Real-Time Network Intrusion Prevention System Using Incremental Feature Generation

Security measures are urgently required to mitigate the recent rapid increase in network security attacks. Although methods employing machine learning have been researched and developed to detect various network attacks effectively, these are passive approaches that cannot protect the network from attacks, but detect them after the end of the session. Since such passive approaches cannot provide fundamental security solutions, we propose an active approach that can prevent further damage by detecting and block-ing attacks in real time before the session ends. The proposed technology uses a two-level classifier structure: the first-stage classifier supports real-time classification, and the second-stage classifier supports accurate classification. Thus, the proposed approach can be used to determine whether an attack has occurred with high accuracy, even under heavy traffic. Through extensive evaluation, we confirm that our approach can provide a high detection rate in real time. Furthermore, because the proposed approach is fast, light, and easy to implement, it can be adopted in most existing network security equip-ment. Finally, we hope to mitigate the limitations of existing security systems, and expect to keep networks faster and safer from the increasing number of cyber-attacks.