Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Jingyi Wang,Naiyue Chen,Jinhui Yu,Yi Jin,Yidong Li

DOI: https://doi.org/10.1109/besc51023.2020.9348310

2020-01-01

Abstract:In recent years, various types of network attacks emerge in endlessly, the protection of network security has been paid more and more attention by our society. Network Intrusion Detection System (NIDS)is used to protect computer systems from malicious attacks and intrusions, thus has also become a hot research field. Due to the great success of deep learning in industry and academia, there is an increasing interest in the application of deep learning methods for feature representations and classification. In this paper,we propose a intrusion detection model based on time-related deep learning approach with attention mechanism. Firstly, we build a stacked sparse autoencoder(SSAE) to extract high-level feature representations of intrusion information. Then we design a two-layer bidirectional gated recurrent unit(BiGRU) network with attention mechanism to classify traffic data. We perform experiments on a benchmark dataset UNSW-NB15, the results in binary classification indicate that using high-dimensional sparse features extracted by SSAE can significantly accelerate the classification progress. Our model can detect network intrusions effectively and outperform other related methods with reduction of false alarm rate, high accuracy rate, reduced training and testing time.

Laisen Nie,Yixuan Wu,Xiaojie Wang,Lei Guo,Guoyin Wang,Xinbo Gao,Shengtao Li

DOI: https://doi.org/10.1109/tcss.2021.3063538

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:The Social Internet of Things (SIoT) now penetrates our daily lives. As a strategy to alleviate the escalation of resource congestion, collaborative edge computing (CEC) has become a new paradigm for solving the needs of the Internet of Things (IoT). CEC can provide computing, storage, and network connection resources for remote devices. Because the edge network is closer to the connected devices, it involves a large amount of users’ privacy. This also makes edge networks face more and more security issues, such as Denial-of-Service (DoS) attacks, unauthorized access, packet sniffing, and man-in-the-middle attacks. To combat these issues and enhance the security of edge networks, we propose a deep learning-based intrusion detection algorithm. Based on the generative adversarial network (GAN), we designed a powerful intrusion detection method. Our intrusion detection method includes three phases. First, we use the feature selection module to process the collaborative edge network traffic. Second, a deep learning architecture based on GAN is designed for intrusion detection aiming at a single attack. Finally, we propose a new intrusion detection model by combining several intrusion detection models that aim at a single attack. Intrusion detection aiming at multiple attacks is realized through the designed GAN-based deep learning architecture. Besides, we provide a comprehensive evaluation to verify the effectiveness of the proposed method.

Bo Cao,Chenghai Li,Yafei Song,Yueyi Qin,Chen Chen

DOI: https://doi.org/10.3390/app12094184

2022-04-21

Applied Sciences

Abstract:A network intrusion detection model that fuses a convolutional neural network and a gated recurrent unit is proposed to address the problems associated with the low accuracy of existing intrusion detection models for the multiple classification of intrusions and low accuracy of class imbalance data detection. In this model, a hybrid sampling algorithm combining Adaptive Synthetic Sampling (ADASYN) and Repeated Edited nearest neighbors (RENN) is used for sample processing to solve the problem of positive and negative sample imbalance in the original dataset. The feature selection is carried out by combining Random Forest algorithm and Pearson correlation analysis to solve the problem of feature redundancy. Then, the spatial features are extracted by using a convolutional neural network, and further extracted by fusing Averagepooling and Maxpooling, using attention mechanism to assign different weights to the features, thus reducing the overhead and improving the model performance. At the same time, a Gated Recurrent Unit (GRU) is used to extract the long-distance dependent information features to achieve comprehensive and effective feature learning. Finally, a softmax function is used for classification. The proposed intrusion detection model is evaluated based on the UNSW_NB15, NSL-KDD, and CIC-IDS2017 datasets, and the experimental results show that the classification accuracy reaches 86.25%, 99.69%, 99.65%, which are 1.95%, 0.47% and 0.12% higher than that of the same type of CNN-GRU, and can solve the problems of low classification accuracy and class imbalance well.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dong Yang,Can Zhou,Songjie Wei

