Enhancing Intrusion Detection Systems through Adaptive Learning and Deep Learning Integration
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
The objective of this paper is to design an adaptive intrusion detection system that combines Signature Based Intrusion Detection System (SNIDS) and machine learning/deep learning techniques to enhance the anomaly detection.The rapid advancement of digital technology has fueled an unprecedented growth in computer networks, which has played a vital role in fostering social and economic development. These networks have become indispensable across critical sectors and within leading multinational corporations. However, the number of security threats targeting computer networks has increased significantly over the past decade, becoming increasingly audacious and pervasive. The networks display significant heterogeneity and are subjected to a relentless stream of diverse and evolving attacks, emphasizing the necessity for an adaptive IDS system capable of adjusting to new and changing network environments.In this study, we propose a Adaptive hybrid NIDS designed to detect cyber attacks in an heterogeneous attack environment. Our NIDS framework leverages the adaptive learning techniques used along with the signature base IDS and machine learning based IDS to detect unknown attacks. Various machine learning models, including LSTM, CNN, MLP, and Decision Tree are used in this adaptive system. Our hybrid Network intrusion detection model is based on Snort-3 as the SNIDS, which provides high efficiency and better prediction results. The network baseline includes the set of benign traffic patterns and self generated datasets using Metasploit and Scapy. Our study compares the results of models trained on CICIDS2017 dataset and the generated dataset. The generated dataset provides better flexibility and performance in real-time setup due to the use of Zeek-flowmeter instead of CICFlowmeter. To detect real-time dynamic traffic attacks, a dashboard integrated with SNIDS and ML/DL-based IDS is developed. This dashboard is subsequently utilized to assess the Adaptive NIDS in a real-time dynamic network environment.
