Fulai Liu,Jiaqi Yue,Zhongyi Hu,Ruiyan Du

DOI: https://doi.org/10.1007/s11276-024-03868-1

IF: 2.701

2024-01-01

Wireless Networks

Abstract:As one of the promising technologies for enhancing network security, network intrusion detection is crucial for accurately identifying various network attacks. To advance the intrusion detection capability, a multiple classification ensemble learning algorithm (MCELID) is proposed by analyzing intrusion data from diverse perspectives. Firstly, an individual learner combining graph convolutional networks and long short-term memory networks (GCN-LSTM) is constructed to extract both structural information and temporal correlations from intrusion data. Meanwhile, a weighted support vector machine (W-SVM) model is employed for handling multi-classification tasks, where the conditional probability is calculated to derive the probability vector of input samples. Finally, the intrusion detection result is determined by a soft voting mechanism that combines the classification results from the GCN-LSTM and W-SVM models. Extensive experiments conducted on the KDD-CUP 99 dataset demonstrate that the proposed MCELID algorithm outperforms other existing methods in terms of detection accuracy, particularly in the recognition of DOS and Probe attacks.

Celestine Iwendi,Suleman Khan,Joseph Henry Anajemba,Mohit Mittal,Mamdouh Alenezi,Mamoun Alazab

DOI: https://doi.org/10.3390/s20092559

IF: 3.9

2020-04-30

Sensors

Abstract:The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xianwei Gao,Chun Shan,Changzhen Hu,Zequn Niu,Zhen Liu

DOI: https://doi.org/10.1109/access.2019.2923640

IF: 3.9

2019-01-01

IEEE Access

Abstract:In recent years, advanced threat attacks are increasing, but the traditional network intrusion detection system based on feature filtering has some drawbacks which make it difficult to find new attacks in time. This paper takes NSL-KDD data set as the research object, analyses the latest progress and existing problems in the field of intrusion detection technology, and proposes an adaptive ensemble learning model. By adjusting the proportion of training data and setting up multiple decision trees, we construct a MultiTree algorithm. In order to improve the overall detection effect, we choose several base classifiers, including decision tree, random forest, kNN, DNN, and design an ensemble adaptive voting algorithm. We use NSL-KDD Test+ to verify our approach, the accuracy of the MultiTree algorithm is 84.2%, while the final accuracy of the adaptive voting algorithm reaches 85.2%. Compared with other research papers, it is proved that our ensemble model effectively improves detection accuracy. In addition, through the analysis of data, it is found that the quality of data features is an important factor to determine the detection effect. In the future, we should optimize the feature selection and preprocessing of intrusion detection data to achieve better results.

Yuyang Zhou,Guang Cheng

2019-01-01

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Mian Dai

DOI: https://doi.org/10.1016/j.comnet.2020.107247

IF: 5.493

2020-01-01

Computer Networks

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Wenbin Yao,Yingying Hou,Longcan Hu,Xiaoyong Li

DOI: https://doi.org/10.1109/dsn-w54100.2022.00034

2022-01-01

Abstract:Network intrusion detection is a real-time technology to protect the network from attack, which plays a major role in the server system and network security. However, network intrusion detection still faces multiple challenges, such as inconsistent data distribution between training and testing dataset, imbalanced data categories and low accuracy rate. To solve these problems, a two-layer soft-voting ensemble learning model with RF, lightGBM and XGBoost as base classifiers is proposed in this paper. Firstly, the model uses the adversarial validate algorithm to test the consistency of data distribution in training and testing dataset to determine whether the dataset needs re-splitting. Secondly, the model adopts the Synthetic Minority Oversampling Technique (SMOTE) to synthesize samples of minority classes, which helps improve the accuracy rate of minority classes. Finally, the experimental results show that the soft-voting ensemble learning model has a higher accuracy rate in both binary and multi-classification than other single models, which proves to be both feasible and efficient. In particular, the recall rate of DoS, ShellCode, Worms and Reconnaissance is significantly increased in multi-classification.

Xinghua Li,Mengyao Zhu,Laurence T. Yang,Mengfan Xu,Zhuo Ma,Cheng Zhong,Hui Li,Yang Xiang

DOI: https://doi.org/10.1109/tdsc.2021.3066202

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Nowadays, in machine learning based intrusion detection systems, ensemble learning is a commonly adopted method to improve the detection accuracy. Unfortunately, the existing works have not considered the accumulation and reuse of historical knowledge, as well as the sensitivity of the detection model to different types of attacks, which leads to a low detection accuracy. To address the issue, this article proposes a model based on sustainable ensemble learning. In the model training stage, by taking the individual classifiers probability output and classification confidence as the training data, we build multi-class regression models such that ensemble learning adapts to different attacks. Besides, in the updating stage, an iterative updating method is presented, where the parameters and decision results of the historical model are added to the training process of the new ensemble model to realize the incremental learning. Experiment results show that the proposed model significantly outperforms the existing solutions in terms of detection accuracy, false alarm, stability and robustness.