DOI: https://doi.org/10.1007/978-981-99-4761-4_27

2023-01-01

Abstract:Typical network traffic is characterized by high-dimensional, polymorphic and massive amounts of data, which is a consistent challenge for pattern-based intrusion detection. Most detection models suffer from low efficiency and poor consideration of portability. We propose a light-weighted network intrusion detection model incorporating GRU and CNN as an equilibration of model complexity and performance. Firstly, we prune off redundant features from the dataset using extremely randomized trees. Then feature extraction is performed using GRU, taking into account the long-term and short-term dependencies in the data, and all hidden layer outputs are treated as the sequences of feature information for the next step. We construct a CNN model with structures including inversed residual, depthwise separable convolution and dilated convolution for spatial feature extraction. The model convergence is accelerated with a channel attention mechanism. We conduct experiments on the CIC-IDS2017 dataset and have verified the proposed with excellent detection performance, as well as the advantages of simplicity, such as fewer model parameters, smaller model size, less training time and faster detection.

Xiaodong Liu,Tong Li,Runzi Zhang,Di Wu,Yongheng Liu,Zhen Yang

DOI: https://doi.org/10.1155/2021/9947059

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:In recent years, there have been numerous cyber security issues that have caused considerable damage to the society. The development of efficient and reliable Intrusion Detection Systems (IDSs) is an effective countermeasure against the growing cyber threats. In modern high-bandwidth, large-scale network environments, traditional IDSs suffer from a high rate of missed and false alarms. Researchers have introduced machine learning techniques into intrusion detection with good results. However, due to the scarcity of attack data, such methods’ training sets are usually unbalanced, affecting the analysis performance. In this paper, we survey and analyze the design principles and shortcomings of existing oversampling methods. Based on the findings, we take the perspective of imbalance and high dimensionality of datasets in the field of intrusion detection and propose an oversampling technique based on Generative Adversarial Networks (GAN) and feature selection. Specifically, we model the complex high-dimensional distribution of attacks based on Gradient Penalty Wasserstein GAN (WGAN-GP) to generate additional attack samples. We then select a subset of features representing the entire dataset based on analysis of variance, ultimately generating a rebalanced low-dimensional dataset for machine learning training. To evaluate the effectiveness of our proposal, we conducted experiments based on the NSL-KDD, UNSW-NB15, and CICIDS-2017 datasets. The experimental results show that our method can effectively improve the detection performance of machine learning models and outperform the baselines.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yixuan Wu,Laisen Nie,Shupeng Wang,Zhaolong Ning,Shengtao Li

DOI: https://doi.org/10.1109/jiot.2021.3112159

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the rapid advance of Internet of Things (IoT), it is difficult for cloud-centric computing to meet the requirements of low latency and ease of use. As an open and distributed system, edge computing integrates computing, networking, storage, and applications. It provides intelligent services on the edge of an IoT. The edge network is composed of various wireless and wired networks, and the computing and storage resources of edge nodes are limited. These conditions make the edge network expose to a variety of cyber attacks. Additionally, it is difficult for an IoT edge node to support large-scale network data collection and detection for IoT security. Although big data-enabled intrusion detection algorithms can ensure the high accuracy of intrusion detection systems, it is stressful for resource-limited edge nodes to implement those algorithms in IoT. Motivated by these challenges, we propose an intelligent intrusion detection algorithm implemented by big data mining based on a fuzzy rough set, generative adversarial network (GAN), and convolutional neural network (CNN). In our method, we first propose a fuzzy rough set-based algorithm to perform feature selection for big data via IoT. Then, we take advantage of the efficient feature extraction capabilities of CNN for implementing intrusion detection based on selected features. Furthermore, after combining CNN and GAN, we propose an intelligent algorithm to realize intrusion detection in a variety of scenarios. Finally, the proposed method is compared with existing methods for evaluation. Simulation results show that our method has up to 4% higher accuracy than existing methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zengyu Cai,Hongyu Du,Haoqi Wang,Jianwei Zhang,Yajie Si,Pengrong Li

