Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Yongle Chen,Sida Su,Dan Yu,Hao He,Xiaojian Wang,Yao Ma,Hao Guo

DOI: https://doi.org/10.1109/jiot.2022.3201888

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:Constrained by the high acquisition and labeling cost, traffic data in industrial control systems (ICSs) are usually extremely imbalanced. Deep-learning-based (DL) industrial control intrusion detection systems (IDSs) are not applicable to dynamic networks and show a limited detection performance. In this article, we enhanced the information transmission link in adversarial domain adaptation (DA) and proposed an information-enhanced adversarial DA (IADA) method. Our method could train a cross-domain industrial intrusion detection deep model with imbalanced data and maintained high detection accuracy. The experimental results based on SCADA network layer data showed that the detection accuracy of the gated recurrent unit model trained in IADA reached 93.7% and 91.3% in the two transfer tasks with a significant cross-domain discrepancy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Swapnil Mane,Vaibhav Khatavkar,Niranjan Gijare,Pranav Bhendawade

2023-04-04

Abstract:An Intrusion detection system (IDS) is essential for avoiding malicious activity. Mostly, IDS will be improved by machine learning approaches, but the model efficiency is degrading because of more headers (or features) present in the packet (each record). The proposed model extracts practical features using Non-negative matrix factorization and chi-square analysis. The more number of features increases the exponential time and risk of overfitting the model. Using both techniques, the proposed model makes a hierarchical approach that will reduce the features quadratic error and noise. The proposed model is implemented on three publicly available datasets, which gives significant improvement. According to recent research, the proposed model has improved performance by 4.66% and 0.39% with respective NSL-KDD and CICD 2017.

Cryptography and Security

Yuluo Hou,Yusheng Fu,Jinhong Guo,Jie Xu,Renting Liu,Xin Xiang

DOI: https://doi.org/10.1007/s12652-022-04350-6

IF: 3.662

2022-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In recent years, deep learning techniques have been widely applied to network intrusion detection. However, current detection methods suffer from a low detection rate, rendering them useless in fighting unknown attacks. Thus, in this article, we proposed a hybrid detection system based on deep learning techniques. First, to understand comprehensively the pattern of normal network traffic and anomaly detection, a designed nonsymmetric autoencoder (NAE) is proposed. The NAE extracts the latent feature of network traffic with two different convolution neural networks and multiple linear layers are applied to the NAE’s decoder to reconstruct the input. Besides, a latent feature extraction scheme using the NAE encoder is proposed and a deep neural network (DNN) is trained with this latent feature to achieve detection. In addition, in order to strengthen system stability, a hybrid scheme is proposed that considers the detection results of NAE and DNN, and makes the comprehensive decision. Experiments are performed on the NSL-KDD, N-baIoT and BoT-IoT datasets respectively to evaluate the proposed hybrid model. The evaluation is carried out through classification evaluation indexes such as accuracy, precision, recall, F1-score. The results have shown that our proposed hybrid model gets the best detection ability of abnormal traffic compared with several state-of-the-art intrusion detection methods.

Mohanad Sarhan,Siamak Layeghy,Nour Moustafa,Marcus Gallagher,Marius Portmann

DOI: https://doi.org/10.1016/j.dcan.2022.08.012

2022-12-05

Abstract:A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems (NIDSs). Consequently, network interruptions and loss of sensitive data have occurred, which led to an active research area for improving NIDS technologies. In an analysis of related works, it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction (FR) and Machine Learning (ML) techniques on NIDS datasets. However, these datasets are different in feature sets, attack types, and network design. Therefore, this paper aims to discover whether these techniques can be generalised across various datasets. Six ML models are utilised: a Deep Feed Forward (DFF), Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Decision Tree (DT), Logistic Regression (LR), and Naive Bayes (NB). The accuracy of three Feature Extraction (FE) algorithms; Principal Component Analysis (PCA), Auto-encoder (AE), and Linear Discriminant Analysis (LDA), are evaluated using three benchmark datasets: UNSW-NB15, ToN-IoT and CSE-CIC-IDS2018. Although PCA and AE algorithms have been widely used, the determination of their optimal number of extracted dimensions has been overlooked. The results indicate that no clear FE method or ML model can achieve the best scores for all datasets. The optimal number of extracted dimensions has been identified for each dataset, and LDA degrades the performance of the ML models on two datasets. The variance is used to analyse the extracted dimensions of LDA and PCA. Finally, this paper concludes that the choice of datasets significantly alters the performance of the applied techniques. We believe that a universal (benchmark) feature set is needed to facilitate further advancement and progress of research in this field.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

