Speaker
Description
In dynamic network environments, intrusion detection systems (IDS) must adapt to traffic network patterns despite the challenge of concept drift. Traditional drift detection methods, such as ADWIN, DDM, and others, face a challenge between sensitivity and stability, resulting in both delayed traffic attack detection and abnormal false alarms. To address this issue, we propose a novel framework - Adaptive-Delta ADWIN, which adjusts the ADWIN detector's delta parameter using two lightweight online controllers: Volatility Controller (VC) which adapts to fluctuations in prediction error, and Alert-rate Controller (ARC), which control the frequency of drift alarms. We merge the adaptive detector into streaming ensemble of Hoeffding Adaptive Trees and evaluate its performance against a fixed-delta baseline. The proposed metrics: accuracy, ROU-AUC, F1-score are monitored in real time performance. The results from the experiment demonstrate the effectiveness and responsiveness of the Adaptive-Delta ADWIN framework in handling concept drift while reducing false alarms and balancing sensitivity with stability in IDS streaming environments.
