDN” In 2017 IEEE Symposium on Computers and Communications (ISCC), 2017, pp. 787–793 IEEE
  3. Abdullah H Alqahtani and John A Clark “Detecting Stealthy Scans in SDN using a Hybrid Intrusion Detection System” In WRIT – Workshop on Research for Insider Threats, 2022 ACSAC 2022
  4. Abdullah H Alqahtani and John A Clark “Enhanced Scanning in SDN Networks and its Detection using Machine Learning” In 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), 2022, pp. 188–197 IEEE
  5. “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities” In IEEE Communications Surveys & Tutorials 21.2 IEEE, 2019, pp. 1851–1877
  6. “A Network Intrusion Detection System for Concept Drifting Network Traffic Data” In International Conference on Discovery Science, 2021, pp. 111–121 Springer
  7. “APT-SDNdataset” In GitHub URL: https://github.com/APT-SDNdataset
  8. “Early drift detection method” In Fourth international workshop on knowledge discovery from data streams 6, 2006, pp. 77–86
  9. “Learning from time-changing data with adaptive windowing” In Proceedings of the 2007 SIAM international conference on data mining, 2007, pp. 443–448 SIAM
  10. Leo Breiman “Random forests” In Machine learning 45 Springer, 2001, pp. 5–32
  11. Li Bu, Cesare Alippi and Dongbin Zhao “A pdf-free change detection test based on density difference estimation” In IEEE transactions on neural networks and learning systems 29.2 IEEE, 2016, pp. 324–334
  12. Li Bu, Dongbin Zhao and Cesare Alippi “An incremental change detection test based on density difference estimation” In IEEE Transactions on Systems, Man, and Cybernetics: Systems 47.10 IEEE, 2017, pp. 2714–2726
  13. Varun Chandola, Arindam Banerjee and Vipin Kumar “Anomaly detection: A survey” In ACM computing surveys (CSUR) 41.3 ACM New York, NY, USA, 2009, pp. 1–58
  14. “Combining similarity in time and space for training set formation under concept drift” In Intelligent Data Analysis URL: https://sites.google.com/site/zliobaite/resources-1
  15. “An information-theoretic approach to detecting changes in multi-dimensional data streams” In In Proc. Symp. on the Interface of Statistics, Computing Science, and Applications, 2006 Citeseer
  16. Mahmoud Said Elsayed, Nhien-An Le-Khac and Anca D Jurcut “InSDN: A novel SDN intrusion dataset” In IEEE Access 8 IEEE, 2020, pp. 165263–165284
  17. “Feature importances with a forest of trees” In RandomForestClassifier URL: https://scikit-learn.org/stable/auto_examples/ensemble/plot_forest_importances.html
  18. “Online and non-parametric drift detection methods based on Hoeffding’s bounds” In IEEE Transactions on Knowledge and Data Engineering 27.3 IEEE, 2014, pp. 810–823
  19. “Learning with drift detection” In Brazilian symposium on artificial intelligence, 2004, pp. 286–295 Springer
  20. “A survey on concept drift adaptation” In ACM computing surveys (CSUR) 46.4 ACM New York, NY, USA, 2014, pp. 1–37
  21. Thomas Girdler and Vassilios G Vassilakis “Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses” In Computers & Electrical Engineering 90 Elsevier, 2021, pp. 106990
  22. “Adaptive random forests for evolving data stream classification” In Machine Learning 106.9 Springer, 2017, pp. 1469–1495
  23. “Concept drift detection based on equal density estimation” In 2016 International Joint Conference on Neural Networks (IJCNN), 2016, pp. 24–30 IEEE
  24. “Protecting the Internet of vehicles against advanced persistent threats: a bayesian Stackelberg game” In IEEE Transactions on Reliability 70.3 IEEE, 2021, pp. 970–985
  25. Pedro Horchulhack, Eduardo K Viegas and Martin Andreoni Lopez “A Stream Learning Intrusion Detection System for Concept Drifting Network Traffic” In 2022 6th Cyber Security in Networking Conference (CSNet), 2022, pp. 1–7 IEEE
  26. “KDD Cup 1999 Data” In KDD Cup 1999 Data URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  27. Daniel Kifer, Shai Ben-David and Johannes Gehrke “Detecting change in data streams” In VLDB 4, 2004, pp. 180–191 Toronto, Canada