Zhendong Wang,Xin Yang,Zhiyuan Zeng,Daojing He,Sammy Chan

DOI: https://doi.org/10.1007/s12083-024-01749-0

2024-01-01

Abstract:With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68

Xiuzhang Yang,Guojun Peng,Dongni Zhang,Yangqi Lv

DOI: https://doi.org/10.1155/2022/4748528

IF: 1.968

2022-04-26

Security and Communication Networks

Abstract:Nowadays, the intrusion detection system (IDS) plays a crucial role in the Internet of Things (IoT) networks, which could effectively protect sensitive data from various attacks. However, the existing works have not considered multiview features fusion and failed to capture the semantic relationships among the anomalous requests. They are not robust and cannot detect the attack types in real-time. This paper proposes a lightweight intrusion detection system based on deep learning and knowledge graph. First, our system extracts semantic relationships and key features by knowledge graph and statistical analysis. Then, IoT network requests are converted into word vectors through multiview feature fusion and feature alignment. Finally, an attention-based CNN-BiLSTM model is designed to identify malicious request attacks, which can capture long-distance dependence and contextual semantic information. Experiment results show that the proposed model significantly outperforms the existing solution in the robustness of the model. Moreover, it can select more critical features for IDS to achieve better accuracy and lower the false alarm rate. Compared with the state-of-the-art systems, the proposed IDS achieves a higher detection accuracy of 90.01%. In addition, our system can detect various stealthy attack types (including DoS, Probe, R2L, and U2L) and extract semantic relationships among features.

computer science, information systems,telecommunications

Khaled A. Alaghbari,Heng-Siong Lim,Mohamad Hanif Md Saad,Yik Seng Yong

DOI: https://doi.org/10.3390/iot4030016

2023-08-25

IoT

Abstract:The intrusion detection system (IDS) is a promising technology for ensuring security against cyber-attacks in internet-of-things networks. In conventional IDS, anomaly detection and feature extraction are performed by two different models. In this paper, we propose a new integrated model based on deep autoencoder (AE) for anomaly detection and feature extraction. Firstly, AE is trained based on normal network traffic and used later to detect anomalies. Then, the trained AE model is employed again to extract useful low-dimensional features for anomalous data without the need for a feature extraction training stage, which is required by other methods such as principal components analysis (PCA) and linear discriminant analysis (LDA). After that, the extracted features are used by a machine learning (ML) or deep learning (DL) classifier to determine the type of attack (multi-classification). The performance of the proposed unified approach was evaluated on real IoT datasets called N-BaIoT and MQTTset, which contain normal and malicious network traffics. The proposed AE was compared with other popular anomaly detection techniques such as one-class support vector machine (OC-SVM) and isolation forest (iForest), in terms of performance metrics (accuracy, precision, recall, and F1-score), and execution time. AE was found to identify attacks better than OC-SVM and iForest with fast detection time. The proposed feature extraction method aims to reduce the computation complexity while maintaining the performance metrics of the multi-classifier models as much as possible compared to their counterparts. We tested the model with different ML/DL classifiers such as decision tree, random forest, deep neural network (DNN), conventional neural network (CNN), and hybrid CNN with long short-term memory (LSTM). The experiment results showed the capability of the proposed model to simultaneously detect anomalous events and reduce the dimensionality of the data.

Chang Liu,Ruslan Antypenko,Iryna Sushko,Oksana Zakharchenko,Chang Liu,Ruslan Antypenko,Iryna Sushko,Oksana Zakharchenko

DOI: https://doi.org/10.1109/tr.2022.3164877

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Industrial Internet of Things (IoT) is the most rapidly developing industry in the current IoT industry, and the intrusion detection system (IDS) remains one of the key technologies for industrial IoT security protection. Researchers have considered applying algorithms such as machine learning and deep learning to network IDSs to cope with complex and changing network environments and to automatically extract key features from high-dimensional feature data. However, in the real industrial IoT environment, data imbalance is the main factor that affects the performance of the deep-learning-based IDS. In this article, we study the network intrusion detection model based on data level. Three data-based research schemes are constructed step by step in this article, which are a data augmentation scheme based on the variational autoencoder (VAE), a data-balancing scheme based on the conditional VAE, and a data-balancing scheme based on random undersampling and conditional VAE. The three data-level-based schemes are combined with the deep-learning-based IDS. In this article, we build experiments based on the CSE-CIC-IDS2018 dataset to verify the effectiveness of three data processing schemes. After data enhancement through the third scheme, the Macro-F1-score of the convolutional-neural-network-based IDS model improved by 3.75% and the Macro-F1-score of the gated-recurrent-unit-based IDS model improved by 5.32%.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Anbang Wang,Xinyu Gong,Jialiang Lu

DOI: https://doi.org/10.1109/smartcloud.2019.00028

2019-01-01

Abstract:With the development of network technology and the updating of intelligent networking devices, the variety of cyber attacks and the number of users being attacked are increasing. Intrusion Detection Systems (IDS) are commonly used in the field of network security to detect anomalous activity and behavior. Many previous works have achieved high detection accuracy on standard testing data sets by implementing mature Machine Learning (ML) algorithms. Inspired by the network ontology researches,, we propose two Long Short-Term Memory (LSTM) based IDSs with deep feature extraction: multi-class feature extraction IDS and dual-class feature extraction IDS. Through our experiments on the CICIDS2017 data set, we have found that multi-class feature extraction IDS can better identify the types of cyber attacks while the dual-class feature extraction IDS can better recall new attacks. We conclude that when the structure and characteristics of the classifier are limited, a reasonable selection of the feature extraction space can help improve the characteristics of the classifier and better achieve the downstream tasks in the security field.

Peixin Liao,Xvxin Huang,Qiangbo Huang,Yanming Liang,Zhongxiao Wang,Denghui Zhang

DOI: https://doi.org/10.1109/cloudnet59005.2023.10490021

2023-01-01

Abstract:The rapid expansion of the Internet has boosted the widespread adoption of cloud technology across data-center fabrics and generated massive traffic. The emerging intrusion traffic brings new challenges to network security. Despite the remarkable advancements made by deep learning (DL) in fields including computer vision (CV) and natural language processing (NLP), its effectiveness in handling discrete time-series data, particularly in anomaly traffic, remains poor. It also fails to offer interpretability for prediction results, impeding its practicability to guide subsequent steps such as intrusion detection and prevention. This paper presents an interpretable intrusion detection system (IDS) based on feature importance. The approach first extracts significant features by methods including the Principal Component Analysis (PCA) and decision tree (DT). Then it converts important features into 2D feature images so that integrating with existing convolutional neural networks (CNNs) for predictions. Comparative experiments with more than 10 existing methods demonstrate this proposed method enhances detection capabilities and enable the intuitive interpretability of the analysis procedure.

Xuejiao Chen,Minyao Liu,Zixuan Wang,Yun Wang

DOI: https://doi.org/10.3390/s24165223

2024-08-12

Abstract:With the rapid advancement of the Internet of Things, network security has garnered increasing attention from researchers. Applying deep learning (DL) has significantly enhanced the performance of Network Intrusion Detection Systems (NIDSs). However, due to its complexity and "black box" problem, deploying DL-based NIDS models in practical scenarios poses several challenges, including model interpretability and being lightweight. Feature selection (FS) in DL models plays a crucial role in minimizing model parameters and decreasing computational overheads while enhancing NIDS performance. Hence, selecting effective features remains a pivotal concern for NIDSs. In light of this, this paper proposes an interpretable feature selection method for encrypted traffic intrusion detection based on SHAP and causality principles. This approach utilizes the results of model interpretation for feature selection to reduce feature count while ensuring model reliability. We evaluate and validate our proposed method on two public network traffic datasets, CICIDS2017 and NSL-KDD, employing both a CNN and a random forest (RF). Experimental results demonstrate superior performance achieved by our proposed method.

