TY - JOUR
T1 - A Quantitative Logarithmic Transformation-Based Intrusion Detection System
AU - Lan, Blue
AU - Lo, Ta Chun
AU - Wei, Rico
AU - Tang, Heng Yu
AU - Shieh, Ce Kuen
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2023
Y1 - 2023
N2 - Intrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in both the pretraining stage and the online detection process itself. Accordingly, this study proposes a quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) that uses a straightforward statistical approach to analyze network behavior. Compared with machine-learning or deep-learning-based IDS methods, the proposed system requires neither a time-consuming and expensive data collection and training process, nor a GPU-included device to achieve a real-time detection performance. Furthermore, the system can deal not only with North-South attacks, but also East-West attacks, which pose a significant risk in real-world operations. The effectiveness of the proposed system is evaluated for both real-world campus network traffic and simulated traffic. The results confirm that QLT-IDS is able to detect a wide range of malicious attacks with a high precision, even under high down-sampling rate of the NetFlow records.
AB - Intrusion detection systems (IDS) play a vital role in protecting networks from malicious attacks. Modern IDS use machine-learning or deep-learning models to deal with the diversity of attacks that malicious users may employ. However, effective machine-learning methods incur a considerable cost in both the pretraining stage and the online detection process itself. Accordingly, this study proposes a quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) that uses a straightforward statistical approach to analyze network behavior. Compared with machine-learning or deep-learning-based IDS methods, the proposed system requires neither a time-consuming and expensive data collection and training process, nor a GPU-included device to achieve a real-time detection performance. Furthermore, the system can deal not only with North-South attacks, but also East-West attacks, which pose a significant risk in real-world operations. The effectiveness of the proposed system is evaluated for both real-world campus network traffic and simulated traffic. The results confirm that QLT-IDS is able to detect a wide range of malicious attacks with a high precision, even under high down-sampling rate of the NetFlow records.
UR - http://www.scopus.com/inward/record.url?scp=85149401709&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85149401709&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2023.3248261
DO - 10.1109/ACCESS.2023.3248261
M3 - Article
AN - SCOPUS:85149401709
SN - 2169-3536
VL - 11
SP - 20351
EP - 20364
JO - IEEE Access
JF - IEEE Access
ER -