With the increasing severity of network security threats,Network Intrusion Detection(NID)has become a key technology to ensure network security.To address the problem of low detection rate of traditional intrusion det...With the increasing severity of network security threats,Network Intrusion Detection(NID)has become a key technology to ensure network security.To address the problem of low detection rate of traditional intrusion detection models,this paper proposes a Dual-Attention model for NID,which combines Convolutional Neural Network(CNN)and Bidirectional Long Short-Term Memory(BiLSTM)to design two modules:the FocusConV and the TempoNet module.The FocusConV module,which automatically adjusts and weights CNN extracted local features,focuses on local features that are more important for intrusion detection.The TempoNet module focuses on global information,identifies more important features in time steps or sequences,and filters and weights the information globally to further improve the accuracy and robustness of NID.Meanwhile,in order to solve the class imbalance problem in the dataset,the EQL v2 method is used to compute the class weights of each class and to use them in the loss computation,which optimizes the performance of the model on the class imbalance problem.Extensive experiments were conducted on the NSL-KDD,UNSW-NB15,and CIC-DDos2019 datasets,achieving average accuracy rates of 99.66%,87.47%,and 99.39%,respectively,demonstrating excellent detection accuracy and robustness.The model also improves the detection performance of minority classes in the datasets.On the UNSW-NB15 dataset,the detection rates for Analysis,Exploits,and Shellcode attacks increased by 7%,7%,and 10%,respectively,demonstrating the Dual-Attention CNN-BiLSTM model’s excellent performance in NID.展开更多
With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have a...With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.展开更多
Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class at...Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class attacks,this study proposes an intrusion detection method based on a two-layer structure.The first layer employs a CNN-BiLSTM model incorporating an attention mechanism to classify network traffic into normal traffic,majority class attacks,and merged minority class attacks.The second layer further segments the minority class attacks through Stacking ensemble learning.The datasets are selected from the generic network dataset CIC-IDS2017,NSL-KDD,and the industrial network dataset Mississippi Gas Pipeline dataset to enhance the generalization and practical applicability of the model.Experimental results show that the proposed model achieves an overall detection accuracy of 99%,99%,and 95%on the CIC-IDS2017,NSL-KDD,and industrial network datasets,respectively.It also significantly outperforms traditional methods in terms of detection accuracy and recall rate for minority class attacks.Compared with the single-layer deep learning model,the two-layer structure effectively reduces the false alarm rate while improving the minority-class attack detection performance.The research in this paper not only improves the adaptability of NIDS to complex network environments but also provides a new solution for minority-class attack detection in industrial network security.展开更多
The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion dete...The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion detection system.It uses a combined method that integrates machine learning(ML)and deep learning(DL)techniques to improve the protection of contemporary information technology(IT)systems.Unlike traditional signature-based or singlemodel methods,this system integrates the strengths of ensemble learning for binary classification and deep learning for multi-class classification.This combination provides a more nuanced and adaptable defense.The research utilizes the NF-UQ-NIDS-v2 dataset,a recent,comprehensive benchmark for evaluating network intrusion detection systems(NIDS).Our methodological framework employs advanced artificial intelligence techniques.Specifically,we use ensemble learning algorithms(Random Forest,Gradient Boosting,AdaBoost,and XGBoost)for binary classification.Deep learning architectures are also employed to address the complexities of multi-class classification,allowing for fine-grained identification of intrusion types.To mitigate class imbalance,a common problem in multi-class intrusion detection that biases model performance,we use oversampling and data augmentation.These techniques ensure equitable class representation.The results demonstrate the efficacy of the proposed hybrid ML-DL system.It achieves significant improvements in intrusion detection accuracy and reliability.This research contributes substantively to cybersecurity by providing a more robust and adaptable intrusion detection solution.展开更多
The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Netwo...The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Network(GNN)-based feature selection strategy specifically tailored forNetwork Intrusion Detection Systems(NIDS).By modeling feature correlations and leveraging their topological relationships,this method addresses challenges such as feature redundancy and class imbalance.Experimental analysis using the KDDTest+dataset demonstrates that the proposed model achieves 98.5% detection accuracy,showing notable gains in both computational efficiency and minority class detection.Compared to conventional machine learning methods,the GNN-based approach exhibits a superior capability to adapt to the dynamics of evolving cyber threats.The findings support the feasibility of deploying GNNs for scalable,real-time anomaly detection in modern networks.Furthermore,key predictive features,notably f35 and f23,are identified and validated through correlation analysis,thereby enhancing the model’s interpretability and effectiveness.展开更多
