Gang Kou,Yi Peng,Yong Shi,Zhengxin Chen

DOI: https://doi.org/10.1109/ICDMW.2006.122

2006-01-01

Abstract:The growing number of computer network attacks or intrusions has caused huge lost to companies, organizations, and governments during the last decade. Intrusion detection, which aims at identifying and predicting network attacks, is a fast developing area that has attracted attention from both industry and academia. Technologies have been developed to detect network intrusions using theories and methods from statistics, machine learning, soft computing, mathematics, and many other fields. We have previously proposed multiple criteria linear programming (MCLP) and multiple criteria nonlinear programming (MCNP) models for two-group intrusion detection. Although these models achieve good results in two-group classification problems, they perform poorly on multi-group situations. In order to solve the problem, we introduce the kernel concept into multiple criteria models in this paper. Experimental results show that the new model provides both high classification accuracies and low false alarm rates in three-group and four-group intrusion detection. Keywords: Network intrusion detection, Security, Multiple criteria mathematical programming, Multi-group classification.

G Kou,Y Peng,N Yan,Y Shi,ZX Chen,QM Zhu,J Huff,S McCartney

2004-01-01

Abstract:The early and reliable detection and deterrence of malicious attacks, both from external and internal sources is a crucial issue for today's e-business. There are various approaches available for intrusion detection; however, every method has its strengths and weaknesses. As a novel and promising data mining approach, multiple criteria linear programming (MCLP) has been successfully applied to credit card portfolio management for classifying two or multiple groups. The goal of this research is to determine the applicability of the MCLP algorithm to the intrusion detection problem. The demonstration of successful MCLP application in intrusion detection can add another option to network security toolbox. There are two objectives of this paper: first, apply MCLP to network intrusion detection system to identifying attacks; second, employ ensemble method to improve detection results. An overview of the two-group MCLP model formulation, the network intrusion, and the dataset used (KDD-99) in this paper are introduced first. Then MCLP is employed to KDD-99 and results are cross-validated. After that, the ensemble method is tested. As the results indicate, the ensemble method is better than cross-validated MCLP though the magnitude of the increase seems slight due the nature of the dataset.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Gang Kou,Yi Peng,Zhengxin Chen,Yong Shi

DOI: https://doi.org/10.1016/j.ins.2008.10.025

IF: 8.1

2009-01-01

Information Sciences

Abstract:Multi-class classification problems are harder to solve and less studied than binary classification problems. The goal of this paper is to present a multi-criteria mathematical programming (MCMP) model for multi-class classification. Furthermore, we introduce the concept of e-support vector to facilitate computation of large-scale applications. Instead of finding the optimal solution for a convex mathematical programming problem, the computation of optimal solution for the model requires only matrix computation. Using two network intrusion datasets, we demonstrate that the proposed model can achieve both high classification accuracies and low false alarm rates for multi-class network intrusion classification.

Gang Kou,Yi Peng,Yong Shi,Zhengxin Chen,Xiaojun Chen

DOI: https://doi.org/10.1007/978-3-540-30537-8_16

2004-01-01

Abstract:The early and reliable detection and deterrence of malicious attacks, both from external and internal sources are a crucial issue for today's e-business. There are various methods available today for intrusion detection; however, every method has its limitations and new approaches should still be explored. The objectives of this study are twofold: one is to discuss the formulation of Multiple Criteria Quadratic Programming (MCQP) approach, and to investigate the applicability of the quadratic classification method to the intrusion detection problem. The demonstration of successful Multiple Criteria Quadratic Programming application in intrusion detection can add another option to network security toolbox. The classification results are examined by cross-validation and improved by an ensemble method. The results demonstrated that MCQP is excellent and stable. Furthermore, the outcome of MCQP can be improved by the ensemble method.

Satyanarayana Gunupusala,Shahu Chatrapathi Kaila

DOI: https://doi.org/10.37256/cm.5220243723

2024-06-19

Contemporary Mathematics

Abstract:Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Jian Luo,Yiying Zhang,Yannian Wu,Yao Xu,Xiaoyan Guo,Boxiang Shang

