The flourishing complex network theory has aroused increasing interest in studying the properties of real-world networks. Based on the traffic network of Chang-Zhu Tan urban agglomeration in central China, some basic ...The flourishing complex network theory has aroused increasing interest in studying the properties of real-world networks. Based on the traffic network of Chang-Zhu Tan urban agglomeration in central China, some basic network topological characteristics were computed with data collected from local traffic maps, which showed that the traffic networks were small-world networks with strong resilience against failure; more importantly, the investigations of as- sortativity coefficient and average nearestlneighbour degree implied the disassortativity of the traffic networks. Since traffic network hierarchy as an important basic property has been neither studied intensively nor proved quantitatively, the authors are inspired to analyse traffic network hierarchy with disassortativity and to finely characterize hierarchy in the traffic networks by using the n-degree-n-clustering coefficient relationship. Through numerical results and analyses an exciting conclusion is drawn that the traffic networks exhibit a significant hierarchy, that is, the traffic networks are proved to be hierarchically organized. The result provides important information and theoretical groundwork for optimal transport planning.展开更多
This paper comprehensively analyzes the evolution of traffic light systems in Shanghai,highlighting the technological advancements and their impact on traffic management and safety.Starting from the historical context...This paper comprehensively analyzes the evolution of traffic light systems in Shanghai,highlighting the technological advancements and their impact on traffic management and safety.Starting from the historical context of the first traffic light in London in 1868 to the modern automated systems,the study explores the complexity and adaptability of traffic lights in Shanghai.Through field surveys and interviews with traffic engineers,the paper debunks common misconceptions about traffic light operation,revealing a sophisticated network that responds to real-time traffic dynamics using software like the Sydney Coordinated Adaptive Traffic System(SCATS)6.The study also discusses the importance of pedestrian safety,suggesting future enhancements such as Global Positioning System(GPS)based emergency systems and accommodations for color-blind individuals.The paper further delves into the potential of Artificial Intelligence(AI)and Vehicle-to-Infrastructure(V21)technology in revolutionizing traffic light systems,emphasizing their role in improving traffic flow and safety.The findings underscore Shanghai’s progressive approach to traffic management,showcasing the city’s commitment to optimizing traffic control solutions for the benefit of both vehicles and pedestrians.展开更多
Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researche...Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.展开更多
Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract loc...Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.展开更多
With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods...With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods have gained attention due to their ability to leverage diverse feature sets from encrypted traffic,improving classification accuracy.However,existing research predominantly relies on late fusion techniques,which hinder the full utilization of deep features within the data.To address this limitation,we propose a novel multimodal encrypted traffic classification model that synchronizes modality fusion with multiscale feature extraction.Specifically,our approach performs real-time fusion of modalities at each stage of feature extraction,enhancing feature representation at each level and preserving inter-level correlations for more effective learning.This continuous fusion strategy improves the model’s ability to detect subtle variations in encrypted traffic,while boosting its robustness and adaptability to evolving network conditions.Experimental results on two real-world encrypted traffic datasets demonstrate that our method achieves a classification accuracy of 98.23% and 97.63%,outperforming existing multimodal learning-based methods.展开更多
In the big data era,the surge in network traffic volume poses challenges for network management and cybersecurity.Network Traffic Classification(NTC)employs deep learning to categorize traffic data,aiding security and...In the big data era,the surge in network traffic volume poses challenges for network management and cybersecurity.Network Traffic Classification(NTC)employs deep learning to categorize traffic data,aiding security and analysis systems as Intrusion Detection Systems(IDS)and Intrusion Prevention Systems(IPS).However,current NTC methods,based on isolated network simulations,usually fail to adapt to new protocols and applications and ignore the effects of network conditions and user behavior on traffic patterns.To improve network traffic management insights,federated learning frameworks have been proposed to aggregate diverse traffic data for collaborative model training.This approach faces challenges like data integrity,label