HIDIM: A novel framework of network intrusion detection for hierarchical dependency and class imbalance

Weidong Zhou,Chunhe Xia,Tianbo Wang,Xiaopeng Liang,Wanshuang Lin,Xiaojian Li,Song Zhang
DOI: https://doi.org/10.1016/j.cose.2024.104155
IF: 5.105
2024-10-22
Computers & Security
Abstract:Deep learning-based network intrusion detection has been extensively explored as a data-driven approach. Therefore, paying attention to the data's characteristics is essential. By analyzing the attribute dependence and sample distribution of intrusion data, there are the following problems: "hierarchical dependency omission" and "decision boundary discontinuity." The former means the previous attribute embedding models failed to incorporate network protocol hierarchy. The latter indicates that the small disjuncts distribution leads to sub-concept fragmentation, exacerbating the difficulty in handling class imbalance. To address these problems, we propose a novel detection framework for Hi erarchical D ependency and Class Im balance (HIDIM). First, we treat semantic attributes as words and introduce the protocol hierarchy of attributes into a paragraph embedding model. Second, we design a synthetic oversampling method. It adopts a mutual nearest neighbour approach to determine the boundaries of each disjunct. Then, it synthesizes high-quality samples within those boundary areas by crossing or mutating features based on their importance. The experimental results on multiple real-world datasets demonstrate that the proposed framework is superior to other state-of-the-art models in terms of accuracy, F1-score, and false negative rate by 2.23%, 2.12%, and 1.43% on average, respectively.
computer science, information systems
What problem does this paper attempt to address?