DOI: https://doi.org/10.3390/electronics12040949

IF: 2.9

2023-02-16

Electronics

Abstract:Network intrusion data are characterized by high feature dimensionality, extreme category imbalance, and complex nonlinear relationships between features and categories. The actual detection accuracy of existing supervised intrusion-detection models performs poorly. To address this problem, this paper proposes a multi-channel contrastive learning network-based intrusion-detection method (MCLDM), which combines feature learning in the multi-channel supervised contrastive learning stage and feature extraction in the multi-channel unsupervised contrastive learning stage to train an effective intrusion-detection model. The objective is to research whether feature enrichment and the use of contrastive learning for specific classes of network intrusion data can improve the accuracy of the model. The model is based on an autoencoder to achieve feature reconstruction with supervised contrastive learning and for implementing multi-channel data reconstruction. In the next stage of unsupervised contrastive learning, the extraction of features is implemented using triplet convolutional neural networks (TCNN) to achieve the classification of intrusion data. Through experimental analysis, the multichannel contrastive learning network-based intrusion-detection method achieves 98.43% accuracy in dataset CICIDS17 and 93.94% accuracy in dataset KDDCUP99.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xueying Han,Song Liu,Junrong Liu,Bo Jiang,Zhigang Lu,Baoxu Liu

DOI: https://doi.org/10.1109/tifs.2024.3426304

IF: 7.231

2024-07-20

IEEE Transactions on Information Forensics and Security

Abstract:Malicious traffic detection in the real world faces the challenge of dealing with a diverse mix of known, unknown, and variant malicious traffic, requiring methods that are accurate, generalizable, and reliable for identifying both known and emerging threats. However, existing methods are unable to fully meet these requirements. Supervised methods can accurately detect known malicious traffic, but their performance declines significantly when encountering unknown attacks. Additionally, the misclassification is usually silent, leading to doubts about the reliability and practicality. Unsupervised methods can deal with unknown attacks, but their high false positive rate and inability to utilize the knowledge of existing attack data constitute obvious shortcomings. To overcome these limitations, we propose ECNet, an end-to-end robust malicious network traffic detection method. Particularly, ECNet incorporates multi-view features, including content and pattern features, and employs a gated-based feature fusion approach, providing an efficient and robust representation. Moreover, ECNet introduces a confidence mechanism and combines category probability and confidence values during training and detection; therefore, it can accurately detect both known and unknown malicious traffic while ensuring the credibility of results. To validate the performance of ECNet, we conduct comprehensive experiments on six reorganized datasets and compare ECNet with seven state-of-the-art methods. The results demonstrate that ECNet outperforms others, particularly showing significant improvements in detecting unknown attacks, with up to a 14.15% increase in F1 compared to the best-performing method.

computer science, theory & methods,engineering, electrical & electronic

Yongqing Huang,Jin Gou,Zongwen Fan,Yongxin Liao,Yanmin Zhuang

DOI: https://doi.org/10.1016/j.jisa.2024.103790

IF: 4.96

2024-05-24

Journal of Information Security and Applications

Abstract:The diversification and complexity of network attacks pose a serious challenge to network security and lead to the phenomenon of overlapping attributes of network attack behaviors. In this context, traditional network attack detection methods are limited to single-label learning, which cannot effectively deal with complex and diverse network attacks. To better understand the relation between network attack behaviors and improve the effect of network security protection, we first analyze the well-known network attack datasets (UNSW-NB15 and CCCS-CIC-AndMal-2020) according to the proposed multi-label metrics. Subsequently, we propose a multi-label cyber-attack detection method based on two-stage model fusion. In the first stage, a category is selected based on the analysis of multi-label metrics, and binary classification is performed. In the second stage, the binary labels generated in the first stage are added to the feature space for the multi-label categorization. Experimental results show that the two-stage model fusion method effectively improves the performance of the baseline methods. In addition, we analyze the impact of different categories and binary classification performance for the multi-label detection. The experimental results show that, theoretically, when the binary classification accuracy of Normal and Adware reaches 77% and 95% respectively, the performance of the two-stage multi-label detection method exceeds the state-of-the-art methods. This indicates the effectiveness of the two-stage strategy used in our proposed method for improving the ability of multi-label network attack detection.

computer science, information systems

Hongjun Dai,Huabo Liu,Zhiping Jia,Tianzhou Chen

DOI: https://doi.org/10.1109/trustcom.2012.42

2012-01-01

Abstract:WSN is a distributed network exposed to an open environment, which is vulnerable to malicious nodes. To find out malicious nodes among a WSN with mass sensor nodes, this paper presents a malicious detection method based on multi-variate classification. Given the types of a few sensor nodes, it extracts sensor nodes' preferences related with the known types of malicious node, establishes the sample space of all sensor nodes that participate in network activities. Then, according to the study on the type-known sensor nodes' samples based on the multivariate classification algorithm, a classifier is generated, and all of the unknown-type sensor nodes are classified. The experiment results show that as long as the value of sensor nodes preferences and the number of active sensor nodes is stable, the false detection rate is stabilized under 0.5%.

