Skip to main content
SpringerLink
Log in

Facing the Unknown: A Stream Learning Intrusion Detection System for Reliable Model Updates

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1151))

Abstract

Current machine learning approaches for network-based intrusion detection do not cope with new network traffic behavior, which requires periodic computationally and time-consuming model updates. In light of this limitation, this paper proposes a novel stream learning intrusion detection model that maintains system accuracy, even in the presence of unknown traffic behavior. It also eases the model update process by incrementally incorporating new knowledge into the machine learning model. Experiments performed using a recent realistic dataset of network behaviors have shown that the proposed technique detects potentially unreliable classifications. Moreover, the proposed model can incorporate the new network traffic behavior from model updates to improve the system accuracy while maintaining its reliability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 305–316, May 2010

    Google Scholar 

  2. Abreu, V., Santin, A.O., Viegas, E.K., Stihler, M.: A multi-domain role activation model. In: IEEE International Conference on Communications (ICC), pp. 3–8 (2017)

    Google Scholar 

  3. Viegas, E., Santin, A., Bessan, A., Neves, N.: BigFlow: real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Gener. Comput. Syst. 93, 473–485 (2019)

    Article  Google Scholar 

  4. Gates, C., Taylor, C.: Challenging the anomaly detection paradigm: a provocative discussion. In: Proceedings of the 2006 Workshop New Security Paradigms, pp. 21–29 (2007)

    Google Scholar 

  5. Tavallaee, M., Stakhanova, N., Ghorbani, A.A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. 5, 516–524 (2010)

    Article  Google Scholar 

  6. He, H., Chen, S., Li, K., Xu, X.: Incremental learning from stream data. IEEE Trans. Neural Netw. 22(12), 1901–14 (2011)

    Article  Google Scholar 

  7. Viegas, E., Santin, A., Oliveira, L.: Toward a reliable anomaly-based intrusion detection in real-world environments. Comput. Netw. 27, 200–216 (2017)

    Article  Google Scholar 

  8. Al Tobi, A.M., Duncan, I.: Improving intrusion detection model prediction by threshold adaptation. Information 10, 1–42 (2019)

    Article  Google Scholar 

  9. Singh, P., Venkatesan, M.: Hybrid approach for intrusion detection system. In: Proceedings of the 2018 International Conference on Current Trends Towards Converging Technologies ICCTCT, pp. 1–5 (2018)

    Google Scholar 

  10. Viegas, E., Santin, A.O., Abreu, V., Oliveira, L.S.: Enabling anomaly-based intrusion detection through model generalization. In: IEEE Symposium on Computers and Communications (ISCC), pp. 934–939 (2018)

    Google Scholar 

  11. Peng, K., Leung, V., Huang, Q.: Clustering approach based on mini batch kmeans for intrusion detection system over Big Data. IEEE Access 6, 11897–11906 (2018)

    Article  Google Scholar 

  12. Vicentini, C., Santin, A., Viegas, E., Abreu, V.: SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming. J. Netw. Comput. Appl. 126, 133–149 (2019)

    Article  Google Scholar 

  13. Muallem, A., Shetty, S., Hong, L., Pan, J.: TDDEHT: Threat Detection Using Distributed Ensembles of Hoeffding Trees on streaming cyber datasets. In: Proceedings of the IEEE Military Communications Conference MILCOM, pp. 219–224 (2019)

    Google Scholar 

  14. Viegas, E., Santin, A., Neves, N., Bessani, A., Abreu, V.: A resilient stream learning intrusion detection mechanism for real-time analysis of network traffic. In: IEEE Global Telecommunications Conference GLOBECOM, pp. 978–983 (2017)

    Google Scholar 

  15. MOA. https://moa.cms.waikato.ac.nz/. Accessed 10 Dec 2019

  16. Tan, S.C., Ting, K.M., Liu, T.F.: Fast anomaly detection for streaming data. In: IJCAI International Joint Conference on Artificial Intelligence, vol. 22, no. 1, pp. 1511–1516 (2011)

    Google Scholar 

Download references

Acknowledgments

The authors thank CNPq (Conselho Nacional de Desenvolvimento Científico e Tecnológico) for partial financial support (grant 430972/2018-0 and 315322/2018-7) and the FCT through the LASIGE Research Unit (ref. UIDB/00408/2020).

Author information

Authors and Affiliations

  1. Pontifical Catholic University of Parana (PUCPR), Curitiba, Brazil

    Eduardo K. Viegas, Altair O. Santin & Vilmar Abreu

  2. LASIGE, Faculdade de Ciências, Universidade de Lisboa, Lisbon, Portugal

    Vinicius V. Cogo

Authors
  1. Eduardo K. Viegas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Altair O. Santin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vinicius V. Cogo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vilmar Abreu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eduardo K. Viegas .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Electrical Engineering and Information Technology, University of Naples “Frederico II”, Naples, Italy

    Flora Amato

  3. Department of Political Science, University of Campania “Luigi Vanvitelli”, Caserta, Italy

    Francesco Moscato

  4. Faculty of Business Administration, Rissho University, Tokyo, Japan

    Tomoya Enokido

  5. Department of Advanced Sciences, Faculty of Science and Engineering, Hosei University, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Viegas, E.K., Santin, A.O., Cogo, V.V., Abreu, V. (2020). Facing the Unknown: A Stream Learning Intrusion Detection System for Reliable Model Updates. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_78

Download citation

Publish with us

Policies and ethics

Search

Navigation