Hybrid Classification for High-Speed and High-Accuracy Network Intrusion Detection System

Cybercrime is growing at a rapid pace, and its techniques are becoming more sophisticated. In order to actively cope with such threats, new approaches based on machine learning and requiring less administrator intervention have been proposed, but there are still many technical difficulties in detecting security attacks in real time. To solve this problem, we propose a new machine learning-based real-time intrusion detection algorithm. Unlike the existing approaches, the one proposed can detect the presence of an attack every time a packet is received, enabling real-time detection. In addition, our algorithm effectively reduces the system load, which may significantly increase from real-time detection, compared to non-real-time detection. In the algorithm, the increase in the number of memory accesses can be minimized (to below 30 %) compared to conventional methods. Since the proposed method is pure software-based approach, it has excellent scalability and flexibility against various attacks. Therefore, the proposed method cannot support the high classification performance of the hardware-based method but also the high flexibility of the software-based method simultaneously, it can effectively detect and prevent various cyber-attacks.