An implementation of bi-phase network intrusion detection system by using real-time traffic analysis

Secure communications for sensitive information over the internet is a very crucial issue. Various malicious information is integrated with the real-time traffic that not only reduces the credibility of the transmission quality but also degrades the system performance. A network intrusion detection system is a tool that minutely inspects all the incoming and outgoing packets passing through a network and identifies malicious events. Although a moderate number of research work has been carried out for the development of network intrusion detection systems, few of them have concentrated on identifying attacks in real-time. Also, there is scope to enhance the performance of the system. Real-time attack identification not only needs a significant number of optimal features but also requires a set of high-performance predictive models. To address the aforementioned challenges, this paper proposes a bi-phase network intrusion detection system by judiciously inspecting the performance of various machine learning and ensemble learning frameworks. The real-time model has been constructed with the help of the CICIDS2017 dataset, which contains many modern-day attacks. A proposed Threshold-Correlation algorithm combined with Particle Swarm Optimization and Genetic algorithms has been used for relevant feature selection, and based on the selected features; the bi-phase model has been developed. The experimental results reveal that the chosen model achieves 99.82% and 99.41% detection accuracy in phase-1 and phase-2 respectively. Finally, the proposed framework has been evaluated using a custom-built real-time test-bed model. In this implementation, instantaneous network traffic (malicious and normal) has been generated by a separate system connected through a network, and on the detector side, the same has been captured and classified by the proposed model. Exhaustive performance evaluation in a real-time environment confirms both the effectiveness and superiority of the present work.