Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Wenda He,Xiangrui Cai,Yuping Lai,Xiaojie Yuan

DOI: https://doi.org/10.1016/j.ins.2024.121001

IF: 8.1

2024-01-01

Information Sciences

Abstract:As the application of networks permeates various aspects of daily life, maintaining network security has become a crucial challenge. A network intrusion detection system (NIDS) functions as a critical technique for securing cyberspace and has gained considerable attention. Although researchers have made significant progress in developing NIDSs, challenges still exist in high-speed networks with overwhelming network traffic. Existing methods largely focus on improving model detection accuracy and often overlook speed and computational efficiency. This oversight renders most current methods impractical for real-world high-speed network scenarios. To address this issue, we propose an innovative and efficient network intrusion detection algorithm, namely, the Bayesian gamma mixture model (GaMM) classifier. With the recently proposed extended stochastic variational inference (ESVI) framework, we introduce lower-bound approximations to the evidence lower bound (ELBO), namely, the original variational object function. An analytically tractable Bayesian estimation algorithm for a GaMM is derived through stochastic optimization of the obtained lower bound and we validate its performance and computational efficiency on three publicly available datasets (CICMalmem2022, OPCUA, and CICIDS2018). The experimental results indicate that the proposed classifier not only achieves a detection performance comparable to that of other benchmark models but also significantly reduces both the training and detection times.

Daojing He,Xiaoxia Liu,Jiajia Zheng,Sammy Chan,Sencun Zhu,Weidong Min,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.001.1900480

IF: 10.294

2020-01-01

IEEE Network

Abstract:With the recent advancement in AI technology, IDSs reinforced by AI have been adopted to ensure system and network security. Unfortunately, computational and storage overheads of such systems prevent them from being deployed in IESs. To overcome the challenges that restrict the applicability of intrusion detection for IESs, we propose a lightweight and intelligent IDS. The proposed system first generates the behavioral specifications that characterize the normal communication of an IES. Based on specifications, Gini index and the generalized system attributes are exploited to detect abnormal communications. To reduce the false positive rate, the data that do not abide the behavioral specifications is passed to a Naive Bayes classifier for further classification. Our experimental results show that the proposed system can achieve 95.84 percent accuracy and thus holds great promise for deployment in IESs as a lightweight and efficient IDS.

Yang Li,Bin-Xing Fang,You Chen,Li Guo

DOI: https://doi.org/10.1109/ICCT.2006.341771

2006-01-01

Abstract:Intrusion detection is a critical component of secure information systems. Current intrusion detection systems (IDS) especially NIDS (Network Intrusion Detection System) examine all data features to detect intrusions. However, some of the features may be redundant or contribute little to the detection process and therefore they have great impact on the system performance. This paper proposes a lightweight intrusion detection model that is computationally efficient and effective based on feature selection and Maximum Entropy (ME) model. Firstly, the issue of identifying important input features is addressed. Since elimination of the insignificant and/or useless inputs leads to a simplification of the problem, therefore results to faster and more accurate detection. Secondly, classic ME model is used to learn and detect intrusions using the selected important features. Experimental results on the well-known KDD 1999 dataset show the proposed model is effective and can be applied to real-time intrusion detection environments.

MA Jun,DAI Guan-zhong

2009-01-01

Abstract:Intrusion detection system is a critical part of information security.This paper proposes a lightweight intelligent IDS model.The data mining technique and neural networks are combined in this model.The fuzzy-neural-network(FNN)model is constructed by neural network.Data mining technique is used to mining attack features in dataset.FNN model is trained by these features.The fuzzy logic has the characteristic to provides some flexibility to the uncertain problem of intrusion detection and allows much greater complexity for IDS,The neural network has the characteristic to learn by itself.This IDS model takes advantages of these characteristics,highly reduce the constructing time of IDS model and improve the accuracy of detection.This IDS model show good performance in KDD 1999 dataset detection and can be applied to real-time intrusion detection enviroments.