DOI: https://doi.org/10.3390/electronics12224653

IF: 2.9

2023-11-15

Electronics

Abstract:The imbalance between normal and attack samples in the industrial control systems (ICSs) network environment leads to the low recognition rate of the intrusion detection model for a few abnormal samples when classifying. Since traditional machine learning methods can no longer meet the needs of increasingly complex networks, many researchers use deep learning to replace traditional machine learning methods. However, when a large amount of unbalanced data is used for training, the detection performance of deep learning decreases significantly. This paper proposes an intrusion detection method for industrial control systems based on a 1D CWGAN. The 1D CWGAN is a network attack sample generation method that combines 1D CNN and WGAN. Firstly, the problem of low ICS intrusion detection accuracy caused by a few types of attack samples is analyzed. This method balances the number of various attack samples in the data set from the aspect of data enhancement to improve detection accuracy. According to the temporal characteristics of network traffic, the algorithm uses 1D convolution and 1D transposed convolution to construct the modeling framework of network traffic data of two competing networks and uses gradient penalty instead of weight cutting in the Wasserstein Generative Adversarial Network (WGAN) to generate virtual samples similar to real samples. After a large number of data sets are used for verification, the experimental results show that the method improves the classification performance of the CNN and BiSRU. For the CNN, after data balancing, the accuracy rate is increased by 0.75%, and the accuracy, recall rate and F1 are improved. Compared with the BiSRU without data processing, the accuracy of the s1D CWGAN-BiSRU is increased by 1.34%, and the accuracy, recall and F1 are increased by 7.2%, 3.46% and 5.29%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ying Zhong,Yiran Zhu,Zhiliang Wang,Xia Yin,Xingang Shi,Keqin Li

DOI: https://doi.org/10.1007/978-3-030-59016-1_65

2020-01-01

Abstract:Network intrusion detection plays an important role in network security. With the deepening of machine learning research, especially the generative adversarial networks (GAN) proposal, the stability of the anomaly detector is put forward for higher requirements. The main focus of this paper is on the security of machine learning based anomaly detectors. In order to detect the robustness of the existing advanced anomaly detection algorithm, we propose an anomaly detector attack framework MACGAN (maintain attack features based on the generative adversarial networks). The MACGAN framework consists of two parts. The first part is used to analyze the attack fields manually. Then, the learning function of GAN in the second part is used to bypass the anomaly detection. Our framework is tested on the latest Kitsune2018 and CICIDS2017 data sets. Experimental results demonstrate the ability to bypass the state-of-the-art machine learning algorithms. This greatly helps the network security researchers to improve the stability of the detector.

Jingqi Zhang,Xin Zhang,Zhaojun Liu,Fa Fu,Yihan Jiao,Fei Xu

DOI: https://doi.org/10.3390/electronics12194170

IF: 2.9

2023-10-09

Electronics

Abstract:A network intrusion detection tool can identify and detect potential malicious activities or attacks by monitoring network traffic and system logs. The data within intrusion detection networks possesses characteristics that include a high degree of feature dimension and an unbalanced distribution across categories. Currently, the actual detection accuracy of some detection models is relatively low. To solve these problems, we propose a network intrusion detection model based on multi-head attention and BiLSTM (Bidirectional Long Short-Term Memory), which can introduce different attention weights for each vector in the feature vector that strengthen the relationship between some vectors and the detection attack type. The model also utilizes the advantage that BiLSTM can capture long-distance dependency relationships to obtain a higher detection accuracy. This model combined the advantages of the two models, adding a dropout layer between the two models to improve the detection accuracy while preventing training overfitting. Through experimental analysis, the network intrusion detection model that utilizes multi-head attention and BilSTM achieved an accuracy of 98.29%, 95.19%, and 99.08% on the KDDCUP99, NSLKDD, and CICIDS2017 datasets, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hong Chen,Lili Chen

DOI: https://doi.org/10.1117/12.2683212

2023-01-01

Abstract:With the increasing number and categories of cyber-attacks in the era of big data, intrusion detection techniques are constantly updated and optimized. In order to address the shortcomings of traditional intrusion detection methods and single neural network models in intrusion detection, this paper proposes a deep learning-based intrusion detection method. By combining a one-dimensional convolutional neural network with a bidirectional gated recurrent unit, a new CNN-BiGRU network model is formed to fully extract intrusion detection data features and improve the accuracy of intrusion detection. Using the public dataset CIC-IDS2017, multiple sets of comparison experiments were conducted on the proposed method in this paper in the same environment. Firstly, the ablation experiments yielded that in terms of detection performance, the accuracy of this paper's method improved from 99.50% and 99.34% to 99.58% compared with CNN and BiGRU-based models respectively. In terms of running time, the detection time of this model is reduced from 1921s to 907s compared with that of BiGRU, demonstrating the good detection performance of this method. Finally, through comparison tests, it is verified that the intrusion detection method proposed in this paper has better detection performance compared with other methods.

