TY - JOUR
T1 - Consolidating Packet-Level Features for Effective Network Intrusion Detection
T2 - A Novel Session-Level Approach
AU - Miyamoto, Kohei
AU - Iida, Masazumi
AU - Han, Chansu
AU - Ban, Tao
AU - Takahashi, Takeshi
AU - Takeuchi, Jun'Ichi
N1 - Publisher Copyright:
©2023 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
PY - 2023
Y1 - 2023
N2 - Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.
AB - Network Intrusion Detection Systems (NIDSs) are crucial tools for ensuring cyber security. Recently, machine learning-based NIDSs have gained popularity due to their ability to adapt to various anomalies. To enable machine learning techniques, packet-level features have been proposed for packet-level classification, but this approach may generate an excessive number of security alerts and reduce performance due to irrelevant packets. To address these limitations, this paper proposes a session-level classification approach that consolidates packet-level classification outputs to identify anomalous sessions. The effectiveness of the proposed approach is demonstrated by a prototype system. Experiments on a publicly available benchmark dataset demonstrate the high performance of proposed approach achieving F1-measure exceeding 98%. It also shows that even when we used only a few packets in head parts of each session to obtain session-level predictions, the high F1-measure still could be achieved. This result implies that the proposed approach is also efficient in terms of the number of packets to be processed. These results highlight the promising potential of the proposed approach for adaptive network intrusion detection.
UR - http://www.scopus.com/inward/record.url?scp=85178059601&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85178059601&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2023.3335600
DO - 10.1109/ACCESS.2023.3335600
M3 - Article
AN - SCOPUS:85178059601
SN - 2169-3536
VL - 11
SP - 132792
EP - 132810
JO - IEEE Access
JF - IEEE Access
ER -