TY  - CPAPER
U1  - Konferenzveröffentlichung
A1  - Schaad, Andreas
A1  - Binder, Dominik
ED  - Liu, Joseph K.
ED  - Katsikas, Sokratis
ED  - Meng, Weizhi
ED  - Susilo, Willy
ED  - Intan, Rolly
T1  - FEX – A Feature Extractor for Real-Time IDS
T2  - Information Security
N2  - In the field of network security, the detection of possible intrusions is an important task to prevent and analyse attacks. Machine learning has been adopted as a particular supporting technique over the last years. However, the majority of related published work uses post mortem log files and fails to address the required real-time capabilities of network data feature extraction and machine learning based analysis [1-5]. We introduce the network feature extractor library FEX, which is designed to allow real-time feature extraction of network data. This library incorporates 83 statistical features based on reassembled data flows. The introduced Cython implementation allows processing individual packets within 4.58 microseconds. Based on the features extracted by FEX, existing intrusion detection machine learning models were examined with respect to their real-time capabilities. An identified Decision-Tree Classifier model was thus further optimised by transpiling it into C Code. This reduced the prediction time of a single sample to 3.96 microseconds on average. Based on the feature extractor and the improved machine learning model an IDS system was implemented which supports a data throughput between 63.7 Mbit/s and 2.5 Gbit/s making it a suitable candidate for a real-time, machine-learning based IDS.
KW  - Machine Learning
KW  - Real-time
KW  - Feature extraction
Y1  - 2021
SN  - 978-3-030-91355-7 (Print)
SB  - 978-3-030-91355-7 (Print)
SN  - 978-3-030-91356-4 (Online)
SB  - 978-3-030-91356-4 (Online)
U6  - https://doi.org/10.1007/978-3-030-91356-4_12
DO  - https://doi.org/10.1007/978-3-030-91356-4_12
VL  - LNCS 13118
SP  - 221
EP  - 237
S1  - 17
PB  - Springer
CY  - Cham
ER  -