Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Sijie Luo,Zhiheng Zhao,Qiyuan Hu,Yang Liu

DOI: https://doi.org/10.1117/12.2639876

2022-01-01

Abstract:The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNN-Transformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.

Guofeng He,Qing Lu,Guangqiang Yin,Hu Xiong

DOI: https://doi.org/10.1007/978-3-031-19214-2_54

2022-01-01

Abstract:The rapid development of the Internet has brought great changes and convenience to the society and people. With the development of the Internet, its security has been paid more and more attention. Intrusion detection can detect network attacks in real time and respond to them in time, which has become an essential and important security line. With the novel of network attack and the diversification of network traffic, traditional intrusion detection based on attack load matching and the intrusion detection based on machine learning has problems of inaccurate feature extraction and insufficient detection effect. To solve the above problems, this paper designs a hybrid neural network DCT-IDS model, using dense convolution neural network to achieve traffic feature fusion, reducing the number of parameters, using Transformer to extract time sequence features, and experimental tests were carried out on the latest dataset CIC-IDS2018. The experimental results show that the accuracy of the proposed DCT-IDS model reaches 98%, and all the indexes are better than the existing excellent models.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1007/11576235_58

2005-01-01

Abstract:Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.

Jun Li,Noel B. Linsangan,Huiguo Dong

DOI: https://doi.org/10.62677/ijetaa.2407123

2024-08-25

Abstract:This paper proposes an intelligent solution for network traffic prediction and anomaly detection in campus networks, addressing the increasingly severe network security challenges. The proposed approach innovatively integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory networks (LSTM) to simultaneously extract local features and capture dynamic temporal dependencies of network traffic, significantly improving prediction accuracy. Based on this, an adaptive threshold anomaly detection algorithm is designed to automatically adjust detection sensitivity according to traffic variations, achieving a better balance between accuracy and recall rates. Additionally, an anomaly visualization scheme is presented, intuitively displaying the spatiotemporal distribution of network anomalies through heatmaps, assisting administrators in decision-making. Large-scale experiments demonstrate that this approach can effectively identify various security threats such as DDoS attacks, scanning probes, and botnets, with an overall detection rate exceeding 90% while maintaining a low false positive rate. Compared to traditional statistical and machine learning methods, the proposed approach exhibits stronger adaptability and generalization capabilities, providing crucial support for building an intelligent, precise, and reliable campus network security protection system. Future work will focus on further improving the real-time performance and robustness of the solution, expanding its application in new network scenarios such as IoT and edge computing.

Kuljeet Singh,Amit Mahajan,Vibhakar Mansotra

DOI: https://doi.org/10.1504/ijsnet.2023.135851

2024-01-10

International Journal of Sensor Networks

Abstract:Due to the continued and unabated increase in the number of cyber-attacks, the need for improved network security architecture is more apparent. The deep learning approach plays a pivotal role by classifying network traffic and identifying malicious records. However, this approach is often met with twin challenges of the high dimensionality of data and imbalanced ratio of attack labels within the data. To mitigate these issues and achieve a better detection rate, this research has proposed a new intrusion detection framework based on three main components; feature selection, oversampling, and hybrid CNN-LSTM classifier. This study deployed information gain, chi-square, basic methods, L1 regularisation, and random forest classifier as five feature selection methods and SMOTE for handling class imbalance. The experimental results, conducted using the CICIDS2017 dataset, have shown that the proposed model has demonstrated better performance in the detection of network attacks with more than 99% detection rate. Results established that number of features can be significantly reduced without altering the accuracy and oversampling has helped in improving the detection rate of minority attack labels.

computer science, information systems,telecommunications

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Stephen Kahara Wanjau,Geoffrey Mariga Wambugu,Aaron Mogeni Oirere,Geoffrey Muchiri Muketha