Yixuan Wu,Lin Yang,Long Zhang,Laisen Nie,Li Zheng

DOI: https://doi.org/10.1109/jiot.2024.3360231

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Unmanned Aerial Vehicles (UAVs) are vulnerable to network attacks. Designing an effective intrusion detection system (IDS) for UAVs is crucial. However, UAVs have limited computing resources and need to deal with massive amounts of network data, which further increases the difficulty of detection. Moreover, most existing IDSs have large parameters. In this study, we develop a tiny machine learning-based IDS to solve the above issue. We first establish an improved fuzzy rough set (FRS) model based on adaptive neighborhoods. Then, using the proposed FRS model, we employ a feature selection (FS) method to select optimal features and reduce overall computational cost of the IDS. Furthermore, we proposed a tiny intrusion detection model that attains high-precision detection via shallow deep learning. Additionally, the proposed method can address intrusion detection problems in scenarios with partial data missing. According to the evaluations, the proposed method can effectively address intrusion detection in UAVs.

Ruijie Zhao,Yu Chen,Yijun Wang,Yong Shi,Zhi Xue

DOI: https://doi.org/10.1109/icc42927.2021.9500574

2021-01-01

Abstract:Network intrusion detection (NID) is an important cyber security scheme to identify attacks in network traffic. Recent years, a large amount of studies try to improve the accuracy of the NID by kinds of deep learning approaches. However, these models always require a lot of calculation and space, which constitutes a major hurdle to practical implementation of DL-based models. Thus, lightweight model is imperative, but there are very few applications of DL-based lightweight algorithms in NID models. In this paper, we propose a lightweight knowledge distillation (LKD) model for NID using the idea of knowledge distillation and separable convolution. To the best of our knowledge, it is the first system to use the knowledge distillation approach for NID. The experiment results show that the accuracy of the proposed approach reaches 91.46% and 94.30% on the KDD-CUP99 and UNSW-NB15 datasets respectively. The performance of our model is superior to some approaches based on deep neural network or some machine learning methods. Moreover, both the computational cost and model size of our model are reduced by about 99% compared to the original model.

Ruijie Zhao,Zhaojie Li,Zhi Xue,Tomoaki Ohtsuki,Guan Gui

DOI: https://doi.org/10.1109/wcnc49053.2021.9417568

2021-01-01

Abstract:With the ubiquitous network applications and the continuous development of network attack technology, all social circles have paid close attention to the cyberspace security. Intrusion detection systems (IDS) plays a very important role in ensuring computer and communication systems security. Recently, deep learning has achieved a great success in the field of intrusion detection. However, the high computational complexity poses a major hurdle for the practical deployment of DL-based models. In this paper, we propose a novel approach based on a lightweight deep neural network (LNN) for IDS. We design a lightweight unit that can fully extract data features while reducing the computational burden by expanding and compressing feature maps. In addition, we use inverse residual structure and channel shuffle operation to achieve more effective training. Experiment results show that our proposed model for intrusion detection not only reduces the computational cost by 61.99% and the model size by 58.84%, but also achieves satisfactory accuracy and detection rate.

Chao Wang,Yunxiao Sun,Sicai Lv,Chonghua Wang,Hongri Liu,Bailing Wang

DOI: https://doi.org/10.3390/electronics12040930

IF: 2.9

2023-02-13

Electronics

Abstract:Intrusion detection systems (IDSs) play a significant role in the field of network security, dealing with the ever-increasing number of network threats. Machine learning-based IDSs have attracted a lot of interest owing to their powerful data-driven learning capabilities. However, it is challenging to train the supervised learning algorithms when there are no attack data at hand. Semi-supervised anomaly detection algorithms, which train the model with only normal data, are more suitable. In this study, we propose a novel semi-supervised anomaly detection-based IDS that leverages the capabilities of representation learning and two anomaly detectors. In detail, the autoencoder (AE) is applied to extract representative features of normal data in the first step, and then two semi-supervised detectors, the one-class support vector machine (OCSVM) and Gaussian mixture model (GMM), are trained on the derived features. The two detectors collaborate to detect anomalous samples. The OCSVM predicts the abnormal samples initially, and after that, the GMM is applied to recheck the misclassified samples further. The experiments demonstrate that the AE improves the detection rate, and two detectors are more promising than a single one.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yanfang Fu,Yishuai Du,Zijian Cao,Qiang Li,Wei Xiang

