ROBUST NETWORK INTRUSION DETECTION SYSTEM BASED ON MACHINE LEARNING WITH EARLY CLASSIFICATION

Abstract

Network Intrusion Detection Systems (NIDS) that use matching patterns have a serious weakness in that they cannot detect new attacks because they only learn existing patterns and use them to detect this challenge. To solve this problem, machine learning-based NIDS (ML-NIDS) detects anomalies by ML algorithms by analyzing the behavior of the process. However, ML-NIDS learns the characteristics of the attack based on training data, so it is sensitive to attacks that have not yet been trained, as well as a comparative model of machine learning. Therefore, in this study, we analyzed the characteristics of learning using agent properties, showing that the facility has access to the external network of learning material through ML-NIDS. To avoid this, early classification of sessions before they fall outside the detection range of the ML-NIDS training data can prevent ML-NIDS skips. Many experiments confirm that the application can detect the session early (before the session is terminated) and increase the power of existing ML-NIDS. Compared with existing methods, we hope that the proposed method will be used as a solution problem to solve the weaknesses and limitations of existing ML-NIDS, as it can provide a robust distribution and is used on the same data distribution.