noise,packet loss,and skewed data distributions.While label noise can be mitigated through the use of sophisticated traffic labeling tools,other issues such as packet loss and skewed data distributions encountered in Network Packet Brokers(NPB)can severely impede the efficacy of federated learning algorithms.In this paper,we introduced the Robust Traffic Classifier with Federated Contrastive Learning(FC-RTC),combining federated and contrastive learning methods.Using the Supcon-Loss function from contrastive learning,FC-RTC distinguishes between similar and dissimilar samples.Training by sample pairs,FC-RTC effectively updates when receiving corrupted traffic data with packet loss or disorder.In cases of sample imbalance,contrastive loss functions for similar samples reduce model bias towards higher proportion data.By addressing uneven data distribution and packet loss,our system enhances its capability to adapt and perform accurately in real-world network traffic analysis,meeting the specific demands of this complex field.展开更多
The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also e...The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.展开更多
Traffic prediction of wireless networks attracted many researchersand practitioners during the past decades. However, wireless traffic frequentlyexhibits strong nonlinearities and complicated patterns, which makes it ...Traffic prediction of wireless networks attracted many researchersand practitioners during the past decades. However, wireless traffic frequentlyexhibits strong nonlinearities and complicated patterns, which makes it challengingto be predicted accurately. Many of the existing approaches forpredicting wireless network traffic are unable to produce accurate predictionsbecause they lack the ability to describe the dynamic spatial-temporalcorrelations of wireless network traffic data. In this paper, we proposed anovel meta-heuristic optimization approach based on fitness grey wolf anddipper throated optimization algorithms for boosting the prediction accuracyof traffic volume. The proposed algorithm is employed to optimize the hyperparametersof long short-term memory (LSTM) network as an efficient timeseries modeling approach which is widely used in sequence prediction tasks.To prove the superiority of the proposed algorithm, four other optimizationalgorithms were employed to optimize LSTM, and the results were compared.The evaluation results confirmed the effectiveness of the proposed approachin predicting the traffic of wireless networks accurately. On the other hand,a statistical analysis is performed to emphasize the stability of the proposedapproach.展开更多
Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexi...Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.展开更多
In the paper,we propose a framework to investigate how to effectively perform traffic flow splitting in heterogeneous wireless networks from a queue point.The average packet delay in heterogeneous wireless networks is...In the paper,we propose a framework to investigate how to effectively perform traffic flow splitting in heterogeneous wireless networks from a queue point.The average packet delay in heterogeneous wireless networks is derived in a probabilistic manner.The basic idea can be understood via treating the integrated heterogeneous wireless networks as different coupled and parallel queuing systems.The integrated network performance can approach that of one queue with maximal the multiplexing gain.For the purpose of illustrating the effectively of our proposed model,the Cellular/WLAN interworking is exploited.To minimize the average delay,a heuristic search algorithm is used to get the optimal probability of splitting traffic flow.Further,a Markov process is applied to evaluate the performance of the proposed scheme and compare with that of selecting the best network to access in terms of packet mean delay and blocking probability.Numerical results illustrate our proposed framework is effective and the flow splitting transmission can obtain more performance gain in heterogeneous wireless networks.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set f...In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.展开更多
The Peer-to-Peer(P2P)network traffic identification technology includes Transport Layer Identification(TLI)and Deep Packet Inspection(DPI)methods.By analyzing packets of the transport layer and the traffic characteris...The Peer-to-Peer(P2P)network traffic identification technology includes Transport Layer Identification(TLI)and Deep Packet Inspection(DPI)methods.By analyzing packets of the transport layer and the traffic characteristic in the P2P system,TLI can identify whether or not the network data flow belongs to the P2P system.The DPI method adopts protocol analysis technology and reverting technology.It picks up data from the P2P application layer and analyzes the characteristics of the payload to judge if the network traffic belongs to P2P applications.Due to its accuracy,robustness and classifying ability,DPI is the main method used to identify P2P traffic.Adopting the advantages of TLI and DPI,a precise and efficient technology for P2P network traffic identification can be designed.展开更多
Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportati...Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportation,industry,personal life,and other socio-economic fields.The introduction of deep learning has brought new security challenges,like an increment in abnormal traffic,which threatens network security.Insufficient feature extraction leads to less accurate classification results.In abnormal traffic detection,the data of network traffic is high-dimensional and complex.This data not only increases the computational burden of model training but also makes information extraction more difficult.To address these issues,this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection.To fully utilize the multi-scale information in network traffic,a Multi-scale Dilated feature extraction(MD)block is introduced.This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field.The proposed Max-feature-map Residual with Dual-channel pooling(MRD)block integrates the maximum feature map with the residual block.This module ensures the model focuses on key information,thereby optimizing computational efficiency and reducing unnecessary information redundancy.Experimental results show that compared to the latest methods,the proposed abnormal traffic detection model improves accuracy by about 2%.展开更多
In the rapidly evolving field of cybersecurity,the challenge of providing realistic exercise scenarios that accurately mimic real-world threats has become increasingly critical.Traditional methods often fall short in ...In the rapidly evolving field of cybersecurity,the challenge of providing realistic exercise scenarios that accurately mimic real-world threats has become increasingly critical.Traditional methods often fall short in capturing the dynamic and complex nature of modern cyber threats.To address this gap,we propose a comprehensive framework designed to create authentic network environments tailored for cybersecurity exercise systems.Our framework leverages advanced simulation techniques to generate scenarios that mirror actual network conditions faced by professionals in the field.The cornerstone of our approach is the use of a conditional tabular generative adversarial network(CTGAN),a sophisticated tool that synthesizes realistic synthetic network traffic by learning fromreal data patterns.This technology allows us to handle technical components and sensitive information with high fidelity,ensuring that the synthetic data maintains statistical characteristics similar to those observed in real network environments.By meticulously analyzing the data collected from various network layers and translating these into structured tabular formats,our framework can generate network traffic that closely resembles that found in actual scenarios.An integral part of our process involves deploying this synthetic data within a simulated network environment,structured on software-defined networking(SDN)principles,to test and refine the traffic patterns.This simulation not only facilitates a direct comparison between the synthetic and real traffic but also enables us to identify discrepancies and refine the accuracy of our simulations.Our initial findings indicate an error rate of approximately 29.28%between the synthetic and real traffic data,highlighting areas for further improvement and adjustment.By providing a diverse array of network scenarios through our framework,we aim to enhance the exercise systems used by cybersecurity professionals.This not only improves their ability to respond to actual cyber threats but also ensures that the exercise is cost-effective and efficient.展开更多
VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and c...VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions.展开更多
Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traff...Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traffic essential.Existing methods for detecting encrypted traffic face two significant challenges.First,relying solely on the original byte information for classification fails to leverage the rich temporal relationships within network traffic.Second,machine learning and convolutional neural network methods lack sufficient network expression capabilities,hindering the full exploration of traffic’s potential characteristics.To address these limitations,this study introduces a traffic classification method that utilizes time relationships and a higher-order graph neural network,termed HGNN-ETC.This approach fully exploits the original byte information and chronological relationships of traffic packets,transforming traffic data into a graph structure to provide the model with more comprehensive context information.HGNN-ETC employs an innovative k-dimensional graph neural network to effectively capture the multi-scale structural features of traffic graphs,enabling more accurate classification.We select the ISCXVPN and the USTC-TK2016 dataset for our experiments.The results show that compared with other state-of-the-art methods,our method can obtain a better classification effect on different datasets,and the accuracy rate is about 97.00%.In addition,by analyzing the impact of varying input specifications on classification performance,we determine the optimal network data truncation strategy and confirm the model’s excellent generalization ability on different datasets.展开更多
Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded...Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.展开更多
With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of ...With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of network security,especially in identifying malicious attacks.However,due to the uneven distribution of network traffic data,particularly the imbalance between attack traffic and normal traffic,as well as the imbalance between minority class attacks and majority class attacks,traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data.To effectively tackle this challenge,we have designed a lightweight intrusion detection model based on diffusion mechanisms,named Diff-IDS,with the core objective of enhancing the model’s efficiency in parsing complex network traffic features,thereby significantly improving its detection speed and training efficiency.The model begins by finely filtering network traffic features and converting them into grayscale images,while also employing image-flipping techniques for data augmentation.Subsequently,these preprocessed images are fed into a diffusion model based on the Unet architecture for training.Once the model is trained,we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness.Finally,we devise an end-to-end lightweight detection strategy to streamline the model,enabling efficient lightweight detection of imbalanced samples.Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks,including CICIDS 2017,KDD 99,and NSL-KDD.The experimental results indicate that Diff-IDS leads in terms of detection accuracy,training efficiency,and lightweight metrics compared to the current state-of-the-art models,demonstrating exceptional detection capabilities and robustness.展开更多
In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to ca...In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou (Zhejiang province) and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou (Jiangsu province), the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.展开更多
基金supported by the National Natural Science Foundation of China (Grant No. 60964006)the Scientific Research Innovation Fund Project for Graduate Student of Hunan,China (Grant No.3340-74236000003)the Open Program of State Key Laboratory of Rail Traffic Control and Safety (Beijing Jiaotong University),China (Grant No.2007K-0027)
文摘The flourishing complex network theory has aroused increasing interest in studying the properties of real-world networks. Based on the traffic network of Chang-Zhu Tan urban agglomeration in central China, some basic network topological characteristics were computed with data collected from local traffic maps, which showed that the traffic networks were small-world networks with strong resilience against failure; more importantly, the investigations of as- sortativity coefficient and average nearestlneighbour degree implied the disassortativity of the traffic networks. Since traffic network hierarchy as an important basic property has been neither studied intensively nor proved quantitatively, the authors are inspired to analyse traffic network hierarchy with disassortativity and to finely characterize hierarchy in the traffic networks by using the n-degree-n-clustering coefficient relationship. Through numerical results and analyses an exciting conclusion is drawn that the traffic networks exhibit a significant hierarchy, that is, the traffic networks are proved to be hierarchically organized. The result provides important information and theoretical groundwork for optimal transport planning.
文摘This paper comprehensively analyzes the evolution of traffic light systems in Shanghai,highlighting the technological advancements and their impact on traffic management and safety.Starting from the historical context of the first traffic light in London in 1868 to the modern automated systems,the study explores the complexity and adaptability of traffic lights in Shanghai.Through field surveys and interviews with traffic engineers,the paper debunks common misconceptions about traffic light operation,revealing a sophisticated network that responds to real-time traffic dynamics using software like the Sydney Coordinated Adaptive Traffic System(SCATS)6.The study also discusses the importance of pedestrian safety,suggesting future enhancements such as Global Positioning System(GPS)based emergency systems and accommodations for color-blind individuals.The paper further delves into the potential of Artificial Intelligence(AI)and Vehicle-to-Infrastructure(V21)technology in revolutionizing traffic light systems,emphasizing their role in improving traffic flow and safety.The findings underscore Shanghai’s progressive approach to traffic management,showcasing the city’s commitment to optimizing traffic control solutions for the benefit of both vehicles and pedestrians.
基金supported by National Natural Science Foundation of China(62473341)Key Technologies R&D Program of Henan Province(242102211071,252102211086,252102210166).
文摘Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.
基金supported by the Xiamen Science and Technology Subsidy Project(No.2023CXY0318).
文摘Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.
基金supported by the National Key Research and Development Program of China No.2023YFB2705000.
