An incremental intrusion detection system using a new semi‐supervised stream classification method

Fakhroddin Noorbehbahani, Ali Fanian, Seyed Rasoul Mousavi, Homa Hasannejad

    Research output: Contribution to journalArticlepeer-review

    31 Citations (Scopus)

    Abstract

    In recent years, the utilization of machine learning and data mining techniques for intrusion detection has received great attention by both security research communities and intrusion detection system (IDS) developers. In intrusion detection, the most important constraints are the imbalanced class distribution, the scarcity of the labeled data, and the massive amounts of network flows. Moreover, because of the dynamic nature of the network flows, applying static learned models degrades the detection performance significantly over time. In this article, we propose a new semi‐supervised stream classification method for intrusion detection, which is capable of incremental updating using limited labeled data. The proposed method, called the incremental semi‐supervised flow network‐based IDS (ISF‐NIDS), relies on an incremental mixed‐data clustering, a new supervised cluster adjustment method, and an instance‐based learning. The ISF‐NIDS operates in real time and learns new intrusions quickly using limited storage and processing power. The experimental results on the KDD99, Moore, and Sperotto benchmark datasets indicate the superiority of the proposed method compared with the existing state‐of‐the‐art incremental IDSs.
    Original languageEnglish
    Article numbere3002
    JournalInternational Journal of Communication Systems
    Volume30
    Issue number4
    Early online date19 Jun 2015
    DOIs
    Publication statusPublished - 23 Jan 2017

    Keywords

    • Intrusion detection
    • Incremental learning
    • Imbalanced data
    • Stream classification
    • Semi-supervised Learning

    Fingerprint

    Dive into the research topics of 'An incremental intrusion detection system using a new semi‐supervised stream classification method'. Together they form a unique fingerprint.

    Cite this