Advanced search
2 files | 3.01 MB Add to list

A novel multi-stage approach for hierarchical intrusion detection

Author
Organization
Abstract
An intrusion detection system (IDS), traditionally an example of an effective security monitoring system, is facing significant challenges due to the ongoing digitization of our modern society. The growing number and variety of connected devices are not only causing a continuous emergence of new threats that are not recognized by existing systems, but the amount of data to be monitored is also exceeding the capabilities of a single system. This raises the need for a scalable IDS capable of detecting unknown, zero-day, attacks. In this paper, a novel multi-stage approach for hierarchical intrusion detection is proposed. The proposed approach is validated on the public benchmark datasets, CIC-IDS-2017 and CSE-CIC-IDS-2018. Results demonstrate that our proposed approach besides effective and robust zero-day detection, outperforms both the baseline and existing approaches, achieving high classification performance, up to 96% balanced accuracy. Additionally, the proposed approach is easily adaptable without any retraining and takes advantage of n-tier deployments to reduce bandwidth and computational requirements while preserving privacy constraints. The best-performing models with a balanced set of thresholds correctly classified 87% or 41 out of 47 zero-day attacks, while reducing the bandwidth requirements up to 69%.
Keywords
Intrusion detection, binary classification, multi-class classification, multi-stage detection, hierarchical architecture, EXTREME LEARNING-MACHINE, SUPPORT VECTOR MACHINE, SYSTEM

Downloads

  • (...).pdf
    • full text (Published version)
    • |
    • UGent only
    • |
    • PDF
    • |
    • 1.77 MB
  • 8284 acc.pdf
    • full text (Accepted manuscript)
    • |
    • open access
    • |
    • PDF
    • |
    • 1.23 MB

Citation

Please use this url to cite or link to this publication:

MLA
Verkerken, Miel, et al. “A Novel Multi-Stage Approach for Hierarchical Intrusion Detection.” IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, vol. 20, no. 3, 2023, pp. 3915–29, doi:10.1109/TNSM.2023.3259474.
APA
Verkerken, M., D’hooge, L., Sudyana, D., Lin, Y.-D., Wauters, T., Volckaert, B., & De Turck, F. (2023). A novel multi-stage approach for hierarchical intrusion detection. IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 20(3), 3915–3929. https://doi.org/10.1109/TNSM.2023.3259474
Chicago author-date
Verkerken, Miel, Laurens D’hooge, Didik Sudyana, Ying-Dar Lin, Tim Wauters, Bruno Volckaert, and Filip De Turck. 2023. “A Novel Multi-Stage Approach for Hierarchical Intrusion Detection.” IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT 20 (3): 3915–29. https://doi.org/10.1109/TNSM.2023.3259474.
Chicago author-date (all authors)
Verkerken, Miel, Laurens D’hooge, Didik Sudyana, Ying-Dar Lin, Tim Wauters, Bruno Volckaert, and Filip De Turck. 2023. “A Novel Multi-Stage Approach for Hierarchical Intrusion Detection.” IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT 20 (3): 3915–3929. doi:10.1109/TNSM.2023.3259474.
Vancouver
1.
Verkerken M, D’hooge L, Sudyana D, Lin Y-D, Wauters T, Volckaert B, et al. A novel multi-stage approach for hierarchical intrusion detection. IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT. 2023;20(3):3915–29.
IEEE
[1]
M. Verkerken et al., “A novel multi-stage approach for hierarchical intrusion detection,” IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, vol. 20, no. 3, pp. 3915–3929, 2023.
@article{01HM6EF3YEGPSVY8PEJXQ701M5,
  abstract     = {{An intrusion detection system (IDS), traditionally an example of an effective security monitoring system, is facing significant challenges due to the ongoing digitization of our modern society. The growing number and variety of connected devices are not only causing a continuous emergence of new threats that are not recognized by existing systems, but the amount of data to be monitored is also exceeding the capabilities of a single system. This raises the need for a scalable IDS capable of detecting unknown, zero-day, attacks. In this paper, a novel multi-stage approach for hierarchical intrusion detection is proposed. The proposed approach is validated on the public benchmark datasets, CIC-IDS-2017 and CSE-CIC-IDS-2018. Results demonstrate that our proposed approach besides effective and robust zero-day detection, outperforms both the baseline and existing approaches, achieving high classification performance, up to 96% balanced accuracy. Additionally, the proposed approach is easily adaptable without any retraining and takes advantage of n-tier deployments to reduce bandwidth and computational requirements while preserving privacy constraints. The best-performing models with a balanced set of thresholds correctly classified 87% or 41 out of 47 zero-day attacks, while reducing the bandwidth requirements up to 69%.}},
  author       = {{Verkerken, Miel and D'hooge, Laurens and Sudyana, Didik and  Lin, Ying-Dar and Wauters, Tim and Volckaert, Bruno and De Turck, Filip}},
  issn         = {{1932-4537}},
  journal      = {{IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT}},
  keywords     = {{Intrusion detection,binary classification,multi-class classification,multi-stage detection,hierarchical architecture,EXTREME LEARNING-MACHINE,SUPPORT VECTOR MACHINE,SYSTEM}},
  language     = {{eng}},
  number       = {{3}},
  pages        = {{3915--3929}},
  title        = {{A novel multi-stage approach for hierarchical intrusion detection}},
  url          = {{http://doi.org/10.1109/TNSM.2023.3259474}},
  volume       = {{20}},
  year         = {{2023}},
}

Altmetric
View in Altmetric
Web of Science
Times cited: