International Journal of Innovative Research in Computer and Communication Engineering
ISSN Approved Journal | Impact factor: 8.771 | ESTD: 2013 | Follows UGC CARE Journal Norms and Guidelines
| Monthly, Peer-Reviewed, Refereed, Scholarly, Multidisciplinary and Open Access Journal | High Impact Factor 8.771 (Calculated by Google Scholar and Semantic Scholar | AI-Powered Research Tool | Indexing in all Major Database & Metadata, Citation Generator | Digital Object Identifier (DOI) |
| TITLE | Detecting and Quantifying Data Drift in Network Intrusion Detection Systems: A Statistical Monitoring System for Drift Detection and Dashboard Visualization |
|---|---|
| ABSTRACT | Machine learning-based Network Intrusion Detection Systems (NIDS) suffer from silent performance degradation when network traffic distributions evolve over time—a phenomenon known as data drift. This paper presents a drift monitoring system that combines XGBoost-based intrusion detection with a statistical drift monitoring system, evaluated on the CICIDS2018 benchmark dataset (16.1 million network flows across 10 days). We propose a three-stage feature selection pipeline that reduces 78 raw CICFlowMeter features to 20 high-information features, followed by a dual drift detector using the Kolmogorov-Smirnov (KS) test and the Population Stability Index (PSI). Experiments on a strictly chronological 60/20/20 split demonstrate that the trained model achieves 95.19% validation accuracy but its attack recall collapses to just 0.66% on the test set—a failure directly attributable to distributional shift. All 20 monitored features exhibit statistically significant KS drift (p < 0.05), and the PSI analysis identifies 7 significantly drifted features on the validation set (avg PSI = 0.162) and 1 significantly drifted feature on the test set (avg PSI = 0.101), providing an actionable retraining signal without requiring ground-truth labels at inference time. A FastAPI backend and React dashboard operationalize drift monitoring through a web dashboard; live stream processing for true real-time inference remains as future work. |
| AUTHOR | E BHARATH, B V DASARADHA RAMI REDDY, B SAMBA, D SARATH Department of Information Technology, Vasireddy Venkatadri Institute of Technology, Guntur, Andhra Pradesh, India |
| VOLUME | 183 |
| DOI | DOI: 10.15680/IJIRCCE.2026.1404018 |
| pdf/18_Detecting and Quantifying Data Drift in Network Intrusion Detection Systems A Statistical Monitoring System for Drift Detection and Dashboard Visualization.pdf | |
| KEYWORDS | |
| References | [1] H. Jmila and M. I. Khedher, "Evolving Cybersecurity Frontiers: A Comprehensive Survey on Concept Drift and Feature Dynamics Aware ML and DL in Intrusion Detection Systems," Engineering Applications of Artificial Intelligence, vol. 137, article 109143, 2024. [2] Z. Kan, S. McFadden, D. Arp, F. Pendlebury, R. Jordaney, J. Kinder, F. Pierazzi, and L. Cavallaro, "TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time (Extended Version)," arXiv preprint arXiv:2402.01359, 2024. [3] F. Hinder, V. Vaquet, and B. Hammer, "One or Two Things We Know about Concept Drift—A Survey on Monitoring in Evolving Environments. Part A: Detecting Concept Drift," Frontiers in Artificial Intelligence, vol. 7, article 1330257, 2024. [4] F. Hinder, V. Vaquet, and B. Hammer, "One or Two Things We Know about Concept Drift—A Survey on Monitoring in Evolving Environments. Part B: Locating and Explaining Concept Drift," Frontiers in Artificial Intelligence, vol. 7, article 1330258, 2024. [5] A. Thakkar and R. Lohiya, "A Review of the Advancement in Intrusion Detection Dataset," Computers & Security, vol. 132, article 103382, Sep. 2023. [6] G. Apruzzese, P. Laskov, and J. Schneider, "SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection," in Proc. IEEE European Symposium on Security and Privacy (EuroS&P), Delft, 2023. [7] A. Paleyes, R.-G. Urma, and N. D. Lawrence, "Challenges in Deploying Machine Learning: A Survey of Case Studies," ACM Computing Surveys, vol. 55, no. 6, article 114, 2023. [8] Y. Wang, X. Ma, and Q. He, "Fast Concept Drift Detection Using Raw Data in the Presence of Missing Values," Knowledge-Based Systems, vol. 277, article 110812, 2023. [9] R. Ferriyan, A. H. Thamrin, K. Takeda, and J. Murai, "Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic," Applied Sciences, vol. 12, no. 2, article 1181, 2022. [10] M. Sarhan, S. Layeghy, and M. Portmann, "Towards a Standard Feature Set for Network Intrusion Detection System Datasets," Mobile Networks and Applications, vol. 27, pp. 357–370, 2022. [11] F. Bayram, B. S. Ahmed, and A. Kassler, "From Concept Drift to Model Degradation: An Overview on Performance-Aware Drift Detectors," Knowledge-Based Systems, vol. 245, article 108632, Jun. 2022. [12] S. Rabanser, S. Günnemann, and Z. C. Lipton, "Failing Loudly: An Empirical Study of Methods for Detecting Dataset Shift," Journal of Machine Learning Research, vol. 23, no. 322, pp. 1–57, 2022. [13] J. Klaise, A. Van Looveren, G. Vacanti, and A. Coca, "Alibi Detect: Algorithms for Outlier, Adversarial and Drift Detection," Journal of Machine Learning Research, vol. 23, no. 147, pp. 1–6, 2022. [14] M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, "NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems," in Big Data Technologies and Applications, Lecture Notes ICST, vol. 371, Springer, 2022. [15] A. Andresini, F. Pendlebury, F. Pierazzi, C. Loglisci, A. Appice, and L. Cavallaro, "INSOMNIA: Towards Concept-Drift Robustness in Network Intrusion Detection," in Proc. 14th ACM Workshop Artif. Intell. Security (AISec '21), 2021. [16] Q. Yang, J. Xu, and C. Hao, "CADE: Detecting and Explaining Concept Drift Samples for Security Applications," in Proc. 30th USENIX Security Symp., 2021. [17] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," in Proc. 4th Int. Conf. Inf. Syst. Security Privacy (ICISSP), 2018. [18] T. Chen and C. Guestrin, "XGBoost: A scalable tree boosting system," in Proc. 22nd ACM SIGKDD Int. Conf. Knowl. Discovery Data Mining, 2016. |
