Facing the Unknown: A Stream Learning Intrusion Detection System for Reliable Model Updates

Abstract

Current machine learning approaches for network-based intrusion detection do not cope with new network traffic behavior, which requires periodic computationally and time-consuming model updates. In light of this limitation, this paper proposes a novel stream learning intrusion detection model that maintains system accuracy, even in the presence of unknown traffic behavior. It also eases the model update process by incrementally incorporating new knowledge into the machine learning model. Experiments performed using a recent realistic dataset of network behaviors have shown that the proposed technique detects potentially unreliable classifications. Moreover, the proposed model can incorporate the new network traffic behavior from model updates to improve the system accuracy while maintaining its reliability.