“BigFlow: Real-time and Reliable Anomaly-based Intrusion Detection for High-Speed Networks”
Revision as of 08:57, 19 July 2019 by Nuno
Future Generation Computer Systems, vol. 93, pp. 473–485, Apr. 2019.
Abstract: Existing machine learning solutions for networkbased intrusion detection cannot maintain their reliability over time when facing high-speed networks and evolving attacks. In this paper, we propose BigFlow, an approach capable of processing evolving network traffic while being scalable to large packet rates. BigFlow employs a verification method that checks if the classifier outcome is valid in order to provide reliability. If a suspicious packet is found, an expert may help BigFlow to incrementally change the classification model. Experiments with BigFlow, over a network traffic dataset spanning a full year, demonstrate that it can maintain high accuracy over time. It requires as little as 4% of storage and between 0.05% and 4% of training time, compared with other approaches. BigFlow is scalable, coping with a 10-Gbps network bandwidth in a 40-core cluster commodity hardware.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)