“BigFlow: Real-time and Reliable Anomaly-based Intrusion Detection for High-Speed Networks”

From Navigators

Revision as of 08:57, 19 July 2019 by Nuno (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Eduardo Viegas, Altair Santin, Alysson Bessani, Nuno Ferreira Neves

Future Generation Computer Systems, vol. 93, pp. 473–485, Apr. 2019.

Abstract: Existing machine learning solutions for networkbased intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper, we propose BigFlow, an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method that checks if the classifier outcome is valid in order to provide reliability. If a suspicious packet is found, an expert may help BigFlow to incrementally change the classification model. Experiments with BigFlow, over a network traffic dataset spanning a full year, demonstrate that it can maintain high accuracy over time. It requires as little as 4% of storage and between 0.05% and 4% of training time, compared with other approaches. BigFlow is scalable, coping with a 10-Gbps network bandwidth in a 40-core cluster commodity hardware.

Export citation



Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox