A real-time adaptive network intrusion detection for streaming data: a hybrid approach

This study aimed at improving the performance of classifiers when trained to identify signatures of unknown attacks. Furthermore, this paper addresses the following objectives: (1) To establish and examine most commonly used classifiers in the implementation of IDSs (KNN and Bayes); (2) To evaluate the performance of the individual classifiers independently; and (3) To model a hybrid classifier based on the strengths of the two classifiers. This study adopted a quantitative methodology of collecting and interpreting data. The study had used the NSL-KDD and the original KDD 1999 datasets. This paper evaluated the devised mechanisms over virtualised networked environments and traffic workloads. SVM was used for detecting cycle numbers whereas coefficients and signal shifts were used for completing period detection. Also, this paper has presented rare data for detecting anomalies. Anticipated events that have not occurred and unanticipated events can be detected at various sampling frequencies based on a hybrid approach since no one has proposed a hybrid approach for detecting anomalies. This paper has ranked features from a network traffic database based on a combination of feature selection wrappers and filers and determined that 16 features showed a strong contribution to the anomaly detection task.