文摘With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods have gained attention due to their ability to leverage diverse feature sets from encrypted traffic,improving classification accuracy.However,existing research predominantly relies on late fusion techniques,which hinder the full utilization of deep features within the data.To address this limitation,we propose a novel multimodal encrypted traffic classification model that synchronizes modality fusion with multiscale feature extraction.Specifically,our approach performs real-time fusion of modalities at each stage of feature extraction,enhancing feature representation at each level and preserving inter-level correlations for more effective learning.This continuous fusion strategy improves the model’s ability to detect subtle variations in encrypted traffic,while boosting its robustness and adaptability to evolving network conditions.Experimental results on two real-world encrypted traffic datasets demonstrate that our method achieves a classification accuracy of 98.23% and 97.63%,outperforming existing multimodal learning-based methods.
基金supported by the Joint Funds of the National Natural Science Foundation of China under grant No.U22B2025.
文摘In the big data era,the surge in network traffic volume poses challenges for network management and cybersecurity.Network Traffic Classification(NTC)employs deep learning to categorize traffic data,aiding security and analysis systems as Intrusion Detection Systems(IDS)and Intrusion Prevention Systems(IPS).However,current NTC methods,based on isolated network simulations,usually fail to adapt to new protocols and applications and ignore the effects of network conditions and user behavior on traffic patterns.To improve network traffic management insights,federated learning frameworks have been proposed to aggregate diverse traffic data for collaborative model training.This approach faces challenges like data integrity,label noise,packet loss,and skewed data distributions.While label noise can be mitigated through the use of sophisticated traffic labeling tools,other issues such as packet loss and skewed data distributions encountered in Network Packet Brokers(NPB)can severely impede the efficacy of federated learning algorithms.In this paper,we introduced the Robust Traffic Classifier with Federated Contrastive Learning(FC-RTC),combining federated and contrastive learning methods.Using the Supcon-Loss function from contrastive learning,FC-RTC distinguishes between similar and dissimilar samples.Training by sample pairs,FC-RTC effectively updates when receiving corrupted traffic data with packet loss or disorder.In cases of sample imbalance,contrastive loss functions for similar samples reduce model bias towards higher proportion data.By addressing uneven data distribution and packet loss,our system enhances its capability to adapt and perform accurately in real-world network traffic analysis,meeting the specific demands of this complex field.
基金supported by the National Natural Science Foundation of China(NSFC)under grant No.62371187the Hunan Provincial Natural Science Foundation of China under Grant Nos.2024JJ8309 and 2023JJ50495.
文摘The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project Number (PNURSP2022R323)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Traffic prediction of wireless networks attracted many researchersand practitioners during the past decades. However, wireless traffic frequentlyexhibits strong nonlinearities and complicated patterns, which makes it challengingto be predicted accurately. Many of the existing approaches forpredicting wireless network traffic are unable to produce accurate predictionsbecause they lack the ability to describe the dynamic spatial-temporalcorrelations of wireless network traffic data. In this paper, we proposed anovel meta-heuristic optimization approach based on fitness grey wolf anddipper throated optimization algorithms for boosting the prediction accuracyof traffic volume. The proposed algorithm is employed to optimize the hyperparametersof long short-term memory (LSTM) network as an efficient timeseries modeling approach which is widely used in sequence prediction tasks.To prove the superiority of the proposed algorithm, four other optimizationalgorithms were employed to optimize LSTM, and the results were compared.The evaluation results confirmed the effectiveness of the proposed approachin predicting the traffic of wireless networks accurately. On the other hand,a statistical analysis is performed to emphasize the stability of the proposedapproach.
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.
基金ACKNOWLEDGEMENT This work was supported by National Natural Science Foundation of China (Grant No. 61231008), National Basic Research Program of China (973 Program) (Grant No. 2009CB320404), Program for Changjiang Scholars and Innovative Research Team in University (Grant No. IRT0852), and the 111 Project (Grant No. B08038).