DOI: https://doi.org/10.3390/electronics11060898

IF: 2.9

2022-03-14

Electronics

Abstract:With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shuo Yang,Xinran Zheng,Zhengzhuo Xu,Xingjun Wang

2023-07-09

Abstract:Network Intrusion Detection (NID) works as a kernel technology for the security network environment, obtaining extensive research and application. Despite enormous efforts by researchers, NID still faces challenges in deploying on resource-constrained devices. To improve detection accuracy while reducing computational costs and model storage simultaneously, we propose a lightweight intrusion detection approach based on self-knowledge distillation, namely LNet-SKD, which achieves the trade-off between accuracy and efficiency. Specifically, we carefully design the DeepMax block to extract compact representation efficiently and construct the LNet by stacking DeepMax blocks. Furthermore, considering compensating for performance degradation caused by the lightweight network, we adopt batch-wise self-knowledge distillation to provide the regularization of training consistency. Experiments on benchmark datasets demonstrate the effectiveness of our proposed LNet-SKD, which outperforms existing state-of-the-art techniques with fewer parameters and lower computation loads.

Cryptography and Security

Jun Gao,Weiming Hu,Xiaoqin Zhang,Xi Li

DOI: https://doi.org/10.1109/wi-iat.2009.113

2009-01-01

Web Intelligence

Abstract:Due to the increasing demands for network security, distributed intrusion detection has become a hot research topic in computer science. However, the design and maintenance of the intrusion detection system (IDS) is still a challenging task due to its dynamic, scalability, and privacy properties. In this paper, we propose a distributed IDS framework which consists of the individual and global models. Specifically, the individual model for the local unit derives from Gaussian Mixture Model based on online Adaboost algorithm, while the global model is constructed through the PSO-SVM fusion algorithm. Experimental results demonstrate that our approach can achieve a good detection performance while being trained online and consuming little traffic to communicate between local units.

Zhendong Wang,Hui Chen,Shuxin Yang,Xiao Luo,Dahai Li,Junling Wang

DOI: https://doi.org/10.7717/peerj-cs.1569

2023-09-22

Abstract:Intrusion detection ensures that IoT can protect itself against malicious intrusions in extensive and intricate network traffic data. In recent years, deep learning has been extensively and effectively employed in IoT intrusion detection. However, the limited computing power and storage space of IoT devices restrict the feasibility of deploying resource-intensive intrusion detection systems on them. This article introduces the DL-BiLSTM lightweight IoT intrusion detection model. By combining deep neural networks (DNNs) and bidirectional long short-term memory networks (BiLSTMs), the model enables nonlinear and bidirectional long-distance feature extraction of complex network information. This capability allows the system to capture complex patterns and behaviors related to cyber-attacks, thus enhancing detection performance. To address the resource constraints of IoT devices, the model utilizes the incremental principal component analysis (IPCA) algorithm for feature dimensionality reduction. Additionally, dynamic quantization is employed to trim the specified cell structure of the model, thereby reducing the computational burden on IoT devices while preserving accurate detection capability. The experimental results on the benchmark datasets CIC IDS2017, N-BaIoT, and CICIoT2023 demonstrate that DL-BiLSTM surpasses traditional deep learning models and cutting-edge detection techniques in terms of detection performance, while maintaining a lower model complexity.

Ruijie Zhao,Guan Gui,Zhi Xue,Jie Yin,Tomoaki Ohtsuki,Bamidele Adebisi,Haris Gacanin

