Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Guofeng He,Qing Lu,Guangqiang Yin,Hu Xiong

DOI: https://doi.org/10.1007/978-3-031-19214-2_54

2022-01-01

Abstract:The rapid development of the Internet has brought great changes and convenience to the society and people. With the development of the Internet, its security has been paid more and more attention. Intrusion detection can detect network attacks in real time and respond to them in time, which has become an essential and important security line. With the novel of network attack and the diversification of network traffic, traditional intrusion detection based on attack load matching and the intrusion detection based on machine learning has problems of inaccurate feature extraction and insufficient detection effect. To solve the above problems, this paper designs a hybrid neural network DCT-IDS model, using dense convolution neural network to achieve traffic feature fusion, reducing the number of parameters, using Transformer to extract time sequence features, and experimental tests were carried out on the latest dataset CIC-IDS2018. The experimental results show that the accuracy of the proposed DCT-IDS model reaches 98%, and all the indexes are better than the existing excellent models.

Jun Wang,Changfu Si,Zhen Wang,Qiang Fu

DOI: https://doi.org/10.32604/cmc.2024.050223

2024-01-01

Abstract:Nowadays, with the rapid development of industrial Internet technology, on the one hand, advanced industrial control systems (ICS) have improved industrial production efficiency. However, there are more and more cyber-attacks targeting industrial control systems. To ensure the security of industrial networks, intrusion detection systems have been widely used in industrial control systems, and deep neural networks have always been an effective method for identifying cyber attacks. Current intrusion detection methods still suffer from low accuracy and a high false alarm rate. Therefore, it is important to build a more efficient intrusion detection model. This paper proposes a hybrid deep learning intrusion detection method based on convolutional neural networks and bidirectional long short-term memory neural networks (CNN-BiLSTM). To address the issue of imbalanced data within the dataset and improve the model’s detection capabilities, the Synthetic Minority Over-sampling Technique-Edited Nearest Neighbors (SMOTE-ENN) algorithm is applied in the preprocessing phase. This algorithm is employed to generate synthetic instances for the minority class, simultaneously mitigating the impact of noise in the majority class. This approach aims to create a more equitable distribution of classes, thereby enhancing the model’s ability to effectively identify patterns in both minority and majority classes. In the experimental phase, the detection performance of the method is verified using two data sets. Experimental results show that the accuracy rate on the CICIDS-2017 data set reaches 97.7%. On the natural gas pipeline dataset collected by Lan Turnipseed from Mississippi State University in the United States, the accuracy rate also reaches 85.5%.

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Zhipeng Li,Zheng Qin,Pengbo Shen,Liu Jiang

DOI: https://doi.org/10.1007/978-3-030-36808-1_19

2019-01-01

Abstract:Intrusion detection system is an important network security facility. With the fast development of information technology, the information security is getting more serious. On the other side, making the IT equipment more intelligent via AI methods becomes a research hotpot. Recent studies show that temporal convolutional networks can outperform recurrent networks and convolutional architectures in sequence modeling problems. In this work, we propose a data processing method for intrusion detection. We conduct a systematic evaluation of temporal convolutional networks for intrusion detection with NSL_KDD data set. Compared with other standard baseline machine learning methods and some advanced deep learning architectures, the proposed model gives a promising performance in different level tests. With limited computational cost, TCN model converges fast and shows good performance. The proposed model can be easily adjusted to raw inputs and can be extended to large-scale online applications.

Sijie Luo,Zhiheng Zhao,Qiyuan Hu,Yang Liu

DOI: https://doi.org/10.1117/12.2639876

2022-01-01

Abstract:The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNN-Transformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.

Ping Zhao,Zhijie Fan,Zhiwei Cao,Xin Li

DOI: https://doi.org/10.4018/IJISP.290832

2022-01-01

International Journal of Information Security and Privacy

Abstract:In order to improve the ability to detect network attacks, traditional intrusion detection models often used convolutional neural networks to encode spatial information or recurrent neural networks to obtain temporal features of the data. Some models combined the two methods to extract spatio-temporal features. However, these approaches used separate models and learned features insufficiently. This paper presented an improved model based on temporal convolutional networks (TCN) and attention mechanism. The causal and dilation convolution can capture the spatio-temporal dependencies of the data. The residual blocks allow the network to transfer information in a cross-layered manner, enabling in-depth network learning. Meanwhile, attention mechanism can enhance the model's attention to the relevant anomalous features of different attacks. Finally, this paper compared models results on the KDD CUP99 and UNSW-NB15 datasets. The authors apply the model to video surveillance network attack detection scenarios. The result shows that the model has advantages in evaluation metrics.