Yanping Shen,Kangfeng Zheng,Chunhua Wu,Mingwu Zhang,Xinxin Niu,Yixian Yang

DOI: https://doi.org/10.1093/comjnl/bxx101

2017-01-01

The Computer Journal

Abstract:Machine learning plays an important role in constructing intrusion detection models. However, the information era is an era of data. With the continuous increase in data size and the growth of data dimensions, the ability of a single classifier is becoming limited in predicting samples. In this paper, we present an ensemble method using random subspace in which an extreme learning machine (ELM) is chosen as the base classifier. To optimize the ensemble model, an ensemble pruning method based on the bat algorithm (BA) is proposed. Meanwhile, a fitness function based on the accuracy and diversity of an ensemble is defined in the BA to obtain an improved classifier subset. Three public datasets, the KDD99, NSL and Kyoto datasets, are adopted to assess the robustness of the method. The empirical results indicate that the ensemble method based on random subspace can improve the accuracy and robustness over the use of an individual ELM. The results also show that compared with when all the sub-classifiers are used in the ensemble, the pruning framework can not only achieve comparable or better performance but also save substantial computing resources in an intrusion detection system (IDS)

Zhi Wang,Leshi Shao,Kai Cheng,Yuanzhao Liu,Jianan Jiang,Yuanping Nie,Xiang Li,Xiaohui Kuang

DOI: https://doi.org/10.1002/int.22877

IF: 8.993

2022-03-27

International Journal of Intelligent Systems

Abstract:Many machine‐learning‐based intrusion detection methods have been proposed, however there is a lack of collaboration among these methods. Faced with a cascade of malicious behaviors and various running environments, coupled with the endless emergence of new malicious activities, it is difficult for us to choose an algorithm manually that is suitable for all scenarios. In addition, usually the binary detection models are applied that only “normal” or “abnormal” decision is made, and it is difficult for us to know how much confidence we have in the prediction model. In this study, we propose an intrusion collaborative detection framework (ICDF), an ICDF that allows heterogeneous detection models to effectively work together which have complementary expertise. A multialgorithm model ensemble learning method with confidence interval is adopted. In this process, each algorithm model only makes prediction judgments on its own credible probability interval and refuses to predict outside the interval. The final result is generated by voting based on the confidence of multiple models. Ten detection algorithms were tested on three different data sets. Compared with different single algorithms, ICDF could achieve high precision and recall rate, and the best F1 scores.

computer science, artificial intelligence

Jinming Wang,Tao Yang,Bingjing Yan,Pengchao Yao,Wenhai Wang,Qiang Yang

DOI: https://doi.org/10.1109/EI256261.2022.10117041

2022-01-01

Abstract:With the development and advances of information and networking technologies in Cyber-physical Power systems (CPPS), the frequency of information exchange between CPPS and the external networks is significantly increasing, leading to an ever-growing risk of cyberspace threats and attacks, e.g., malware injection to the CPPS. The existing detectors against malware are mainly based on static analysis, which deals well with known malware, but cannot cope with unknown or obfuscated malware. To this end, this paper proposed a novel multi-classifier ensemble system (MCES) for malware detection based on behavioral analysis. The developed detection model of MCES is a hierarchical learning model with kernel components consisting of base classifiers and one meta classifier. The proposed solution is assessed through experiments based on in total 14800 malware and 14800 benign samples. The numerical results demonstrated that MCES outperformed existing machine learning-based classifiers in identifying malware through application program interface (API) call sequences. The proposed model achieved the highest accuracy of 97.54%, and the highest recall of 97.85% in comparison with the state-of-the-art deep learning based malware detectors.

Usman Ahmed,Zheng Jiangbin,Ahmad Almogren,Sheharyar Khan,Muhammad Tariq Sadiq,Ayman Altameem,Ateeq Ur Rehman

DOI: https://doi.org/10.1186/s13677-024-00712-x

2024-01-01

Journal of Cloud Computing

Abstract:AbstractCybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability.