The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also e...The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.展开更多
A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a...A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.展开更多
A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have ...A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,w...Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS.Besides,this paper suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets.The experimental results prove validity of the scheme and algorithm,which is the foundation of the immune model.展开更多
The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may hav...The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.展开更多
The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational neces...The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.展开更多
In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion...In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion detection on the basis of GoogLeNet Inception and deep convolutional neural networks(CNNs)models is proposed.The proposed method used the GoogLeNet Inception model to identify the network packets’binary problem.Subsequently,the characteristics of the packets’raw data and the traffic features are extracted.The CNNs model is also used to identify the multiclass intrusions by the network packets’features.In the experimental results,the proposed method shows an improvement in the identification accuracy,where it achieves up to 99.63%.In addition,the missed detection rate is reduced to be 0.1%.The results prove the high performance of the proposed method in enhancing the NIDS’s reliability.展开更多
Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the co...Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively.展开更多
The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protectin...The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.展开更多
To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bit...To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.展开更多
In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owin...In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owing to the lack of accurately labeled network traffic data,many unsupervised feature representation learning models have been proposed with state-of-theart performance.Yet,these models fail to consider the classification error while learning the feature representation.Intuitively,the learnt feature representation may degrade the performance of the classification task.For the first time in the field of intrusion detection,this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder(DAE)for learning the robust feature representation and one-class support vector machine(OCSVM)for finding the more compact decision hyperplane for intrusion detection.Specially,the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously.This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection.Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model.First,the ablation evaluation on benchmark dataset,NSL-KDD validates the design decision of the proposed model.Next,the performance evaluation on recent intrusion dataset,UNSW-NB15 signifies the stable performance of the proposed model.Finally,the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.展开更多
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism...An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.展开更多
In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciat...In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.展开更多
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune...This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.展开更多
基金supported by the High-Level Talent Foundation of Jinling Institute of Technology(grant number.JIT-B-202413).
文摘With the increasing severity of network security threats,Network Intrusion Detection(NID)has become a key technology to ensure network security.To address the problem of low detection rate of traditional intrusion detection models,this paper proposes a Dual-Attention model for NID,which combines Convolutional Neural Network(CNN)and Bidirectional Long Short-Term Memory(BiLSTM)to design two modules:the FocusConV and the TempoNet module.The FocusConV module,which automatically adjusts and weights CNN extracted local features,focuses on local features that are more important for intrusion detection.The TempoNet module focuses on global information,identifies more important features in time steps or sequences,and filters and weights the information globally to further improve the accuracy and robustness of NID.Meanwhile,in order to solve the class imbalance problem in the dataset,the EQL v2 method is used to compute the class weights of each class and to use them in the loss computation,which optimizes the performance of the model on the class imbalance problem.Extensive experiments were conducted on the NSL-KDD,UNSW-NB15,and CIC-DDos2019 datasets,achieving average accuracy rates of 99.66%,87.47%,and 99.39%,respectively,demonstrating excellent detection accuracy and robustness.The model also improves the detection performance of minority classes in the datasets.On the UNSW-NB15 dataset,the detection rates for Analysis,Exploits,and Shellcode attacks increased by 7%,7%,and 10%,respectively,demonstrating the Dual-Attention CNN-BiLSTM model’s excellent performance in NID.
文摘With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)—Innovative Human Resource Development for Local Intellectualization program grant funded by the Korea government(MSIT)(IITP-2025-RS-2022-00156334)in part by Liaoning Province Nature Fund Project(2024-BSLH-214).
