Real-Time Network Intrusion Prevention System Based on Hybrid Machine Learning

Recent advancements in network technology and associated services have led to a rapid increase in the amount of data traffic. However, the detrimental effects caused by cyber-attacks have also significantly increased. Network attacks are evolving in various forms. Two primary approaches exist for addressing such threats: signature-based detection and anomaly detection. Although the aforementioned approaches can be effective, they also have certain drawbacks. Signature-based detection is vulnerable to variant attacks, while anomaly detection cannot be used for real-time data traffic. For resolving such issues, this paper proposes a two-level classifier that can simultaneously achieve high performance and real-time classification. It employs level 1 and 2 classifiers internally. The level 1 classifier initially performs real-time detection with moderate accuracy for incoming data traffic. If the data cannot be classified with high probability by the classifier, the classification is delayed until the traffic flow terminates. The level 2 classifier then collects the statistical features of the traffic flow for performing precise classification. Compared to existing techniques, the proposed two-level classification method can achieve superior performance in terms of accuracy and detection time.