DOI: https://doi.org/10.3233/jcs-220031

2023-02-27

Journal of Computer Security

Abstract:Increasing interest and advancement of internet and communication technologies have made network security rise as a vibrant research domain. Network intrusion detection systems (NIDSs) have developed as indispensable defense mechanisms in cybersecurity that are employed in discovery and prevention of malicious network activities. In the recent years, researchers have proposed deep learning approaches in the development of NIDSs owing to their ability to extract better representations from large corpus of data. In the literature, convolutional neural network architecture is extensively used for spatial feature learning, while the long short term memory networks are employed to learn temporal features. In this paper, a novel hybrid method that learn the discriminative spatial and temporal features from the network flow is proposed for detecting network intrusions. A two dimensional convolution neural network is proposed to intelligently extract the spatial characteristics whereas a bi-directional long short term memory is used to extract temporal features of network traffic data samples consequently, forming a deep hybrid neural network architecture for identification and classification of network intrusion samples. Extensive experimental evaluations were performed on two well-known benchmarks datasets: CIC-IDS 2017 and the NSL-KDD datasets. The proposed network model demonstrated state-of-the-art performance with experimental results showing that the accuracy and precision scores of the intrusion detection model are significantly better than those of other existing models. These results depicts the applicability of the proposed model in the spatial-temporal feature learning in network intrusion detection systems.

Brij B Gupta,Kwok Tai Chui,Akshat Gaurav,Varsha Arya,Priyanka Chaurasia

DOI: https://doi.org/10.3390/s23218686

2023-10-24

Abstract:Internet of Things (IoT) devices within smart cities, require innovative detection methods. This paper addresses this critical challenge by introducing a deep learning-based approach for the detection of network traffic attacks in IoT ecosystems. Leveraging the Kaggle dataset, our model integrates Convolutional Neural Networks (CNNs) and Gated Recurrent Units (GRUs) to capture both spatial and sequential features in network traffic data. We trained and evaluated our model over ten epochs, achieving an impressive overall accuracy rate of 99%. The classification report reveals the model's proficiency in distinguishing various attack categories, including 'Normal', 'DoS' (Denial of Service), 'Probe', 'U2R' (User to Root), and 'Sybil'. Additionally, the confusion matrix offers valuable insights into the model's performance across these attack types. In terms of overall accuracy, our model achieves an impressive accuracy rate of 99% across all attack categories. The weighted- average F1-score is also 99%, showcasing the model's robust performance in classifying network traffic attacks in IoT devices for smart cities. This advanced architecture exhibits the potential to fortify IoT device security in the complex landscape of smart cities, effectively contributing to the safeguarding of critical infrastructure.

Longbo Zhao,Haitao Yuan,Kangyuan Xu,Jing Bi,Bo Hu Li

DOI: https://doi.org/10.1016/j.eswa.2023.121126

IF: 8.5

2023-08-19

Expert Systems with Applications

Abstract:Due to the emergence of new network attack technologies, cloud manufacturing platforms may be subject to various network attacks at any time. Traditional network attack prediction aims to predict the upcoming types of network attacks with monitored data characteristics, and this prediction method cannot accurately learn the network attack traffic that the cloud manufacturing platform may suffer in the future. Network attack traffic prediction means the future network attack traffic prediction by using past data. Traditional machine learning approaches cannot investigate complex nonlinear features . Deep learning methods can investigate nonlinear characteristics, yet they suffer from the problem of overfitting. In addition to this, deep learning approaches suffer from gradient disappearance and explosion. To solve them, we design a network attack traffic method called S-Informer, which integrates the filter of Savitzky–Golay, the self-attention of ProbSparse in a generative decoder and an encoder for eliminating noise, reducing the network scale and improving the speed of prediction. Real-life dataset-based experimental results show that S-Informer achieves higher prediction accuracy than several commonly-used algorithms.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Zhihua Liu,Shengquan Liu,Jian Zhang

DOI: https://doi.org/10.32604/cmc.2023.046237

2024-01-01

Abstract:Network intrusion detection systems (NIDS) based on deep learning have continued to make significant advances. However, the following challenges remain: on the one hand, simply applying only Temporal Convolutional Networks (TCNs) can lead to models that ignore the impact of network traffic features at different scales on the detection performance. On the other hand, some intrusion detection methods consider multi-scale information of traffic data, but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features. To address both of these issues, we propose a hybrid Convolutional Neural Network that supports a multi-output strategy (BONUS) for industrial internet intrusion detection. First, we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic. Meanwhile, we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic. In addition, we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch. Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%, respectively, which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.