Jiyuan Cui,Liansong Zong,Jianhua Xie,Mingwei Tang

DOI: https://doi.org/10.1007/s10489-022-03361-2

IF: 5.3

2022-04-14

Applied Intelligence

Abstract:The high dimension, complexity, and imbalance of network data are hot issues in the field of intrusion detection. Nowadays, intrusion detection systems face some challenges in improving the accuracy of minority classes detection, detecting unknown attacks, and reducing false alarm rates. To address the above problems, we propose a novel multi-module integrated intrusion detection system, namely GMM-WGAN-IDS. The system consists of three parts, such as feature extraction, imbalance processing, and classification. Firstly, the stacked autoencoder-based feature extraction module (SAE module) is proposed to obtain a deeper representation of the data. Secondly, on the basis of combining the clustering algorithm based on gaussian mixture model and the wasserstein generative adversarial network based on gaussian mixture model, the imbalance processing module (GMM-WGAN) is proposed. Thirdly, the classification module (CNN-LSTM) is designed based on convolutional neural network (CNN) and long short-term memory (LSTM). We evaluate the performance of GMM-WGAN-IDS on the NSL-KDD and UNSW-NB15 datasets, comparing it with other intrusion detection methods. Finally, the experimental results show that our proposed GMM-WGAN-IDS outperforms the state-of-the-art methods and achieves better performance.

computer science, artificial intelligence

Zhou Jingjing,Yang Tongyu,Zhang Jilin,Zhang Guohao,Li Xuefeng,Pan Xiang

DOI: https://doi.org/10.1155/2022/2448010

2022-01-01

Wireless Communications and Mobile Computing

Abstract:A crucial line of defense for the security of wireless sensor network (WSN) is intrusion detection. This research offers a new MC-GRU WSN intrusion detection model based on convolutional neural networks (CNN) and gated recurrent unit (GRU) to solve the issues of low detection accuracy and poor real-time detection in existing WSN intrusion detection algorithms. MC-GRU uses multiple convolutions to extract network data traffic features and uses the high-level features output after convolution operations as input parameters of the GRU network, which strengthens the learning of spatial and time series features of traffic data and improves the detection performance of the model. The experiment results based on the WSN-DS dataset show that the overall detection accuracy of the four types of attack of black hole, gray hole, flooding, and scheduling and normal behaviors reaches 99.57%, and it is also better than the existing WSN intrusion detection algorithms in real-time performance and classification ability.

Yali Duan,Jianming Cui,Yungang Jia,Ming Liu

DOI: https://doi.org/10.1007/978-981-97-0801-7_3

2024-01-01

Abstract:At present, cyber attacks on vehicle network have are proliferating, one of the most significant difficulties in the current detection methods is that the malicious flows are small and discrete in the whole link. In view of the above issues, this paper proposed a detection model based on the integration of Generative Adversarial Networks (GANs) and Deep Belief Networks (DBN). In this model, GANs is first used to enhance the few malicious flow samples, and then an improved DBN is used to evaluate the effect of data generation, so as to improve the uneven distribution of samples in the data set. In the testing section, open data set CIC-IDS2017 was selected for data enhancement and evaluated the performance of the proposed model. The experimental results show that the proposed model has significantly improved the detection performance of few cyber attacks samples compared with traditional detection algorithms. In addition, compared with the method of merge-generate data set approach, the accuracy rate, recall rate, F1 value and other evaluation indexes of the proposed model for the few samples detection have been greatly improved. Therefore, it can be considered that the proposed model is effective than current methods in dealing with the uneven distribution of data sets in traditional cyber attack detection.

Xinda Hao,Jianmin Zhou,Xueqi Shen,Yu Yang

DOI: https://doi.org/10.32604/jqc.2020.010819

2020-01-01

Journal of Quantum Computing

Abstract:In recent years, machine learning technology has been widely used for timely network attack detection and classification. However, due to the large number of network traffic and the complex and variable nature of malicious attacks, many challenges have arisen in the field of network intrusion detection. Aiming at the problem that massive and high-dimensional data in cloud computing networks will have a negative impact on anomaly detection, this paper proposes a Bi-LSTM method based on attention mechanism, which learns by transmitting IDS data to multiple hidden layers. Abstract information and high-dimensional feature representation in network data messages are used to improve the accuracy of intrusion detection. In the experiment, we use the public data set KDD-Cup 99 for verification. The experimental results show that the model can effectively detect unpredictable malicious behaviors under the current network environment, improve detection accuracy and reduce false positive rate compared with traditional intrusion detection methods.

