Towards Reliable Intrusion Detection in High Speed Networks
Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time in production environments. In such context, detection schemes must be able to detect intrusion attempts at a high network bandwidth, besides having to deal with the lack of realistic training/testing data, changes in network traffic behavior, unreliable classifications over time and adversarial settings. In this work a new intrusion detection model, namely reliable intrusion detection, is introduced, whose main characteristic is the usage of both batch and stream learning algorithms coupled together. The proposed model advances the state- of-the-art in intrusion detection, providing reliable detection even in the presence of network traffic behavior changes and lack of model updates. The work relevance was recognized in the publication of 5 international top-tier journals, 6 international and national conference papers, and 1 registered patent.
CISCO (2017). Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016 – 2021
C. Gates and C. Taylor (2007). “Challenging the Anomaly Detection Paradigm: A Provocative Discussion,” Proc. 2006 Work. New Secur. Paradig., pp. 21–29, 2007.
E. K. Viegas, A. O. Santin, and L. S. Oliveira (2017-1). “Toward a reliable anomaly- based intrusion detection in real-world environments,” Comput. Networks, vol. 127.
E. K. Viegas, A. Santin, V. Abreu, and L. S. Oliveira (2017-2), “Stream learning and anomaly-based intrusion detection in the adversarial settings,” in Proceedings - IEEE Symposium on Computers and Communications.
E. K. Viegas, A. Santin, N. Neves, and A. Bessani (2019). “BigFlow: Real-time and Reliable Anomaly-based Intrusion Detection for High-speed Networks”. in Future Generation Computer System.
E. K. Viegas, A. Santin, N. Neves, A. Bessani, and V. Abreu (2017-3). “A Resilient Stream Learning Intrusion Detection Mechanism for Real-time Analysis of Network Traffic”. In. proc. of IEEE GLOBECOM.
E. K. Viegas, A. Santin, L. S. Oliveira, A. França, R. Jasinki, and V. Pedroni (2018), “A reliable and Energy-Efficient Classifier Combination Scheme for Intrusion Detection in Embedded Systems”. In: Computers & Security
P802.3cd (2017). P802.3cd Standard for Ethernet Amendment. Available at: http://ieeexplore.ieee.org/document/8115318/
R. Sommer and V. Paxson (2010). “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” 2010 IEEE Symp. Secur. Priv., vol. 0, no. May, pp. 305–316.