ZW-IDS: Zero-Watermarking-based network Intrusion Detection System using data provenance

In the rapidly evolving digital world, network security is a critical concern. Traditional security measures often fail to detect unknown attacks, making anomaly-based Network Intrusion Detection Systems (NIDS) using Machine Learning (ML) vital. However, these systems face challenges such as computational complexity and misclassification errors. This paper presents ZW-IDS, an innovative approach to enhance anomaly-based NIDS performance. We propose a two-layer classification NIDS integrating zero-watermarking with data provenance and ML. The first layer uses Support Vector Machines (SVM) with ensemble learning model for feature selection. The second layer generates unique zero-watermarks for each data packet using data provenance information. This approach aims to reduce false alarms, improve computational efficiency, and boost NIDS classification performance. We evaluate ZW-IDS using the CICIDS2017 dataset and compare its performance with other multi-method ML and Deep Learning (DL) solutions.