DefinePK

Abstract

Situations like zero-day attacks and advanced persistent threats require strong real-time detection of intrusion methods. The HATIDS combines signature-based detection and machine learning algorithms namely Isolation Forest and One-Class Support Vector Machine (SVM) employing a new weighted feature fusion engine for the best threat scoring. In the experiment on CIC-IDS2017 dataset and attacks such as DDoS and botnets, HATIDS has a 94.26% detection accuracy, 12 false positives reduced (6%) and 18 false negatives reduced (7%), and a mitigation time of 450 seconds, better than the previous hybrid models by 25%. This would in effect reduce the level of alert fatigue and improve security operations. The given features of HATIDS such as real time automated mitigation, threat intelligence sharing, and sharing make it scalable for enterprises and IoT. In future work we plan to look into developing abilities in detecting encrypted threats and to also extend to the federated learning approach.