A Quantitative Logarithmic Transformation-Based Intrusion Detection System
Intrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in b...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2023-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10050849/ |
| _version_ | 1811160929538146304 |
|---|---|
| author | Blue Lan Ta-Chun Lo Rico Wei Heng-Yu Tang Ce-Kuen Shieh |
| author_facet | Blue Lan Ta-Chun Lo Rico Wei Heng-Yu Tang Ce-Kuen Shieh |
| author_sort | Blue Lan |
| collection | DOAJ |
| description | Intrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in both the pretraining stage and the online detection process itself. Accordingly, this study proposes a quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) that uses a straightforward statistical approach to analyze network behavior. Compared with machine-learning or deep-learning-based IDS methods, the proposed system requires neither a time-consuming and expensive data collection and training process, nor a GPU-included device to achieve a real-time detection performance. Furthermore, the system can deal not only with North-South attacks, but also East-West attacks, which pose a significant risk in real-world operations. The effectiveness of the proposed system is evaluated for both real-world campus network traffic and simulated traffic. The results confirm that QLT-IDS is able to detect a wide range of malicious attacks with a high precision, even under high down-sampling rate of the NetFlow records. |
| first_indexed | 2024-04-10T06:06:03Z |
| format | Article |
| id | doaj.art-4d9ea775889348b89ce64a0749ee33de |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-10T06:06:03Z |
| publishDate | 2023-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-4d9ea775889348b89ce64a0749ee33de2023-03-03T00:01:24ZengIEEEIEEE Access2169-35362023-01-0111203512036410.1109/ACCESS.2023.324826110050849A Quantitative Logarithmic Transformation-Based Intrusion Detection SystemBlue Lan0Ta-Chun Lo1https://orcid.org/0000-0001-6067-9068Rico Wei2Heng-Yu Tang3Ce-Kuen Shieh4https://orcid.org/0000-0003-3828-9113Curelan Technology Company Ltd., Kaohsiung, TaiwanDepartment of Electrical Engineering, National Cheng Kung University, Tainan, TaiwanCurelan Technology Company Ltd., Kaohsiung, TaiwanCurelan Technology Company Ltd., Kaohsiung, TaiwanDepartment of Electrical Engineering, National Cheng Kung University, Tainan, TaiwanIntrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in both the pretraining stage and the online detection process itself. Accordingly, this study proposes a quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) that uses a straightforward statistical approach to analyze network behavior. Compared with machine-learning or deep-learning-based IDS methods, the proposed system requires neither a time-consuming and expensive data collection and training process, nor a GPU-included device to achieve a real-time detection performance. Furthermore, the system can deal not only with North-South attacks, but also East-West attacks, which pose a significant risk in real-world operations. The effectiveness of the proposed system is evaluated for both real-world campus network traffic and simulated traffic. The results confirm that QLT-IDS is able to detect a wide range of malicious attacks with a high precision, even under high down-sampling rate of the NetFlow records.https://ieeexplore.ieee.org/document/10050849/NIDSNetFlownetwork security |
| spellingShingle | Blue Lan Ta-Chun Lo Rico Wei Heng-Yu Tang Ce-Kuen Shieh A Quantitative Logarithmic Transformation-Based Intrusion Detection System IEEE Access NIDS NetFlow network security |
| title | A Quantitative Logarithmic Transformation-Based Intrusion Detection System |
| title_full | A Quantitative Logarithmic Transformation-Based Intrusion Detection System |
| title_fullStr | A Quantitative Logarithmic Transformation-Based Intrusion Detection System |
| title_full_unstemmed | A Quantitative Logarithmic Transformation-Based Intrusion Detection System |
| title_short | A Quantitative Logarithmic Transformation-Based Intrusion Detection System |
| title_sort | quantitative logarithmic transformation based intrusion detection system |
| topic | NIDS NetFlow network security |
| url | https://ieeexplore.ieee.org/document/10050849/ |
| work_keys_str_mv | AT bluelan aquantitativelogarithmictransformationbasedintrusiondetectionsystem AT tachunlo aquantitativelogarithmictransformationbasedintrusiondetectionsystem AT ricowei aquantitativelogarithmictransformationbasedintrusiondetectionsystem AT hengyutang aquantitativelogarithmictransformationbasedintrusiondetectionsystem AT cekuenshieh aquantitativelogarithmictransformationbasedintrusiondetectionsystem AT bluelan quantitativelogarithmictransformationbasedintrusiondetectionsystem AT tachunlo quantitativelogarithmictransformationbasedintrusiondetectionsystem AT ricowei quantitativelogarithmictransformationbasedintrusiondetectionsystem AT hengyutang quantitativelogarithmictransformationbasedintrusiondetectionsystem AT cekuenshieh quantitativelogarithmictransformationbasedintrusiondetectionsystem |