Perumal Pitchandi,M. Nivaashini,R. Kingsy Grace

DOI: https://doi.org/10.1080/03772063.2024.2367042

IF: 1.8768

2024-06-25

IETE Journal of Research

Abstract:Machine learning (ML) and deep learning (DL) are used in numerous fields, particularly to develop effective intrusion detection systems (IDS). Existing wireless network IDS, which rely on a single ML algorithm and have limitations. These include a high rate of false positives, difficulties in recognizing distinct attack patterns, and a high acquisition cost for annotated training datasets. However, hostile threats are always evolving, networks need a smart security solution. In comparison to other ML approaches, DL algorithms are more successful in intrusion detection. This paper presents a DL based ensemble model that combines Multi-verse through Chaotic Atom Search Optimization (MCA) for preprocessing, which eliminates unsolicited/recurrent information in the dataset. The process of optimized feature selection uses Principal Component Analysis (PCA), Chaotic Manta-ray Foraging Optimizations (CMFO), and a grounded grouping method to partition the optimized feature dataset into k-diverse clusters. The recommended model then stacks Support Vector Machine (SVM) as the ensemble model's meta-learner classifier, pre-training the hybrid DL prototypes using the optimized feature dataset cluster. The CNN-LSTM and CNN-GRU models, which integrate Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU), are the hybrid DL prototype's key components. The suggested model's performance has been enhanced and compared to six ML techniques: NB, SVM, J48, RF, MLP, and kNN models, utilizing measures such as accuracy, precision, recall, and F-measure. The public can access the Aegean Wi-Fi Intrusion Dataset (AWID) which is used for evaluating the recommended model and is outperformed the contemporary models in the literature.

telecommunications,engineering, electrical & electronic

Ismail Bibers,Osvaldo Arreche,Mustafa Abdallah

2024-10-21

Abstract:The escalating frequency of intrusions in networked systems has spurred the exploration of new research avenues in devising artificial intelligence (AI) techniques for intrusion detection systems (IDS). Various AI techniques have been used to automate network intrusion detection tasks, yet each model possesses distinct strengths and weaknesses. Selecting the optimal model for a given dataset can pose a challenge, necessitating the exploration of ensemble methods to enhance generalization and applicability in network intrusion detection. This paper addresses this gap by conducting a comprehensive evaluation of diverse individual models and both simple and advanced ensemble methods for network IDS. We introduce an ensemble learning framework tailored for assessing individual models and ensemble methods in network intrusion detection tasks. Our framework encompasses the loading of input datasets, training of individual models and ensemble methods, and the generation of evaluation metrics. Furthermore, we incorporate all features across individual models and ensemble techniques. The study presents results for our framework, encompassing 14 methods, including various bagging, stacking, blending, and boosting techniques applied to multiple base learners such as decision trees, neural networks, and among others. We evaluate the framework using two distinct network intrusion datasets, RoEduNet-SIMARGL2021 and CICIDS-2017, each possessing unique characteristics. Additionally, we categorize AI models based on their performances on our evaluation metrics and via their confusion matrices. Our assessment demonstrates the efficacy of learning across most setups explored in this study. Furthermore, we contribute to the community by releasing our source codes, providing a foundational ensemble learning framework for network intrusion detection.

Cryptography and Security,Artificial Intelligence,Machine Learning

Mianfen Lin,Kaixiang Yang,Zhiwen Yu,Yifan Shi,C. L. Philip Chen

DOI: https://doi.org/10.1109/tii.2023.3332957

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:In the current era of big data, securing computer networks and preventing cyberattacks have become a major challenge. In this regard, we present a novel approach for addressing the imbalanced problem of network traffic data. Specifically, the proposed method MC-OCBLS, leverages the maximum correntropy criterion (MCC) to develop a one-class broad learning system. The robustness of the one-class classification model is enhanced by maximizing the correlation entropy. Moreover, considering the limited generalization capability of individual models, we propose the boosting ensemble model SMC-OCBLS, which assigns higher weights to misclassified samples and classifiers with lower error rates. To increase the variety of classifiers in the ensemble framework, feature columns are randomly disrupted during training to construct different feature spaces. Training multiple hybrid classifiers using various feature spaces further enhances the accuracy and generalizability of the model. The experimental results demonstrate the superiority of the proposed model over other advanced approaches.

Hao Zhang,Jie-Ling Li,Xi-Meng Liu,Chen Dong

DOI: https://doi.org/10.1016/j.future.2021.03.024

IF: 7.307

2021-01-01

Future Generation Computer Systems

Abstract:A robust network intrusion detection system (NIDS) plays an important role in cyberspace security for protecting confidential systems from potential threats. In real world network, there exists complex correlations among the various types of network traffic information, which may be respectively attributed to different abnormal behaviors and should be make full utilized in NIDS. Regarding complex network traffic information, traditional learning based abnormal behavior detection methods can hardly meet the requirements of the real world network environment. Existing methods have not taken into account the impact of various modalities of data, and the mutual support among different data features. To address the concerns, this paper proposes a multi-dimensional feature fusion and stacking ensemble mechanism (MFFSEM), which can detect abnormal behaviors effectively. In order to accurately explore the connotation of traffic information, multiple basic feature datasets are established considering different aspects of traffic information such as time, space, and load. Then, considering the association and correlation among the basic feature datasets, multiple comprehensive feature datasets are set up to meet the requirements of real world abnormal behavior detection. In specific, stacking ensemble learning is conducted on multiple comprehensive feature datasets, and thus an effective multi-dimensional global anomaly detection model is accomplished. The experimental results on the dataset KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017 have shown that MFFSEM significantly outperforms the basic and meta classifiers adopted in our method. Furthermore, its detection performance is superior to other well-known ensemble approaches. (C) 2021 Elsevier B.V. All rights reserved.

Yazeed Alotaibi,Mohammad Ilyas

DOI: https://doi.org/10.3390/s23125568

2023-06-14

Abstract:The Internet of Things (IoT) comprises a network of interconnected nodes constantly communicating, exchanging, and transferring data over various network protocols. Studies have shown that these protocols pose a severe threat (Cyber-attacks) to the security of data transmitted due to their ease of exploitation. In this research, we aim to contribute to the literature by improving the Intrusion Detection System (IDS) detection efficiency. In order to improve the efficiency of the IDS, a binary classification of normal and abnormal IoT traffic is constructed to enhance the IDS performance. Our method employs various supervised ML algorithms and ensemble classifiers. The proposed model was trained on TON-IoT network traffic datasets. Four of the trained ML-supervised models have achieved the highest accurate outcomes; Random Forest, Decision Tree, Logistic Regression, and K-Nearest Neighbor. These four classifiers are fed to two ensemble approaches: voting and stacking. The ensemble approaches were evaluated using the evaluation metrics and compared for their efficacy on this classification problem. The accuracy of the ensemble classifiers was higher than that of the individual models. This improvement can be attributed to ensemble learning strategies that leverage diverse learning mechanisms with varying capabilities. By combining these strategies, we were able to enhance the reliability of our predictions while reducing the occurrence of classification errors. The experimental results show that the framework can improve the efficiency of the Intrusion Detection System, achieving an accuracy rate of 0.9863.

Aboul Ella Hassanien,Tai-Hoon Kim,Janusz Kacprzyk,Ali Ismail Awad

DOI: https://doi.org/10.1007/978-3-662-43616-5_9

2014-01-01

Abstract:Almost daily we hear news about a security breach somewhere, as hackers are constantly finding new ways to get around even the most complex firewalls and security systems. This turned the security into one of the top research areas. Artificial Immune Systems are techniques inspired by biological immune system-specifically the human immune system-which basic function is to protect the body (system) and defend against attacks of different types. For this reason, many have applied the artificial immune system in the field of network security and intrusion detection. In this chapter, a basic model of a multi-layer system is discussed, along with the basics of artificial immune systems and network intrusion detection. An actual experiment is included, which involved a layer for data preprocessing and feature selection (using Principal Component Analysis), a layer for detectors generation and anomaly detection (Using Genetic Algorithm with Negative Selection Approach), and finally a layer for detected anomalies classification (using decision tree classifiers). The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results of the anomaly detection layer shows that up to 81% of the attacks were successfully detected as attacks. The results of the classification layer demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82% for DoS attacks and 65.4% for probe attacks in the anomaly traffic.

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Tao Ma,Fen Wang,Jianjun Cheng,Yang Yu,Xiaoyun Chen

DOI: https://doi.org/10.3390/s16101701

IF: 3.9

2016-10-13

Sensors

Abstract:The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jinghong Lan,Xudong Liu,Bo Li,Jie Sun,Beibei Li,Jun Zhao

DOI: https://doi.org/10.1016/j.cose.2022.102919

2022-09-14

Abstract:With the continuous occurrence of cybersecurity incidents, network intrusion detection has become one of the most critical issues in cyber ecosystems. Although previous machine learning-based approaches have made significant progress, their generalization ability is limited due to the following critical challenges. First, intrusion detection is severely affected by the class imbalance problem in many network scenarios, with some attack types representing only a very small subset of the entire training set. Second, cyberattacks are becoming increasingly sophisticated, and hence, it is becoming more challenging for existing methods to extract robust representations. Third, most existing methods generally leverage only a particular aspect of the network traffic features and treat model training as a single-task learning problem, thus ignoring the discriminative ability of different feature types and the performance enhancement of integrating multiple machine learning tasks. In this paper, we propose a Multi-task lEarning Model with hyBrid dEep featuRes (MEMBER) to address the aforementioned challenges. Based on a Convolutional Neural Network (CNN) with embedded spatial and channel attention mechanisms, MEMBER innovatively introduces two auxiliary tasks (i.e., an auto-encoder (AE) enhanced with a memory module and a distance-based prototype network) to boost the model generalization ability and alleviate the performance degradation suffered in imbalanced network environments. Extensive experiments on several benchmark datasets demonstrate the superiority and robustness of our proposed MEMBER in terms of both F1 score and stability.

computer science, information systems