This paper presents a module for the intelligent analysis of network traffic for Intrusion Detection Systems (IDS), implemented as an ensemble of three artificial neural networks (ANNs): a Multi-Layer Perceptron (MLP), a Radial Basis Function (RBF) network, and a Self-Organizing Map (SOM). The problem is formalized as an optimization of two criteria: attack detection accuracy (Accuracy) and False Alarm Rate (FAR). An algorithm is proposed that allows for a flexible adjustment of the balance between these metrics depending on security policy priorities. Experiments on the UNSW-NB15 dataset demonstrated that the module achieves an accuracy of 97.2% with a FAR of 2.2% in a balanced mode, and an accuracy of 98.0% with a FAR of 3.6% in a maximum sensitivity mode. The results show the feasibility of adapting an IDS to specific operational conditions, which is particularly important for Security Operations Centers (SOCs), cloud service providers, and operators of critical infrastructure.
H. Holm, “Signature-based intrusion detection for zero-day attacks: (Not) a closed chapter?” in Proc. 47th Hawaii Int. Conf. System Sciences (HICSS), Jan. 2014, pp. 4895–4904.
V. Jyothsna, V. V. Rama Prasad, and K. Munivara Prasad, “A review of anomaly-based intrusion detection systems,” Int. J. Comput. Appl., vol. 28, pp. 26–35, Aug. 2011.
R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proc. IEEE Conf., Oct. 2010, pp. 408–415.
C. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang, “NICE: Network intrusion detection and countermeasure selection in virtual network systems,” IEEE Trans. Dependable Secure Comput., vol. 10, no. 4, pp. 198–211, Jul. 2013.
N. Z. Bawany, J. A. Shamsi, and K. Salah, “DDoS attack detection and mitigation using SDN: Methods, practices, and solutions,” Arabian J. Sci. Eng., vol. 42, no. 2, pp. 425–441, Feb. 2017, doi: 10.1007/s13369-017-2414-5.
S. Dotcenko, A. Vladyko, and I. Letenko, “A fuzzy logic-based information security management for software-defined networks,” in Proc. 16th Int. Conf. Advanced Communication Technology (ICACT), Feb. 2014, pp. 167–171.
J. Wang, R. C. Phan, J. N. Whitley, and D. J. Parish, “Augmented attack tree modeling of distributed denial of service and tree-based attack detection method,” in Proc. 10th IEEE Int. Conf. Computer and Information Technology, Jun. 2010, pp. 1009–1014.
E. Markakis, Y. Nikoloudakis, G. Mastorakis, C. X. Mavromoustakis, E. Pallis, A. Sideris, N. Zotos, J. Antic, A. Cernivec, D. Fejzic, J. Kulovic, A. Jara, A. Drosou, K. Giannoutakis, and D. Tzovaras, “Acceleration at the edge for supporting SMEs security: The Fortika paradigm,” IEEE Commun. Mag., vol. 57, no. 2, pp. 41–47, Feb. 2019.
J. Jiang, Q. Yu, M. Yu, G. Li, J. Chen, K. Liu, C. Liu, and W. Huang, “ALDD: A hybrid traffic-user behavior detection method for application-layer DDoS,” in Proc. IEEE Conf., Aug. 2018, pp. 1565–1569.
D. Aksu, S. Ustebay, M. Aydin, and T. Atmaca, “Intrusion detection with comparative analysis of supervised learning techniques and Fisher score feature selection algorithm,” in Proc. Int. Conf., Sep. 2018, pp. 141–149.
K. Mukhamadieva, “Fuzzy artificial neural network for prediction and management tasks,” pp. 118–124, 2021.