TY - JOUR
T1 - A Novel Multi-Stage Approach for Hierarchical Intrusion Detection
AU - Verkerken, Miel
AU - D'Hooge, Laurens
AU - Sudyana, Didik
AU - Lin, Ying Dar
AU - Wauters, Tim
AU - Volckaert, Bruno
AU - De Turck, Filip
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2023/9/1
Y1 - 2023/9/1
N2 - An intrusion detection system (IDS), traditionally an example of an effective security monitoring system, is facing significant challenges due to the ongoing digitization of our modern society. The growing number and variety of connected devices are not only causing a continuous emergence of new threats that are not recognized by existing systems, but the amount of data to be monitored is also exceeding the capabilities of a single system. This raises the need for a scalable IDS capable of detecting unknown, zero-day, attacks. In this paper, a novel multi-stage approach for hierarchical intrusion detection is proposed. The proposed approach is validated on the public benchmark datasets, CIC-IDS-2017 and CSE-CIC-IDS-2018. Results demonstrate that our proposed approach besides effective and robust zero-day detection, outperforms both the baseline and existing approaches, achieving high classification performance, up to 96% balanced accuracy. Additionally, the proposed approach is easily adaptable without any retraining and takes advantage of n-tier deployments to reduce bandwidth and computational requirements while preserving privacy constraints. The best-performing models with a balanced set of thresholds correctly classified 87% or 41 out of 47 zero-day attacks, while reducing the bandwidth requirements up to 69%.
AB - An intrusion detection system (IDS), traditionally an example of an effective security monitoring system, is facing significant challenges due to the ongoing digitization of our modern society. The growing number and variety of connected devices are not only causing a continuous emergence of new threats that are not recognized by existing systems, but the amount of data to be monitored is also exceeding the capabilities of a single system. This raises the need for a scalable IDS capable of detecting unknown, zero-day, attacks. In this paper, a novel multi-stage approach for hierarchical intrusion detection is proposed. The proposed approach is validated on the public benchmark datasets, CIC-IDS-2017 and CSE-CIC-IDS-2018. Results demonstrate that our proposed approach besides effective and robust zero-day detection, outperforms both the baseline and existing approaches, achieving high classification performance, up to 96% balanced accuracy. Additionally, the proposed approach is easily adaptable without any retraining and takes advantage of n-tier deployments to reduce bandwidth and computational requirements while preserving privacy constraints. The best-performing models with a balanced set of thresholds correctly classified 87% or 41 out of 47 zero-day attacks, while reducing the bandwidth requirements up to 69%.
KW - Intrusion detection
KW - binary classification
KW - hierarchical architecture
KW - multi-class classification
KW - multi-stage detection
UR - http://www.scopus.com/inward/record.url?scp=85151505083&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2023.3259474
DO - 10.1109/TNSM.2023.3259474
M3 - Article
AN - SCOPUS:85151505083
SN - 1932-4537
VL - 20
SP - 3915
EP - 3929
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 3
ER -