Rukmini Nazre,Rujuta Budke,Omkar Oak,Suraj Sawant,Amit Joshi

2024-12-23

Abstract:Network intrusion detection is critical for securing modern networks, yet the complexity of network traffic poses significant challenges to traditional methods. This study proposes a Temporal Convolutional Network(TCN) model featuring a residual block architecture with dilated convolutions to capture dependencies in network traffic data while ensuring training stability. The TCN's ability to process sequences in parallel enables faster, more accurate sequence modeling than Recurrent Neural Networks. Evaluated on the Edge-IIoTset dataset, which includes 15 classes with normal traffic and 14 cyberattack types, the proposed model achieved an accuracy of 96.72% and a loss of 0.0688, outperforming 1D CNN, CNN-LSTM, CNN-GRU, CNN-BiLSTM, and CNN-GRU-LSTM models. A class-wise classification report, encompassing metrics such as recall, precision, accuracy, and F1-score, demonstrated the TCN model's superior performance across varied attack categories, including Malware, Injection, and DDoS. These results underscore the model's potential in addressing the complexities of network intrusion detection effectively.

Cryptography and Security,Machine Learning

Abdelouahid Derhab,Arwa Aldweesh,Ahmed Z. Emam,Farrukh Aslam Khan

DOI: https://doi.org/10.1155/2020/6689134

2020-12-22

Wireless Communications and Mobile Computing

Abstract:In the era of the Internet of Things (IoT), connected objects produce an enormous amount of data traffic that feed big data analytics, which could be used in discovering unseen patterns and identifying anomalous traffic. In this paper, we identify five key design principles that should be considered when developing a deep learning-based intrusion detection system (IDS) for the IoT. Based on these principles, we design and implement Temporal Convolution Neural Network (TCNN), a deep learning framework for intrusion detection systems in IoT, which combines Convolution Neural Network (CNN) with causal convolution. TCNN is combined with Synthetic Minority Oversampling Technique-Nominal Continuous (SMOTE-NC) to handle unbalanced dataset. It is also combined with efficient feature engineering techniques, which consist of feature space reduction and feature transformation. TCNN is evaluated on Bot-IoT dataset and compared with two common machine learning algorithms, i.e., Logistic Regression (LR) and Random Forest (RF), and two deep learning techniques, i.e., LSTM and CNN. Experimental results show that TCNN achieves a good trade-off between effectiveness and efficiency. It outperforms the state-of-the-art deep learning IDSs that are tested on Bot-IoT dataset and records an accuracy of 99.9986% for multiclass traffic detection, and shows a very close performance to CNN with respect to the training time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Jie Fu,Lina Wang,Jianpeng Ke,Kang Yang,Rongwei Yu

DOI: https://doi.org/10.1016/j.eswa.2024.125687

IF: 8.5

2025-01-01

Expert Systems with Applications

Abstract:Due to the heterogeneous and dynamic nature of networks, modeling spatiotemporal correlations has become a trend. Although spatiotemporal-based network intrusion detection systems (NIDSs) enhance the performance of intrusion classification, they still suffer from inadequacies in the multi-classification of intrusions and model generalization ability. First, the static attack topologies of network traffic always ignore some important information; Second, the interaction between spatial and temporal dimensions is rarely considered. To mitigate these issues, this paper proposes TSIDS, a spatiotemporal analysis-based approach that extracts the interaction of network behaviors for intrusion detection. TSIDS combines the spatial analysis module to extract spatial information between different events, and the temporal analysis module to learn the temporal dependencies from historical traffic data. To model spatial correlations of temporal features, we propose a feature fusion module based on our customized gating Multilayer Perceptron (cgMLP). The experimental results on four datasets show that our work is effective in intrusion detection, especially multi-classification, and outperforms other baseline methods.

