Intrusion Detection Systems (IDSs) based on machine-learning techniques have become a major research focus, as they are crucial for identifying anomalies in the network traffic logs to detect malicious activity. Although such systems achieve high performance during testing, they experience a decline in accuracy over time when deployed in real-world scenarios due to concept drift. Over time, patterns in both benign and malicious network traffic evolve, rendering the training data obsolete and leading to performance degradation. This has led to a growing interest in concept drift detection and the use of adaptation policies such as online and incremental machine learning. However, testing system performance over time, both for drift detection and adaptation, requires labeled real network datasets that exhibit concept drift, with temporal indications of when the drift occurs. The absence of such datasets has led to the use of synthetic drift data generators, which, however, force researchers to work with datasets that are overly simplistic and insufficiently challenging for machine learning algorithms compared to real network datasets. To overcome this limitation, this work proposes a Concept Drift Stream Generator for Intrusion Detection Systems that, starting from a real network dataset, generates data streams exhibiting concept drift. This enables the evaluation of system performance under realistic concept drift conditions while preserving the complexity of the original dataset.
A concept drift stream generator for intrusion detection systems / Costa Gabriele, Nicolò; De Paola, Alessandra; Drago, Salvatore; Ferraro, Pierluca; Lo Re, Giuseppe. - 4121:(2025). ( Ital-IA 2025 - 5th National Conference on Artificial Intelligence Trieste, Italy 23-24/06/2025).
A concept drift stream generator for intrusion detection systems
Drago Salvatore
;
2025
Abstract
Intrusion Detection Systems (IDSs) based on machine-learning techniques have become a major research focus, as they are crucial for identifying anomalies in the network traffic logs to detect malicious activity. Although such systems achieve high performance during testing, they experience a decline in accuracy over time when deployed in real-world scenarios due to concept drift. Over time, patterns in both benign and malicious network traffic evolve, rendering the training data obsolete and leading to performance degradation. This has led to a growing interest in concept drift detection and the use of adaptation policies such as online and incremental machine learning. However, testing system performance over time, both for drift detection and adaptation, requires labeled real network datasets that exhibit concept drift, with temporal indications of when the drift occurs. The absence of such datasets has led to the use of synthetic drift data generators, which, however, force researchers to work with datasets that are overly simplistic and insufficiently challenging for machine learning algorithms compared to real network datasets. To overcome this limitation, this work proposes a Concept Drift Stream Generator for Intrusion Detection Systems that, starting from a real network dataset, generates data streams exhibiting concept drift. This enables the evaluation of system performance under realistic concept drift conditions while preserving the complexity of the original dataset.| File | Dimensione | Formato | |
|---|---|---|---|
|
A_Concept_Drift_Stream_Generator_for_Intrusion_Detection_Systems.pdf
accesso aperto
Descrizione: A Concept Drift Stream Generator for Intrusion Detection Systems
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
1.7 MB
Formato
Adobe PDF
|
1.7 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
