In many cybersecurity contexts, the real-time detections of hostile actions play a fundamental role in protecting network infrastructures. In this scenario, Intrusion Detection Systems (IDS), based on signature-based or anomaly detection, are widely used to analyze network traffic. The signature-based detection relies on databases of known attack signatures, and anomaly detection is mainly based on Artificial Intelligence (AI) techniques. The latter is promising to detect new kinds of cyberattacks in real time. In this work, we propose ReTiNA-IDS, a framework that integrates the CICFlowmeter tool with Machine Learning techniques to analyze Real-Time network traffic patterns and detect abnormalities that may suggest a possible intrusion. The considered machine learning techniques, random forest and multi-layer network, are based on selected features to enhance efficiency and scalability. To select the features and train the models, we use a version of the public dataset, CSECICI-IDS2018. The framework’s effectiveness has been tested in real-case scenarios by identifying different forms of intrusion. Analyzing the results, we conclude that the proposed solution shows valuable features.
Real-Time Intrusion Detection via Machine Learning Approaches
Murtaj E.;Marcantoni F.;Loreti M.;Quadrini M.;
2024-01-01
Abstract
In many cybersecurity contexts, the real-time detections of hostile actions play a fundamental role in protecting network infrastructures. In this scenario, Intrusion Detection Systems (IDS), based on signature-based or anomaly detection, are widely used to analyze network traffic. The signature-based detection relies on databases of known attack signatures, and anomaly detection is mainly based on Artificial Intelligence (AI) techniques. The latter is promising to detect new kinds of cyberattacks in real time. In this work, we propose ReTiNA-IDS, a framework that integrates the CICFlowmeter tool with Machine Learning techniques to analyze Real-Time network traffic patterns and detect abnormalities that may suggest a possible intrusion. The considered machine learning techniques, random forest and multi-layer network, are based on selected features to enhance efficiency and scalability. To select the features and train the models, we use a version of the public dataset, CSECICI-IDS2018. The framework’s effectiveness has been tested in real-case scenarios by identifying different forms of intrusion. Analyzing the results, we conclude that the proposed solution shows valuable features.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
