Scalable Inline Network-Intrusion Detection System with Minimized Memory Requirement

Abstract

Currently used network-intrusion detection systems (NIDSs) using deep learning have limitations in processing large amounts of data in real time. This is because collecting flow information and creating features are time consuming and require considerable memory. To solve this problem, a novel NIDS with θ(1) memory complexity for processing a flow is proposed in this study. Owing to its small memory requirement, the proposed model can handle numerous concurrent flows. In addition, it uses raw packet data as input features for the deep learning models, resulting in a lightweight feature-creation process. For fast detection, the proposed NIDS classifies a flow using a received packet, though it is prone to false detection. This weakness is solved through the validation model proposed in this research, resulting in high detection accuracy. Furthermore, real-time detection is possible since intrusion detection can be performed for every received packet using the Inception model. A performance comparison with existing methods confirmed an effectively improved detection time and lower memory requirement by 73% and 77% on average while maintaining high detection accuracy. Thus, the proposed model can effectively overcome the problems with modern deep-learning-based NIDSs.