computer science, information systems,materials science, multidisciplinary

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shaokang Cai,Dezhi Han,Xinming Yin,Dun Li,Chin-Chen Chang

DOI: https://doi.org/10.1080/09540091.2021.2024509

2022-01-16

Connection Science

Abstract:With the rapid development of network technology, a variety of new malicious attacks appear while attack methods are constantly updated. As the attackers exploit the vulnerabilities of popular third-party components to invade target websites, further improving the classification accuracy of malicious network traffic is the key to improving the performance of abnormal traffic detection. Existing intrusion detection systems may suffer from incomplete feature extraction and low classification accuracy. Thus, this paper proposes an efficient hybrid parallel deep learning model (HPM) for intrusion detection based on margin learning. First, HPM constructs two parallel CNN architectures and fuses the spatial features obtained through full convolution. Secondly, the temporal information of the fused features is parsed separately using two parallel LSTMs. Finally, the extracted spatial-temporal features are fed into the CosMargin classifier for classification detection after global convolution and global pooling. Besides, this paper proposes an improved traffic feature extraction method, which not only reduces redundant features but also speeds up the convergence speed of the network. In the experiment, our HPM has achieved 99% detection accuracy of each malicious class, ranging from 5%–10% improvement with other models, which demonstrates the superiority of our proposed model.

computer science, artificial intelligence, theory & methods

Bayi Xu,Lei Sun,Xiuqing Mao,Chengwei Liu,Zhiyi Ding

DOI: https://doi.org/10.32604/cmc.2023.046478

2024-01-01

Abstract:In recent years, frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security. This paper presents a novel intrusion detection system consisting of a data preprocessing stage and a deep learning model for accurately identifying network attacks. We have proposed four deep neural network models, which are constructed using architectures such as Convolutional Neural Networks (CNN), Bi-directional Long Short-Term Memory (BiLSTM), Bidirectional Gate Recurrent Unit (BiGRU), and Attention mechanism. These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models, we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset, resulting in an optimized feature subset. Moreover, we address class imbalance in the dataset using focal loss. Finally, we employ the BO-TPE algorithm to optimize the hyperparameters of the four models, maximizing their detection performance. The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively. In binary and multiclass experiments, it achieved accuracy rates of 0.999158 and 0.999091, respectively, surpassing other state-of-the-art methods.

computer science, information systems,materials science, multidisciplinary

Wen-Hui Lin,Hsiao-Chung Lin,Ping Wang,Bao-Hua Wu,Jeng-Ying Tsai

DOI: https://doi.org/10.1109/icasi.2018.8394474

2018-01-01

Abstract:In practice, Defenders need a more efficient network detection approach which has the advantages of quick-responding learning capability of new network behavioural features for network intrusion detection purpose. In many applications the capability of Deep Learning techniques has been confirmed to outperform classic approaches. Accordingly, this study focused on network intrusion detection using convolutional neural networks (CNNs) based on LeNet-5 to classify the network threats. The experiment results show that the prediction accuracy of intrusion detection goes up to 99.65% with samples more than 10,000. The overall accuracy rate is 97.53%.