DOI: https://doi.org/10.1109/jiot.2021.3119055

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The purpose of a network intrusion detection (NID) is to detect intrusions in the network, which plays a critical role in ensuring the security of the Internet of Things (IoT). Recently, deep learning (DL) has achieved a great success in the field of intrusion detection. However, the limited computing capabilities and storage of IoT devices hinder the actual deployment of DL-based high-complexity models. In this article, we propose a novel NID method for IoT based on the lightweight deep neural network (LNN). In the data preprocessing stage, to avoid high-dimensional raw traffic features leading to high model complexity, we use the principal component analysis (PCA) algorithm to achieve feature dimensionality reduction. Besides, our classifier uses the expansion and compression structure, the inverse residual structure, and the channel shuffle operation to achieve effective feature extraction with low computational cost. For the multiclassification task, we adopt the NID loss that acts as a better loss function to replace the standard cross-entropy loss for dealing with the problem of uneven distribution of samples. The results of experiments on two real-world NID data sets demonstrate that our method has excellent classification performance with low model complexity and small model size, and it is suitable for classifying the IoT traffic of normal and attack scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ruijie Zhao,Tiantian Tang,Guan Gui,Zhi Xue

DOI: https://doi.org/10.1109/icc45855.2022.9838567

2022-01-01

Abstract:With the development of the Industrial Internet of Things (IIoT), more frequent attacks occur to intrude IIoT devices. A reasonably designed intrusion detection method can effectively guarantee the security of IIoT. Over the past decade, different methods of intrusion detection based on deep learning (DL) have been proposed, which helps intrusion detection keep evolving and become more robust. However, these previous researches usually require the participation of a large number of experts, and gradually become invalid with the continuous development of intrusion methods. The limited compute capability of IIoT devices also greatly hinder the deployment of overly complex DL models. To address these challenges, this paper proposes a lightweight semi-supervised learning (LSSL) method based on consistency regularization for intrusion detection. Our proposed method enhances the detection performance by using unlabeled traffic data for consistency training. Besides, we adopt separable convolutions for efficient feature extraction. Experimental results on two widely-used benchmark datasets show that the detection performance of our model is significantly improved by the consistency training, and it can effectively detect various attacks in complex networks.

Yi Ren,Kanghui Feng,Fei Hu,Liangyin Chen,Yanru Chen

DOI: https://doi.org/10.3390/s23208407

2023-10-12

Abstract:With the gradual integration of internet technology and the industrial control field, industrial control systems (ICSs) have begun to access public networks on a large scale. Attackers use these public network interfaces to launch frequent invasions of industrial control systems, thus resulting in equipment failure and downtime, production data leakage, and other serious harm. To ensure security, ICSs urgently need a mature intrusion detection mechanism. Most of the existing research on intrusion detection in ICSs focuses on improving the accuracy of intrusion detection, thereby ignoring the problem of limited equipment resources in industrial control environments, which makes it difficult to apply excellent intrusion detection algorithms in practice. In this study, we first use the spectral residual (SR) algorithm to process the data; we then propose the improved lightweight variational autoencoder (LVA) with autoregression to reconstruct the data, and we finally perform anomaly determination based on the permutation entropy (PE) algorithm. We construct a lightweight unsupervised intrusion detection model named LVA-SP. The model as a whole adopts a lightweight design with a simpler network structure and fewer parameters, which achieves a balance between the detection accuracy and the system resource overhead. Experimental results on the ICSs dataset show that our proposed LVA-SP model achieved an F1-score of 84.81% and has advantages in terms of time and memory overhead.

Jia Liu,Wenjun Fan,Yifan Dai,Eng Gee Lim,Alexei Lisitsa

DOI: https://doi.org/10.1007/978-3-031-68606-1_12

2024-01-01

Abstract:The current intelligent connected vehicles (ICV) system often shares the detected intrusion event to the cloud for further collaborative investigation. The upstream channel leading to the Internet of Vehicles (IoV) cloud is typically vendor-proprietary and costly, and the congestion caused by false alarms even exacerbates the situation. Machine learning (ML) can improve intrusion detection performance by reducing the false alarm rate. However, as a computation-intensive approach, traditional ML is not appropriate for real-time detection. Therefore, this paper proposes a lightweight and responsive on-line intrusion detection approach aiming for the ICV system requiring real-time detection. More specifically, we design a model termed Machine Learning integrated with Blacklist Filter (ML-BF), which leverages the feature engineering and the Bloom filter techniques built on ML to enhance both detection and real-time performances. To evaluate the proposed solution, several experiments are conducted by using the Car-Hacking and CIC-IDS-2017 datasets. The experimental results show that our approach can detect intrusion at a microsecond level with a lower computational cost as well as a lower false positive rate than that in the state-of-the-art.