Taotao Liu,Yu Fu,Kun Wang,Xueyuan Duan,Qiuhan Wu

DOI: https://doi.org/10.1016/j.cose.2024.104173

IF: 5.105

2024-10-30

Computers & Security

Abstract:As an important network defense approach, network intrusion detection is mainly used to identify anomaly traffic behavior. However, dominant network intrusion detection approaches are now struggling to identify the complex and variable means of attack, leading to high false alarm rate. Additionally, the feature redundancy and class imbalance problem in the intrusion detection dataset also constrain the performance of detection methods. This paper proposes a multiscale intrusion detection approach based on variance–covariance subspace distance and Equalization Loss v2 (EQL v2). Firstly, the variance–covariance subspace distance is used for feature selection on the preprocessed dataset to determine a set of representative feature subsets that can effectively approximate the original feature space. Secondly, the loss function, EQL v2, is adopted to balance the positive and negative gradients, addressing the class imbalance problem. Finally, a pyramid depthwise separable convolution model is proposed to capture the multiscale information of the traffic, and the convolutional layer in the depthwise convolution is replaced with self-supervised predictive convolutional attention block to compensate for the performance loss caused by the parameter reduction. Extensive experiments demonstrated that the proposed approach exhibits better performance on the three datasets of NSL-KDD, UNSW_NB15, and CIC-IDS-2017, with accuracy rates of 99.19%, 97.81%, and 99.83%, respectively, effectively improve the intrusion detection performance.

computer science, information systems

Yongle Chen,Yubo Ji,Haoran Wang,Xiaoyan Hao,Yuli Yang,Yao Ma,Dan Yu

DOI: https://doi.org/10.1109/tii.2024.3470902

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is limited. In this article, a causal inference-based adversarial adaptive approach is proposed to improve the detection performance. First, the data feature space mapping between cross-domain datasets is realized through causal inference. Second, the graph structure relationship and time series features contained in the data features are mined and two-dimensional. Finally, IDS is constructed through common domain-adversarial transfer learning based on high-impact features and fine-tuning based on remaining features. This method can not only construct a cross-application or cross-protocol IDS with a high F1-score for imbalanced data, but also detect some new attacks in the target domain. As for the problem of cross-domain data imbalance, the F1-scores of the trained ICS model in the two cross-domain tasks respectively reached 97.27% and 97.78%. In the detection of new attacks in the target domain, the trained ICS model achieved an average F1-score of 97% for known attacks and the best F1-scores of the two cross-domain tasks reached 90% and 56%.

Ya-Li Wu,Guo-Ting Li,Yu-Long Fu,Xiao-Peng Wang

DOI: https://doi.org/10.23919/chicc.2019.8866263

2019-01-01

Abstract:Compared with traditional machine learning, intrusion detection based on deep learning has the advantage of feature extraction. Auto-encoders, owing to having good feature extraction and dimensionality reduction ability, are known for the superior performance. However, the network structure selection is time-consuming and laborious. The essential features cannot be automatically extracted according to different distribution characteristics of the data set. Moreover, the existing data pre-processing method fails to adapt the model better. Based on the stack sparse auto-encoders (SSAE), we propose a new intrusion detection model named DBSO-SSAE. The algorithm is based on difference brain storm optimization (DBSO) which automatically adapts to selection network framework. Meanwhile, a new normalization strategy is introduced to further improve the accuracy of the model. The simulation results show that DBSO-SSAE greatly reduces the complexity of manual tuning and increases the adaptability of the network model.