Ahsan Al Zaki Khan,Gursel Serpen

DOI: https://doi.org/10.48550/arXiv.2012.09707

2020-12-18

Abstract:In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identification system for tens of different types of attacks against industrial SCADA networks. The machine learning classifier is trained and tested on the data generated using the laboratory prototype of a gas pipeline SCADA network. The dataset consists of three attack groups and seven different attack classes or categories. The same dataset further provides signatures of 35 different types of sub-attacks which are related to those seven attack classes. The study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect and identify specifically each of the 35 attack subclasses. The first stage of the classifier decides if a record is associated with normal operation or an attack signature. If the record is found to belong to an attack signature, then in the second stage, it is classified into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record is provided for a third stage sub-attack classification, where seven different classifiers are employed. The output from the third stage classifier identifies the sub-attack type to which the record belongs. Simulation results indicate that designs exploring specialization to domains or executing the classification in multiple stages versus single-stage designs are promising for problems where there are tens of classes. Comparison with studies in the literature also indicated that the multi-stage classifier performed markedly better.

Cryptography and Security

Yuxiang Li,Haiming Wang,Hongkui Yu,Changquan Ren,Qingjia Geng

DOI: https://doi.org/10.4304/jnw.8.6.1322-1328

2013-01-01

Abstract:According to the 31th statistical reports of China Internet network information center (CNNIC), by the end of December 2012, the number of Chinese netizens has reached 564 million, and the scale of mobile Internet users also reached 420 million. But when the network brings great convenience to people's life, it also brings huge threat in the life of people. So through collecting and analyzing the information in the computer system or network we can detect any possible behaviors that can damage the availability, integrity and confidentiality of the computer resource, and make timely treatment to these behaviors which have important research significance to improve the operation environment of network and network service. At present, the Neural Network, Support Vector machine (SVM) and Hidden Markov Model, Fuzzy inference and Genetic Algorithms are introduced into the research of network intrusion detection, trying to build a healthy and secure network operation environment. But most of these algorithms are based on the total sample and it also hypothesizes that the number of the sample is infinity. But in the field of network intrusion the collected data often cannot meet the above requirements. It often shows high latitudes, variability and small sample characteristics. For these data using traditional machine learning methods are hard to get ideal results. In view of this, this paper proposed a Generalized Multi-Kernel Learning method to applied to network intrusion detection. The Generalized Multi-Kernel Learning method can be well applied to large scale sample data, dimension complex, containing a large number of heterogeneous information and so on. The experimental results show that applying GMKL to network attack detection has high classification precision and low abnormal practical precision.

Jakiur Rahman,Jaskaran Singh,Soumen Nayak,Biswajit Jena,Lopamudra Mohanty,Narpinder Singh,John R. Laird,Rajesh Singh,Deepak Garg,Narendra N. Khanna,Mostafa M. Fouda,Luca Saba,Jasjit S. Suri

DOI: https://doi.org/10.1080/08839514.2024.2376983

IF: 2.777

2024-07-13

Applied Artificial Intelligence

Abstract:Intrusion detection systems (IDS) play a critical role in ensuring the security and integrity of computer networks. There is a constant demand for the development of powerful, novel, and generalized methods for IDS that can accurately detect and classify intrusions. In this study, we aim to evaluate the benefits of linear classifiers (LC) and nonlinear classifiers (NLC) in IDS. We employed ten machine learning (ML) classifiers, consisting of five LC and five NLC. These classifiers underwent cross-validation for performance evaluation, unseen analysis, statistical tests, and power analysis on measuring the minimum sample size. Four hypotheses were formulated and validated on five processed intrusion attack datasets. NLC outperformed LC, with a mean accuracy (ACC)/area-under-the-curve (AUC) increase of 22.26%/20.3% on the WUSTL-EHMS dataset, with improvements of ACC/AUC by 5.5%/2.3% on the UNSW-NB15 dataset. In the unseen analysis, NLC achieved an ACC/AUC increase of 21.9%/21.8% when trained on WUSTL-EHMS and tested on UNSW-NB15. Lastly, when using a mixed dataset of WUSTL-EHMS and UNSW-NB15, NLC demonstrated an ACC/AUC increase of 11.67%/5.5%. The model performed well in cross-validation protocols, and the statistical tests yielded significant p-values. NLC provides generalized and robust solutions to detect intrusion attacks, ensuring the integrity and security of computer networks.

