BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks
| Autor: | Nuno Neves, Eduardo Viegas, Altair Olivo Santin, Alysson Bessani |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Computer Networks and Communications
Hardware and Architecture Computer science Network packet Scalability Real-time computing 0202 electrical engineering electronic engineering information engineering 020206 networking & telecommunications 020201 artificial intelligence & image processing 02 engineering and technology Intrusion detection system Classifier (UML) Software |
| Zdroj: | Future Generation Computer Systems |
| ISSN: | 0167-739X |
| Popis: | Existing machine learning solutions for network-based intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper, we propose BigFlow, an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method that checks if the classifier outcome is valid in order to provide reliability. If a suspicious packet is found, an expert may help BigFlow to incrementally change the classification model. Experiments with BigFlow, over a network traffic dataset spanning a full year, demonstrate that it can maintain high accuracy over time. It requires as little as 4% of storage and between 0.05% and 4% of training time, compared with other approaches. BigFlow is scalable, coping with a 10-Gbps network bandwidth in a 40-core cluster commodity hardware. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect