The complexity of the UKM-IDS20 is compared to the KDD99 and UNSW-NB15 datasets from two aspects. The created dataset contains 46 features and covers four types of attacks, namely ARP poisoning, DoS, Scans, and Exploits. The collected data from the tests of this study is then used to create the UKM-IDS20 dataset. This process involves three stages packet capturing, packet integration, and feature extraction.
Since this procedure requires further data, a simple data acquisition methodology is used for processing raw network traffic data. The update procedure includes training new classifiers and adding them to the base ensemble model. The proposed IDS employs the homogeneous ensemble method to create a model that can be periodically updated to detect novel attacks.
Therefore, this study presents an adaptive IDS and a new real-world network dataset called the UKM-IDS20. Moreover, the connection between processing raw network data and creating an adaptive IDS has not been sufficiently studied in this domain. Updating the IDS datasets would allow for the testing of the proposed IDSs on datasets that are relevant to the recent attacks. In addition, consistent update of IDS datasets is essential due to the advancement in network technology and attack strategies. Therefore, an adaptive IDS is crucial to keep computer networks protected. Traditional network intrusion detection systems (IDSs) usually have difficulties detecting these attacks because they need to adapt to more advanced or challenging technologies of novel attacks, yet updating them can be computationally expensive and complicated. In recent years, the demand for computer networks has grown rapidly, thus allowing for higher risk of novel attack incidents.
0 kommentar(er)
