Contemporary software systems encompass a multitude of interconnected entities, often accessible via the Web, making them susceptible to potential malicious activities. Intrusion Detection Systems (IDS) intend to monitor such systems and/or their sub-systems, including the network infrastructure, and identify malicious user behaviour on time, so that the appropriate measures can be taken to protect the relevant entities or mitigate the consequences. However, user behaviour is often quite complicated and cannot be captured by simple rules. Machine Learning (ML) techniques provide the means for automatically detecting potential intrusions based on previously collected data. In this article, a Network-based IDS is presented, which can detect several network attacks through the usage of ML techniques and relevant frameworks. The publicly available cybersecurity datasets that were used in this work are introduced and their contribution for intrusion detection purposes is evaluated. Also, the approach followed for dealing with false alarms and new attack types is presented and the relevant findings are discussed. |
*** Title, author list and abstract as seen in the Camera-Ready version of the paper that was provided to Conference Committee. Small changes that may have occurred during processing by Springer may not appear in this window.