Guangdou Zhang,Jian Li,Olusola Bamisile,Yankai Xing,Di Cao,Qi Huang

DOI: https://doi.org/10.1016/j.engappai.2023.106771

IF: 8

2023-11-01

Engineering Applications of Artificial Intelligence

Abstract:Cyber-attacks have become one of the main threats to the security, reliability, and economic operation of power systems. Detection and classification of multiple cyber-attacks pose challenges for ensuring the stability and security of power systems. To address this issue, this study proposes an automatic identification and classification method for multiple cyber-attacks based on the deep capsule convolution neural network. Spatial correlations among different nodes and temporal features from history operation status in the transmitted data packets are extracted by the convolution neural network. Capsules in the proposed structure have important implications for maintaining the topological consistency contained in the measurement matrix. Furthermore, the proposed method is model-free and avoids the impact of system parameters uncertainties on detection performance. Multiple kinds of typical cyber-attacks, including false data injection attacks, replay attacks, denial of service attacks, time-delay attacks, and deception attacks, are considered and modeled in this paper. Numerical results on the IEEE 39-bus test system show that the proposed method can achieve 99.97% detection accuracy on single cyber-attacks and 96.25% detection accuracy on multiple cyber-attacks. Comparative results illustrate the proposed method outperforms than traditional neural networks. This approach provides a solution for the problem of multiple cyber-attack detection and classification.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Sichen Ding,Gaiyun Liu,Li Yin,Jianzhou Wang,Zhiwu Li

DOI: https://doi.org/10.3390/math12172635

IF: 2.4

2024-08-27

Mathematics

Abstract:This paper addresses the problem of cyber-attack detection in a discrete event system by proposing a novel model. The model utilizes graph convolutional networks to extract spatial features from event sequences. Subsequently, it employs gated recurrent units to re-extract spatio-temporal features from these spatial features. The obtained spatio-temporal features are then fed into an attention model. This approach enables the model to learn the importance of different event sequences, ensuring that it is sufficiently general for identifying cyber-attacks, obviating the need to specify attack types. Compared with traditional methods that rely on synchronous product computations to synthesize diagnosers, our deep learning-based model circumvents state explosion problems. Our method facilitates real-time and efficient cyber-attack detection, eliminating the necessity to specifically identify system states or distinguish attack types, thereby significantly simplifying the diagnostic process. Additionally, we set an adjustable probability threshold to determine whether an event sequence has been compromised, allowing for customization to meet diverse requirements. Experimental results demonstrate that the proposed method performs well in cyber-attack detection, achieving over 99.9% accuracy at a 1% threshold and a weighted F1-score of 0.8126, validating its superior performance.

mathematics

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuluo Hou,Yusheng Fu,Jinhong Guo,Jie Xu,Renting Liu,Xin Xiang

DOI: https://doi.org/10.1007/s12652-022-04350-6

IF: 3.662

2022-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In recent years, deep learning techniques have been widely applied to network intrusion detection. However, current detection methods suffer from a low detection rate, rendering them useless in fighting unknown attacks. Thus, in this article, we proposed a hybrid detection system based on deep learning techniques. First, to understand comprehensively the pattern of normal network traffic and anomaly detection, a designed nonsymmetric autoencoder (NAE) is proposed. The NAE extracts the latent feature of network traffic with two different convolution neural networks and multiple linear layers are applied to the NAE’s decoder to reconstruct the input. Besides, a latent feature extraction scheme using the NAE encoder is proposed and a deep neural network (DNN) is trained with this latent feature to achieve detection. In addition, in order to strengthen system stability, a hybrid scheme is proposed that considers the detection results of NAE and DNN, and makes the comprehensive decision. Experiments are performed on the NSL-KDD, N-baIoT and BoT-IoT datasets respectively to evaluate the proposed hybrid model. The evaluation is carried out through classification evaluation indexes such as accuracy, precision, recall, F1-score. The results have shown that our proposed hybrid model gets the best detection ability of abnormal traffic compared with several state-of-the-art intrusion detection methods.

A. Branitskiy,I. Kotenko

DOI: https://doi.org/10.1016/j.jocs.2016.07.010

IF: 3.817

2017-11-01

Journal of Computational Science

Abstract:The paper is devoted to identification and classification of network traffic connections by various hybridization schemes with the goal of efficient network attack detection. For this purpose the combination of different methods of computational intelligence is used, namely neural networks, immune systems, neuro-fuzzy classifiers and support vector machines. To increase the speed of processing of input vectors it is proposed to apply the method of principal components. A distinctive feature and advantage of the approach suggested is a multi-level analysis of network traffic, providing the possibility to detect attacks by a signature based technique and combining a set of adaptive detectors based on computational intelligence methods. The paper describes a software tool that is built on the basis of the proposed hybridization mechanisms. Computational experiments were carried out that serve as evidence of their effectiveness in detection of both known and unknown attacks.

computer science, theory & methods, interdisciplinary applications