Jianwu Zhang,Yu Ling,Xingbing Fu,Xiongkun Yang,Gang Xiong,Rui Zhang

DOI: https://doi.org/10.1016/j.cose.2019.101681

IF: 5.105

2019-01-01

Computers & Security

Abstract:The intrusion detection system can distinguish normal traffic from attack traffic by analyzing the characteristics of network traffic. Recently, neural networks have advanced in the fields of natural language processing, computer vision, intrusion detection and so on. In this paper, we propose a unified model combining Multiscale Convolutional Neural Network with Long Short-Term Memory (MSCNN-LSTM). The model first employs Multiscale Convolutional Neural Network(MSCNN) to analyze the spatial features of the dataset, and then employs Long Short-Term Memory (LSTM) Network to process the temporal features. Finally, the model employs the spatial-temporal features to perform the classification. In the experiment, the public intrusion detection dataset, UNSW-NB15 was employed as experimental training set and test set. Compared with the model based on the conventional neural networks, the MSCNN-LSTM model has better accuracy, false alarm rate and false negative rate.

Stephen Kahara Wanjau,Geoffrey Mariga Wambugu,Aaron Mogeni Oirere,Geoffrey Muchiri Muketha

DOI: https://doi.org/10.3233/jcs-220031

2023-02-27

Journal of Computer Security

Abstract:Increasing interest and advancement of internet and communication technologies have made network security rise as a vibrant research domain. Network intrusion detection systems (NIDSs) have developed as indispensable defense mechanisms in cybersecurity that are employed in discovery and prevention of malicious network activities. In the recent years, researchers have proposed deep learning approaches in the development of NIDSs owing to their ability to extract better representations from large corpus of data. In the literature, convolutional neural network architecture is extensively used for spatial feature learning, while the long short term memory networks are employed to learn temporal features. In this paper, a novel hybrid method that learn the discriminative spatial and temporal features from the network flow is proposed for detecting network intrusions. A two dimensional convolution neural network is proposed to intelligently extract the spatial characteristics whereas a bi-directional long short term memory is used to extract temporal features of network traffic data samples consequently, forming a deep hybrid neural network architecture for identification and classification of network intrusion samples. Extensive experimental evaluations were performed on two well-known benchmarks datasets: CIC-IDS 2017 and the NSL-KDD datasets. The proposed network model demonstrated state-of-the-art performance with experimental results showing that the accuracy and precision scores of the intrusion detection model are significantly better than those of other existing models. These results depicts the applicability of the proposed model in the spatial-temporal feature learning in network intrusion detection systems.

Yanmiao Li,Yingying Xu,Zhi Liu,Haixia Hou,Yushuo Zheng,Yang Xin,Yuefeng Zhao,Lizhen Cui

DOI: https://doi.org/10.1016/j.measurement.2019.107450

IF: 5.6

2019-01-01

Measurement

Abstract:A robust intrusion detection system plays a very important role in network security. In the face of complex network data and diverse intrusion methods, traditional machine learning methods seem to be inadequate and cannot meet the requirements of the current network environment. Existing deep learning-based methods are far from fully exploiting their potential in dealing with such one-dimensional feature data, and their performance is still unsatisfactory in detecting unknown intrusions. This paper proposes a deep learning approach for intrusion detection using a multi-convolutional neural network (multi-CNN) fusion method. According to the correlation, the feature data are divided into four parts, and then the one-dimensional feature data are converted into a grayscale graph. By using the flow data visualization method, CNN is introduced into the intrusion detection problem and the best of the four results emerge. The experimental results successfully demonstrate that the multi-CNN fusion model is very suitable for providing a classification method with high accuracy and low complexity on the NSL-KDD dataset. Furthermore, its performance is also superior to those of traditional machine learning methods and other recent deep learning approaches for binary classification and multiclass classification. This work will contribute for the data security of industrial loT. (C) 2019 Elsevier Ltd. All rights reserved.

Zhendong Wang,Xin Yang,Zhiyuan Zeng,Daojing He,Sammy Chan

DOI: https://doi.org/10.1007/s12083-024-01749-0

2024-01-01

Abstract:With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Shengwei Lei,Chunhe Xia,Zhong Li,Xiaojian Li,Tianbo Wang

DOI: https://doi.org/10.1109/tnse.2021.3109644

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Network intrusion poses a severe threat to the Internet. Intrusion detection methods based on deep learning are very effective to process and analyze intrusion data. On the one hand, they use the Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) models to extract spatial and temporal features, respectively. However, they either adopt a single model or operate two models in series. And it fails to capture temporal-spatial features effectively. On the other hand, previous methods do not consider the multi-feature correlation of intrusion data. And then they cannot get better classification performance. To address the two above problems, we propose a hybrid neural network (HNN) model by integrating multi-feature correlation and temporal-spatial analysis. First, we adopt a contribution-based feature selection. Second, we reconstruct multi-feature correlation and then apply the CNN and LSTM in parallel to extract temporal-spatial features. Finally, we splice the temporal-spatial features with the correlation features, or study the influence of the temporal-spatial features by attention mechanism. Based on the above operations, we exploit the Deep Neural Network (DNN) to detect intrusion data. The experimental results show that HNN improves 3.78%, 1.31%, 0.21%, and 1.13% accuracy on the UNSW-NB15, AWID, CICIDS 2017, and CICIDS 2018 datasets.

