The paper proposes an incremental hybrid adaptive network-based intrusion detection system (IDS) to detect known and unknown stealthy attacks in Software Defined Networks (SDNs). The key aspects are:
The system combines a signature-based detection module using Adaptive Random Forest (ARF) and an anomaly-based detection module using Adaptive One-Class SVM. This hybrid approach improves detection of both known and unknown attacks.
The system adapts incrementally to changes in data distribution (concept drift) caused by evolving attacker behavior. It employs drift detection techniques, such as ADWIN and kdq-tree, to monitor concept drift and update the detection models accordingly.
Experiments are conducted on various datasets, including APT-based, SDN-based, and traditional attack datasets, to evaluate the system's performance in detecting stealthy and evolving attacks while adapting to concept drift. The results show the proposed model achieves high accuracy, recall, precision, and F1-score in detecting attacks and adapting to changes in attacker behavior.
The adoption of drift detection and response strategies helps the system maintain high performance even when the data distribution changes over time, which is crucial for detecting stealthy Advanced Persistent Threats (APTs) that may intentionally alter their behavior to evade detection.
他の言語に翻訳
原文コンテンツから
arxiv.org
深掘り質問