Intrusion Detection System Based on an Intelligent Multi-Layer Model Using Machine Learning

Abstract

With the rapid advent of information technology and social networking, the multiplication of connected devices further exposes users to the vulnerability of their personal data. This growing interconnectedness increases the risk of online attacks, underlining the daily challenge of cybersecurity in the face of increasingly sophisticated attacks. Flaws in automatic software updates and the limited responsiveness of devices underline the need for an innovative approach to detecting intrusions and securing systems. Early detection of intrusions within companies is essential to anticipate threats and respond rapidly to incidents. Researchers recommend the use of several tools and methods to counter malicious activity. This article introduces our innovative development of an automated model called SSVM (Snort Support Vector Machine) based on a hierarchical strategy organized in distinct layers. This model, automated by the joint use of Python and Shell, merges the efficiency of these languages to guarantee autonomous and resilient operation. After examining several intrusion detection and prevention systems, the first layer implements a selected system as the initial basis. The second layer uses machine learning to fill in the gaps in the initial system. Finally, the third layer applies a global evaluation methodology, taking into account execution time, energy consumption and physical resources, in order to orchestrate the entire evaluation process. The approach we propose appears to improve on other conventional intrusion detection systems by making the detection process more efficient. It does this by reducing false positives and false negatives compared with existing models.