computer science, artificial intelligence,engineering, electrical & electronic

Lan Xia,Xuefei Xia

DOI: https://doi.org/10.1016/j.procs.2023.11.067

2023-01-01

Procedia Computer Science

Abstract:Due to the diverse and volatile nature of today's network attacks, it is difficult to achieve satisfactory results using a single detection method. This project plans to study the network intrusion detection algorithm based on Semi-Supervised Learning and active learning to improve its accuracy and effectively intercept various network attacks. First, network attack data is collected, attack characteristics are extracted, and Semi-Supervised Learning method is used to cluster attack data. Secondly, by studying the clustering data, a network intrusion detection classifier based on BP neural network was constructed, and the construction process of the classifier was improved. On this basis, the effectiveness of the algorithm was verified through simulation experiments using standard datasets. The experimental results show that the combination rate of the optimized algorithm for network intrusion detection and neural network methods is over 95%, which can meet the actual accuracy requirements of network security protection. This is because the method proposed by the author combines semi supervised technology with BP neural network, which can effectively identify different types of network intrusion behavior, thereby reducing the missed detection rate and false alarm rate of network intrusion detection, and has significant advantages.

Muhammad U. Ilyas,Soltan Abed Alharbi

DOI: https://doi.org/10.1007/s00607-021-01050-5

2022-01-04

Computing

Abstract:All organizations, be they businesses, governments, infrastructure or utility providers, depend on the availability and functioning of their computers, computer networks and data centers for all or part of their operations. Network intrusion detection systems are the first line of defense that protect computing infrastructure from external attacks. In this study we develop five different Machine Learning classifiers for a number of attacks. We used the CSE-CIC-IDS2018 dataset, developed in a collaborative effort between the Communications Security Establishment and the Canadian Institute for Cybersecurity. It is an extensive network traffic trace dataset that captures multiple attacks and has become available relatively recently. The previous major dataset used for the development of network intrusion detection systems is the KDD Cup’99 dataset, now going on 22 years, which predates mobile computing, Web 2.0/3.0, social media, streaming video and widespread use of SSL. These significant Internet trends of the last two decades demand a reevaluation and redevelopment of intrusion detectors. Prior studies that designed Machine Learning classifiers using the CSE-CIC-IDS2018 dataset use a large and rich set of features, of which at least one is not dataset-invariant. Almost none have explored the appropriateness of using all available features with datasets containing only a few hundred attack class samples. The classifiers developed in this study rely on a justifiable number of features and their performance is reviewed for stability and generalization by reporting not just average performance over 10 fold cross-validation but also the degree of variation from one fold to the next.

computer science, theory & methods

Yunchuan Kang,Jing Zhong,Ruofeng Li,Yuqiao Liang,Nian Zhang

DOI: https://doi.org/10.1142/S0218213021400066

IF: 1.1

2021-01-30

International Journal on Artificial Intelligence Tools

Abstract:A method of classifying network security data based on multi-featured extraction is proposed to address instability of a nonlinear time series in a network security threat. Cybersecurity information is divided in line with the principle of acquiring multiple attributes. On this basis, an adaptive adaptation estimation technology is optimized in analogue. With the proposed method, a cybersecurity information classification system is constructed according to the phase interval reconstruction principle so that a dynamic and autonomous adaptation estimation of the cybersecurity threat can be completed to ensure the feasibility of cybersecurity information classification. The experimental result proves that the cybersecurity information classification technology based on multi-attribute extraction can effectively guide chaos into adjacent orbits and reasonably control the training scale. Moreover, the accuracy of the estimation is guaranteed and the cybersecurity threat is estimated because of its high-speed convergence and strong proximity. Therefore, the proposed classification technology can assist professionals and backstage managers in guaranteeing security by facilitating receipt of information in a timely manner.

computer science, artificial intelligence, interdisciplinary applications

Zhiwen Wang,Qin Xia,Ke Lu

DOI: https://doi.org/10.4236/jsea.2008.11009

2008-01-01

Journal of Software Engineering and Applications

Abstract:The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing new techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks and to take action to weaken those attacks appropriately before they have had time to propagate across the network. In this paper, we propose an SNMP MIB oriented approach for detecting attacks, which is based on two-tier GCT by analyzing causal relationship between attacking variable at the attacker and abnormal variable at the target. According to the abnormal behavior at the target, GCT is executed initially to determine preliminary attacking variable, which has whole causality with abnormal variable in network behavior. Depending on behavior feature extracted from abnormal behavior, we can recognize attacking variable by using GCT again, which has local causality with abnormal variable in local behavior. Proactive detecting rules can be constructed with the causality between attacking variable and abnormal variable, which can be used to give alarms in network management system. The results of experiment showed that the approach with two-tier GCT was proved to detect attacks early, with which attack propagation could be slowed through early detection.

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics