An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks
Abdullah H Alqahtani
TL;DR
This paper proposes an incremental hybrid adaptive network intrusion detection system for SDN that detects stealth attacks and adapts to changing attacker behaviors using concept drift detection algorithms.
Contribution
It introduces a novel adaptive NIDS that handles concept drift in SDN environments, improving detection of both known and unknown stealth attacks.
Findings
Effective detection of stealth attacks demonstrated
Model adapts to changing attacker behavior
Promising results on multiple datasets
Abstract
Network attacks have became increasingly more sophisticated and stealthy due to the advances in technologies and the growing sophistication of attackers. Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection and be under the defence radar. Software Defined Network (SDN) is a network paradigm that implements dynamic configuration by separating the control plane from the network plane. This approach improves security aspects by facilitating the employment of network intrusion detection systems. Implementing Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. Concept drift is a term that describes the change in the relationship between the input data and the target value (label or class). The model is expected to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Software-Defined Networks and 5G · Smart Grid Security and Resilience