Yangyang Song,Nurbol Luktarhan,Zhaolei Shi,Haojie Wu

DOI: https://doi.org/10.3390/electronics12132849

IF: 2.9

2023-06-28

Electronics

Abstract:With the increasing complexity of the network environment, the types of network attacks are gradually increasing. Network intrusion detection systems can detect and identify network attacks effectively. However, the existing methods have some limitations, focusing only on local or global temporal features of network traffic. To address the above issues, we present a novel network intrusion detection model (TGA) based on Temporal Convolutional Network (TCN), Bidirectional Gated Recurrent Unit (BiGRU), and self-attention mechanism. TCN extracts local temporal information from network traffic sequences, while BiGRU extracts global temporal information from network traffic sequences. However, TCN and BiGRU do not consider the weights of features when extracting them, so an attention mechanism is added. The feature vectors obtained in TCN and BiGRU are fused and then input into the self-attention mechanism to capture the correlation between different positions in the sequence and reassign the weights of the temporal features to further enhance the model's capabilities. Lastly, it is delivered to the classifier to classify different network traffic classes. Our method achieves 97.83% accuracy on the public CSE-CIC-IDS2018 dataset. After extensive experiments, our idea proved to be reasonable and practical.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yakubu Imrana,Yanping Xiang,Liaqat Ali,Zaharawu Abdul-Rauf

DOI: https://doi.org/10.1016/j.eswa.2021.115524

IF: 8.5

2021-01-01

Expert Systems with Applications

Abstract:The rise in computer networks and internet attacks has become alarming for most service providers. It has triggered the need for the development and implementation of intrusion detection systems (IDSs) to help prevent and or mitigate the challenges posed by network intruders. Over the years, intrusion detection systems have played and continue to play a very significant role in spotting network attacks and anomalies. Numerous researchers around the globe have proposed many IDSs to combat the threat of network invaders. However, most of the previously proposed IDSs have high rates of raising false alarms. Additionally, most existing models suffer the difficulty of detecting the different attack types, especially User-to-Root (U2R) and Remote-to-Local (R2L) attacks. These two types of attacks often appear to have lower detection accuracy for the existing models. Hence, in this paper, we propose a bidirectional Long-Short-Term-Memory (BiDLSTM) based intrusion detection system to handle the challenges mentioned above. To train and measure our model's performance, we use the NSL-KDD dataset, a benchmark dataset for most IDSs. Experimental results show and validate the effectiveness of the BiDLSTM approach. It outperforms conventional LSTM and other state-of-the-art models in terms of accuracy, precision, recall, and F-score values. It also has a much more reduced false alarm rate than the existing models. Furthermore, the BiDLSTM model achieves a higher detection accuracy for U2R and R2L attacks than the conventional LSTM.

Liqun Yang,Jianqiang Li,Liang Yin,Zhonghao Sun,Yufei Zhao,Zhoujun Li

DOI: https://doi.org/10.1109/ACCESS.2020.3019973

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the development of the wireless network techniques, the number of cyber-attack increases significantly, which has seriously threat the security of Wireless Local Area Network (WLAN). The traditional intrusion detection technology is a prevalent area of study for numerous years, but it may not have a good detection performance in a real-time way. Therefore, it is urgent to design a detection mechanism to detect the attacks timely. In this paper, we exploit a CDBN (Conditional Deep Belief Network)-based intrusion detection mechanism to recognize the attack features and perform the wireless network intrusion detection in real time. To avoid the impact of the imbalanced dataset and the data redundancy on the detection accuracy, a window-based instance selection algorithm "SamSelect" is adopted to undersample the majority class data samples, and a Stacked Contractive Auto-Encoder (SCAE) algorithm is proposed to reduce the dimension of the data samples. By doing so, our proposed mechanism can effectively detect the potential attack and achieve high accuracy. The experiment results show that CDBN can be effectively combined with "SamSelect" and SCAE, and the proposed mechanism has a high detection speed and accuracy, with the average detection time 1.14 ms and the detection accuracy 0.974.