文摘In the paper,we propose a framework to investigate how to effectively perform traffic flow splitting in heterogeneous wireless networks from a queue point.The average packet delay in heterogeneous wireless networks is derived in a probabilistic manner.The basic idea can be understood via treating the integrated heterogeneous wireless networks as different coupled and parallel queuing systems.The integrated network performance can approach that of one queue with maximal the multiplexing gain.For the purpose of illustrating the effectively of our proposed model,the Cellular/WLAN interworking is exploited.To minimize the average delay,a heuristic search algorithm is used to get the optimal probability of splitting traffic flow.Further,a Markov process is applied to evaluate the performance of the proposed scheme and compare with that of selecting the best network to access in terms of packet mean delay and blocking probability.Numerical results illustrate our proposed framework is effective and the flow splitting transmission can obtain more performance gain in heterogeneous wireless networks.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
基金National Natural Science Foundation of China(U2133208,U20A20161)National Natural Science Foundation of China(No.62273244)Sichuan Science and Technology Program(No.2022YFG0180).
文摘In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.
基金This work was funded by the National Natural Science Foundation of China under Grant60473090.
文摘The Peer-to-Peer(P2P)network traffic identification technology includes Transport Layer Identification(TLI)and Deep Packet Inspection(DPI)methods.By analyzing packets of the transport layer and the traffic characteristic in the P2P system,TLI can identify whether or not the network data flow belongs to the P2P system.The DPI method adopts protocol analysis technology and reverting technology.It picks up data from the P2P application layer and analyzes the characteristics of the payload to judge if the network traffic belongs to P2P applications.Due to its accuracy,robustness and classifying ability,DPI is the main method used to identify P2P traffic.Adopting the advantages of TLI and DPI,a precise and efficient technology for P2P network traffic identification can be designed.
基金supported by the Key Research and Development Program of Xinjiang Uygur Autonomous Region(No.2022B01008)the National Natural Science Foundation of China(No.62363032)+4 种基金the Natural Science Foundation of Xinjiang Uygur Autonomous Region(No.2023D01C20)the Scientific Research Foundation of Higher Education(No.XJEDU2022P011)National Science and Technology Major Project(No.2022ZD0115803)Tianshan Innovation Team Program of Xinjiang Uygur Autonomous Region(No.2023D14012)the“Heaven Lake Doctor”Project(No.202104120018).
文摘Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportation,industry,personal life,and other socio-economic fields.The introduction of deep learning has brought new security challenges,like an increment in abnormal traffic,which threatens network security.Insufficient feature extraction leads to less accurate classification results.In abnormal traffic detection,the data of network traffic is high-dimensional and complex.This data not only increases the computational burden of model training but also makes information extraction more difficult.To address these issues,this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection.To fully utilize the multi-scale information in network traffic,a Multi-scale Dilated feature extraction(MD)block is introduced.This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field.The proposed Max-feature-map Residual with Dual-channel pooling(MRD)block integrates the maximum feature map with the residual block.This module ensures the model focuses on key information,thereby optimizing computational efficiency and reducing unnecessary information redundancy.Experimental results show that compared to the latest methods,the proposed abnormal traffic detection model improves accuracy by about 2%.
基金supported in part by the Korea Research Institute for Defense Technology Planning and Advancement(KRIT)funded by the Korean Government’s Defense Acquisition Program Administration(DAPA)under Grant KRIT-CT-21-037in part by the Ministry of Education,Republic of Koreain part by the National Research Foundation of Korea under Grant RS-2023-00211871.
