A new method for flow-based network intrusion detection using inverse statistical physics
share
Network Intrusion Detection Systems (NIDS) play an important role as tools for identifying potential network threats. In the context of ever-increasing traffic volume on computer networks, flow-based NIDS arise as good solutions for real-time traffic classification. In recent years, different flow-based classifiers have been proposed based on both shallow and deep learning. Nevertheless, these classical machine learning algorithms have some limitations. For instance, they require large amounts of labeled data, which might be difficult to obtain. Additionally, most machine learning models are not general enough to be applied in different contexts. To overcome these limitations, we propose a new flow-based classifier, called Energy-based Flow Classifier (EFC). This anomaly-based classifier uses inverse statistics to infer a model based on labeled benign examples. We show that EFC is capable to accurately perform a two-class flow classification and is resilient to context change. Given the positive results obtained, we consider EFC o be a promising algorithm to perform flow-based traffic classification.
READ FULL TEXT