Intrusion Detection based on Concept Drift Detection & Online Incremental Learning

Abstract

Abstract Intrusions are constantly evolving and changing, and to keep up with these changes, it is necessary to have models that detect these changes, also known as concept drifts, and offer the ability to update the model without starting the learning process from scratch. In our contribution, we have opted for a new approach to intrusion detection based on concept drift detection and online incremental learning, named DDM-ORF. Our approach is based on the Detection Drift Method (DDM) and Online Random Forest algorithm (ORF). The model has shown very good accuracy compared to traditional approaches and an ability to handle massive data, providing multi-class classification that allows for determining insights. The proposed system achieves very good classification results, along with good processing speed that meets real-world scenarios. Apache Spark Structured Streaming provides important functionalities for dealing with streaming data and enables the deployment of the proposed system DDM-ORF in real-world applications.