  28. “Software-defined networking: A comprehensive survey” In Proceedings of the IEEE 103.1 Ieee, 2014, pp. 14–76
  29. “Regional concept drift detection and density synchronized drift adaptation” In IJCAI International Joint Conference on Artificial Intelligence, 2017
  30. “Learning under concept drift: A review” In IEEE Transactions on Knowledge and Data Engineering 31.12 IEEE, 2018, pp. 2346–2363
  31. Ning Lu, Guangquan Zhang and Jie Lu “Concept drift detection via competence models” In Artificial Intelligence 209 Elsevier, 2014, pp. 11–28
  32. “A concept drift-tolerant case-base editing technique” In Artificial Intelligence 230 Elsevier, 2016, pp. 108–133
  33. Nathan Martindale, Muhammad Ismail and Douglas A Talbert “Ensemble-based online machine learning algorithms for network intrusion detection systems using streaming data” In Information 11.6 MDPI, 2020, pp. 315
  34. “Adaptive Ensemble Learning with Concept Drift Detection for Intrusion Detection” In Data Engineering and Intelligent Computing Springer, 2021, pp. 331–339
  35. “DAPT 2020-constructing a benchmark dataset for advanced persistent threats” In International Workshop on Deployable Machine Learning for Security Defense, 2020, pp. 138–163 Springer
  36. “NSL-KDD dataset” In NSL-KDD dataset URL: http://www.unb.ca/cic/datasets/nsl.html
  37. “ntrusion Detection Evaluation Dataset (CIC-IDS2017)” In UNB dataset URL: https://www.unb.ca/cic/datasets/ids-2017.html
  38. S Priya and R Annie Uthra “Deep learning framework for handling concept drift and class imbalanced complex decision-making on streaming data” In Complex & Intelligent Systems Springer, 2021, pp. 1–17
  39. “A pca-based change detection framework for multidimensional data streams: Change detection in multidimensional data streams” In Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2015, pp. 935–944
  40. Christoph Raab, Moritz Heusinger and Frank-Michael Schleif “Reactive soft prototype computing for concept drift streams” In Neurocomputing 416 Elsevier, 2020, pp. 340–351
  41. “A stochastic approximation method” In The annals of mathematical statistics JSTOR, 1951, pp. 400–407
  42. Roger R Santos, Eduardo K Viegas and Altair O Santin “Improving intrusion detection confidence through a moving target defense strategy” In 2021 IEEE Global Communications Conference (GLOBECOM), 2021, pp. 1–6 IEEE
  43. Junming Shao, Zahra Ahmadi and Stefan Kramer “Prototype-based learning on concept-drifting data streams” In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, 2014, pp. 412–421
  44. “Statistical change detection for multi-dimensional data” In Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, 2007, pp. 667–676
  45. “SPAM E-mail Database” https://cse.usf.edu/ lohall/dm/UCIarff/spambase.arff, 2023
  46. “StandardScaler” In StandardScaler URL: https://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.StandardScaler.html
  47. “Stochastic Gradient Descent” In SGDOneClassSVM URL: https://scikit-learn.org/stable/modules/sgd.html
  48. “Survey on SDN based network intrusion detection system using machine learning approaches” In Peer-to-Peer Networking and Applications 12.2 Springer, 2019, pp. 493–501
  49. Imtiaz Ullah and Qusay H Mahmoud “A scheme for generating a dataset for anomalous activity detection in iot networks” In Advances in Artificial Intelligence: 33rd Canadian Conference on Artificial Intelligence, Canadian AI 2020, Ottawa, ON, Canada, May 13–15, 2020, Proceedings 33, 2020, pp. 508–520 Springer
  50. “A lightweight concept drift detection and adaptation framework for IoT data streams” In IEEE Internet of Things Magazine 4.2 IEEE, 2021, pp. 96–101
  51. “A concept drift based ensemble incremental learning approach for intrusion detection” In 2018 IEEE international conference on internet of things (IThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData), 2018, pp. 350–357 IEEE

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now