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Seshu Bhavani Mallampati,Hari Seetha

DOI: https://doi.org/10.1142/s0219649223500661

2023-11-22

Journal of Information & Knowledge Management

Abstract:Journal of Information &Knowledge Management, Ahead of Print. With advances in computer network technology, the Internet has become an integral part of our daily lives. It goes without saying that providing security to network data is crucial. To this effect, the intrusion detection system (IDS) is vital for defending networks against cyberattacks. However, the high dimensionality of data is a significant issue that impacts categorisation accuracy. Therefore, we proposed a novel integrated feature extraction method called PC-UDAE that uses principal component analysis (PCA) and Unsupervised Deep Autoencoder (UDAE) to extract linear and nonlinear relationships. Also, to address the class imbalance, synthetic minority class samples are generated using the combination of Synthetic Minority Over Sampling Technique and Edited Nearest Neighbour (SMOTE-ENN). Finally, the extracted features are trained by using supervised machine learning models like Random Forest (RF), Extreme Gradient Boosting Machine (XGBM), Decision Tree (DT), Light Gradient Boosting Machine (LGBM), Extra Tree (ET), Support Vector Machine (SVM), AdaBoost (AB), and K-Nearest Neighbour (KNN) with the original imbalanced and balanced data. We analysed our suggested model using UNSW-NB 15, NSL-KDD, Ton-IoT data sets and obtained 98.85%, 99.59%, and 99.97% accuracy, respectively. Our experimental findings show that our proposed method outperformed all other competing methods.

Taining Zhang,Yihan Xiao,C. Xing,Zhongkai Zhao

DOI: https://doi.org/10.1109/ACCESS.2019.2904620

IF: 3.9

2019-03-12

IEEE Access

Abstract:With the popularity and development of network technology and the Internet, intrusion detection systems (IDSs), which can identify attacks, have been developed. Traditional intrusion detection algorithms typically employ mining association rules to identify intrusion behaviors. However, they fail to fully extract the characteristic information of user behaviors and encounter various problems, such as high false alarm rate (FAR), poor generalization capability, and poor timeliness. In this paper, we propose a network intrusion detection model based on a convolutional neural network–IDS (CNN–IDS). Redundant and irrelevant features in the network traffic data are first removed using different dimensionality reduction methods. Features of the dimensionality reduction data are automatically extracted using the CNN, and more effective information for identifying intrusion is extracted by supervised learning. To reduce the computational cost, we convert the original traffic vector format into an image format and use a standard KDD-CUP99 dataset to evaluate the performance of the proposed CNN model. The experimental results indicate that the AC, FAR, and timeliness of the CNN–IDS model are higher than those of traditional algorithms. Therefore, the model we propose has not only research significance but also practical value.

Engineering,Computer Science

Jalaiah Saikam,Koteswararao Ch

DOI: https://doi.org/10.1109/access.2024.3350197

IF: 3.9

2024-02-07

IEEE Access

Abstract:Intrusion detection systems (IDS) are crucial to network security by identifying and stopping harmful actions. The network intrusion data are blended into many typical instances due to the dynamic and time-varying networking surroundings. This leads to a lack of instances for training models and detection outcomes with a high false detection rate. In response to the data imbalance issue, we provide a network intrusion detection (NIDS) technique that combines deep networks and hybrid sampling. With the help of the Difficult Set Sampling Technique (DSSTE) algorithm, we first reduce the noise samples in the majority category before applying Deep Convolutional Generative Adversarial Networks (DCGANs) to boost the minority sample size. Additionally, we create a deep network model using DenseNet169 to extract spatial characteristics and Self Attention-based Transformer (SAT-Net) to extract temporal features. This technique accurately extracts the distinctive characteristics of the data. Finally, we employed the Enhanced Elman Spike Neural Network (EESNN) to classify the attack categories. We undertake experiments on the more recent and comprehensive intrusion datasets BOT-IOT, ToN-IoT, and CICIDS2019 to validate the suggested technique. Results indicate that our suggested system outperforms comparable works regarding accuracy, false alarm rate, recall, and precision.

computer science, information systems,telecommunications,engineering, electrical & electronic