Liu Zhiqiang,Lin Zhijun,Gong Ting,Shi Yucheng,Mohi-Ud-Din Ghulam

DOI: https://doi.org/10.1007/978-981-15-5859-7_24

2020-01-01

Abstract:Recently, the increasing number of machine learning algorithms has been used in network intrusion detection system (NIDS) to detect abnormal behaviors in the network. Many available datasets were created to evaluate the performance of the model, such as KDD CUP99 and NSL-KDD. However, with the increasing scale of data and the emergence of advanced attacks, conventional machine learning algorithms can hardly perform well. Fortunately, the development of deep learning provides new direction for solving these problems. In this paper, in order to detect novel attacks in a network and improve detection efficiency, we proposed a flexible framework based on deep neural network (DNN). In our framework, we apply different feature reduction methods and activation functions to get the best performance. Moreover, through changing hyper-parameter of the model, we select better network structure. To evaluate our framework, we select ISCX 2012 and CICIDS 2017 as a benchmark and apply the proposed framework to these datasets. As a result, we observe high accuracy rate and low FAR for both binary and multi-class classifications. Overall, our proposed framework is universal and useful for detecting zero-day attacks.

Yogendra Kumar,Vijay Kumar,Basant Subba

DOI: https://doi.org/10.1142/s0218126624502281

2024-03-13

Journal of Circuits Systems and Computers

Abstract:Journal of Circuits, Systems and Computers, Ahead of Print. Network Intrusion Detection Systems (NIDSs) have been proposed in the literature as security tools for detecting anomalous and intrusive network data traffic. However, the existing NIDS frameworks are computation-intensive, thereby making them unsuitable for deployment in resource-constrained networks with limited computational capabilities. This paper aims to address this issue by proposing computationally efficient NIDS framework for detecting anomalous data traffic in resource-constrained networks. The proposed NIDS framework uses an ensemble-based classifier model comprising multiple classifiers, which enables it to achieve high accuracy and detection rate across a wide range of low-footprint and stealth network attacks. The proposed framework also uses feature scaling and dimensionality reduction techniques to minimize the overall computational overhead. The proposed framework consists of two stages. In the first stage, four distinct base-level classifiers are utilized. The classification probabilities of the first stage are used in the modified meta-level classifier. The modified meta-level classifier is trained on the class probabilities of the base-level classifiers combined using a novel proposed probability function. The performance of the proposed NIDS framework is evaluated on a proprietary testbed dataset and two benchmark datasets namely CICIDS-2017 and UNSW-NB15. The results reveal that the proposed NIDS framework provides better performance than the existing NIDS frameworks in terms of false positive rate, despite using a significantly lower number of input features for its analysis.

engineering, electrical & electronic,computer science, hardware & architecture

Jinghong Lan,Yanan Li,Bo Li,Xudong Liu

DOI: https://doi.org/10.1109/trustcom56396.2022.00026

2022-01-01

Abstract:Network Intrusion Detection Systems (NIDSs) play a crucial role in safeguarding the security of protected computer networks. Although numerous machine learning algorithms, especially deep learning algorithms, have achieved remarkable results, their generalization ability is limited due to the following critical challenges. First, most of existing methods heavily rely on the handcrafted features extracted from packets or network flows. Second, few studies have been devoted to adaptively highlighting the characteristics of certain traffic features and thus extracting discriminative representations from input network data. In this paper, we propose a Multi-level ATTention-enhanced rEpresentation leaRning model (MATTER) to address the aforementioned challenges. Specifically, a multi-scale Convolutional Neural Network (CNN) is employed to extracted representations from the raw packet content of a network flow. Then, a multi-level attention module with spatial, channel and temporal attention mechanisms is leveraged to enhance the discrimination of the extracted features. Extensive experiments on two benchmark datasets demonstrate that our proposed MATTER is superior to other state-of-the-art approaches in terms of both accuracy and F1 score.