Yu, Junyang

DOI: https://doi.org/10.1007/s11227-024-06737-y

IF: 3.3

2024-12-12

The Journal of Supercomputing

Abstract:This study developed an advanced network intrusion detection system based on an improved multi-scale convolutional neural network architecture aimed at enhancing the accuracy of detecting network threats. By precisely capturing data features at different scales, this system significantly improves the model's ability to analyze complex network behaviors. The proposed system incorporates a novel data preprocessing method combining SMOTE and ENN techniques to address the class imbalance in datasets while resolving the overlap issue of minority and majority class samples present in the SMOTE algorithm. It also utilizes a novel feature selection approach combining Information Gain, Random Forest feature importance scoring, and Recursive Feature Elimination to optimize model performance and reduce computational load. Experiments conducted on public datasets CICIDS2017, KDDCUP99, and UNSW-NB15. The experimental results demonstrate that intrusion detection based on a multi-scale convolutional neural network exhibits high detection accuracy. Specifically, the accuracy on the KDDCUP99 and CICIDS2017 datasets all exceeded 99.85%, while on the UNSW-NB15 dataset surpassed 99.20%, indicating the method's ability to accurately identify network intrusions.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ke Cao,Jinqi Zhu,Weijia Feng,Chunmei Ma,Ming Liu,Tian Du

DOI: https://doi.org/10.1109/iwcmc51323.2021.9498652

2021-01-01

Abstract:With the rapid development of the Internet of Things (IoT), the continuous emergence of cyberattacks have brought great threat to the security of the network. Intrusion Detection System (IDS) which can identify malicious network attacks has become a strong tool to ensure network security. Many deep learning-based approaches have been used in IDS. However, most of these researches ignore the internal structural characteristics of the network traffic, and cannot accurately learn the key features of the malicious traffic. Thus, they have a low accuracy in classifying different kinds of network attacks. In this paper, we build an intrusion detection model DAL (Dense-Attention-LSTM, DAL), in which dense dilated convolutions is used to extract the underlying features of the network traffic. Then, attention mechanism is utilized to capture key features which represent the structural characteristics of traffic data. Moreover, CuDNN-based long short-term memory network is used to learn time-related information of the traffic while accelerating the convergence of the model. Finally, global maxpooling is adopted to compress data and to improve the generalization capabilities of the proposed model. Experimental results on UNSW-NB15 dataset show that the binary classification accuracy of the proposed model is up to 92.65%. Further, it can also identify various attacks with the accuracy of 81.28%. The performance of our model is better than some competing machine learning methods and some deep learning methods. We published our code at https://github.co-m/cKiNg37/IDS-model-DAL.

Chiming Xi,Hui Wang,Xubin Wang

DOI: https://doi.org/10.1038/s41598-024-74214-w

IF: 4.6

2024-10-07

Scientific Reports

Abstract:Network is an essential tool today, and the Intrusion Detection System (IDS) can ensure the safe operation. However, with the explosive growth of data, current methods are increasingly struggling as they often detect based on a single scale, leading to the oversight of potential features in the extensive traffic data, which may result in degraded performance. In this work, we propose a novel detection model utilizing multi-scale transformer namely IDS-MTran. In essence, the collaboration of multi-scale traffic features broads the pattern coverage of intrusion detection. Firstly, we employ convolution operators with various kernels to generate multi-scale features. Secondly, to enhance the representation of features and the interaction between branches, we propose Patching with Pooling (PwP) to serve as a bridge. Next, we design multi-scale transformer-based backbone to model the features at diverse scales, extracting potential intrusion trails. Finally, to fully capitalize these multi-scale branches, we propose the Cross Feature Enrichment (CFE) to integrate and enrich features, and then output the results. Sufficient experiments show that compared with other models, the proposed method can distinguish different attack types more effectively. Specifically, the accuracy on three common datasets NSL-KDD, CIC-DDoS 2019 and UNSW-NB15 has all exceeded 99%, which is more accurate and stable.

multidisciplinary sciences