文摘In the rapidly evolving field of cybersecurity,the challenge of providing realistic exercise scenarios that accurately mimic real-world threats has become increasingly critical.Traditional methods often fall short in capturing the dynamic and complex nature of modern cyber threats.To address this gap,we propose a comprehensive framework designed to create authentic network environments tailored for cybersecurity exercise systems.Our framework leverages advanced simulation techniques to generate scenarios that mirror actual network conditions faced by professionals in the field.The cornerstone of our approach is the use of a conditional tabular generative adversarial network(CTGAN),a sophisticated tool that synthesizes realistic synthetic network traffic by learning fromreal data patterns.This technology allows us to handle technical components and sensitive information with high fidelity,ensuring that the synthetic data maintains statistical characteristics similar to those observed in real network environments.By meticulously analyzing the data collected from various network layers and translating these into structured tabular formats,our framework can generate network traffic that closely resembles that found in actual scenarios.An integral part of our process involves deploying this synthetic data within a simulated network environment,structured on software-defined networking(SDN)principles,to test and refine the traffic patterns.This simulation not only facilitates a direct comparison between the synthetic and real traffic but also enables us to identify discrepancies and refine the accuracy of our simulations.Our initial findings indicate an error rate of approximately 29.28%between the synthetic and real traffic data,highlighting areas for further improvement and adjustment.By providing a diverse array of network scenarios through our framework,we aim to enhance the exercise systems used by cybersecurity professionals.This not only improves their ability to respond to actual cyber threats but also ensures that the exercise is cost-effective and efficient.
文摘VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions.
基金supported in part by the National Key Research and Development Program of China(No.2022YFB4500800)the National Science Foundation of China(No.42071431).
文摘Encrypted traffic plays a crucial role in safeguarding network security and user privacy.However,encrypting malicious traffic can lead to numerous security issues,making the effective classification of encrypted traffic essential.Existing methods for detecting encrypted traffic face two significant challenges.First,relying solely on the original byte information for classification fails to leverage the rich temporal relationships within network traffic.Second,machine learning and convolutional neural network methods lack sufficient network expression capabilities,hindering the full exploration of traffic’s potential characteristics.To address these limitations,this study introduces a traffic classification method that utilizes time relationships and a higher-order graph neural network,termed HGNN-ETC.This approach fully exploits the original byte information and chronological relationships of traffic packets,transforming traffic data into a graph structure to provide the model with more comprehensive context information.HGNN-ETC employs an innovative k-dimensional graph neural network to effectively capture the multi-scale structural features of traffic graphs,enabling more accurate classification.We select the ISCXVPN and the USTC-TK2016 dataset for our experiments.The results show that compared with other state-of-the-art methods,our method can obtain a better classification effect on different datasets,and the accuracy rate is about 97.00%.In addition,by analyzing the impact of varying input specifications on classification performance,we determine the optimal network data truncation strategy and confirm the model’s excellent generalization ability on different datasets.
基金supported by the National Natural Science Foundation of China(62303273,62373226)the National Research Foundation,Singapore through the Medium Sized Center for Advanced Robotics Technology Innovation(WP2.7)
文摘Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.
基金supported by the Key Research and Development Program of Hainan Province(Grant Nos.ZDYF2024GXJS014,ZDYF2023GXJS163)the National Natural Science Foundation of China(NSFC)(Grant Nos.62162022,62162024)Collaborative Innovation Project of Hainan University(XTCX2022XXB02).
文摘With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of network security,especially in identifying malicious attacks.However,due to the uneven distribution of network traffic data,particularly the imbalance between attack traffic and normal traffic,as well as the imbalance between minority class attacks and majority class attacks,traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data.To effectively tackle this challenge,we have designed a lightweight intrusion detection model based on diffusion mechanisms,named Diff-IDS,with the core objective of enhancing the model’s efficiency in parsing complex network traffic features,thereby significantly improving its detection speed and training efficiency.The model begins by finely filtering network traffic features and converting them into grayscale images,while also employing image-flipping techniques for data augmentation.Subsequently,these preprocessed images are fed into a diffusion model based on the Unet architecture for training.Once the model is trained,we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness.Finally,we devise an end-to-end lightweight detection strategy to streamline the model,enabling efficient lightweight detection of imbalanced samples.Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks,including CICIDS 2017,KDD 99,and NSL-KDD.The experimental results indicate that Diff-IDS leads in terms of detection accuracy,training efficiency,and lightweight metrics compared to the current state-of-the-art models,demonstrating exceptional detection capabilities and robustness.
基金National Natural Science Foundation of China, No.40371044 No.70573053
文摘In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou (Zhejiang province) and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou (Jiangsu province), the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.