文摘Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class attacks,this study proposes an intrusion detection method based on a two-layer structure.The first layer employs a CNN-BiLSTM model incorporating an attention mechanism to classify network traffic into normal traffic,majority class attacks,and merged minority class attacks.The second layer further segments the minority class attacks through Stacking ensemble learning.The datasets are selected from the generic network dataset CIC-IDS2017,NSL-KDD,and the industrial network dataset Mississippi Gas Pipeline dataset to enhance the generalization and practical applicability of the model.Experimental results show that the proposed model achieves an overall detection accuracy of 99%,99%,and 95%on the CIC-IDS2017,NSL-KDD,and industrial network datasets,respectively.It also significantly outperforms traditional methods in terms of detection accuracy and recall rate for minority class attacks.Compared with the single-layer deep learning model,the two-layer structure effectively reduces the false alarm rate while improving the minority-class attack detection performance.The research in this paper not only improves the adaptability of NIDS to complex network environments but also provides a new solution for minority-class attack detection in industrial network security.
文摘The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion detection system.It uses a combined method that integrates machine learning(ML)and deep learning(DL)techniques to improve the protection of contemporary information technology(IT)systems.Unlike traditional signature-based or singlemodel methods,this system integrates the strengths of ensemble learning for binary classification and deep learning for multi-class classification.This combination provides a more nuanced and adaptable defense.The research utilizes the NF-UQ-NIDS-v2 dataset,a recent,comprehensive benchmark for evaluating network intrusion detection systems(NIDS).Our methodological framework employs advanced artificial intelligence techniques.Specifically,we use ensemble learning algorithms(Random Forest,Gradient Boosting,AdaBoost,and XGBoost)for binary classification.Deep learning architectures are also employed to address the complexities of multi-class classification,allowing for fine-grained identification of intrusion types.To mitigate class imbalance,a common problem in multi-class intrusion detection that biases model performance,we use oversampling and data augmentation.These techniques ensure equitable class representation.The results demonstrate the efficacy of the proposed hybrid ML-DL system.It achieves significant improvements in intrusion detection accuracy and reliability.This research contributes substantively to cybersecurity by providing a more robust and adaptable intrusion detection solution.
文摘The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Network(GNN)-based feature selection strategy specifically tailored forNetwork Intrusion Detection Systems(NIDS).By modeling feature correlations and leveraging their topological relationships,this method addresses challenges such as feature redundancy and class imbalance.Experimental analysis using the KDDTest+dataset demonstrates that the proposed model achieves 98.5% detection accuracy,showing notable gains in both computational efficiency and minority class detection.Compared to conventional machine learning methods,the GNN-based approach exhibits a superior capability to adapt to the dynamics of evolving cyber threats.The findings support the feasibility of deploying GNNs for scalable,real-time anomaly detection in modern networks.Furthermore,key predictive features,notably f35 and f23,are identified and validated through correlation analysis,thereby enhancing the model’s interpretability and effectiveness.
基金supported by the National Natural Science Foundation of China(NSFC)under grant No.62371187the Hunan Provincial Natural Science Foundation of China under Grant Nos.2024JJ8309 and 2023JJ50495.
文摘The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.
文摘A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.
文摘A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
基金the National Natural Science Foundation of China(69983005)the Research Fund for the Doctoral Program of Higher Education(RFDP1999048602)
文摘Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS.Besides,this paper suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets.The experimental results prove validity of the scheme and algorithm,which is the foundation of the immune model.
基金Supported by the National Natural Science Foundation of China (No. 60671049, 61172168)and Graduate Innovation Project of Heilongjiang (No. YJSCX2011-034HLI)
文摘The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.
基金This work was supported by the National Research Foundation of Korea(NRF)NRF-2022R1A2C1011774.
文摘The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.
基金This work was supported by the Education Department of Jilin Province(No.JJKH20180518KJ)Science and Technology Research Project of Jilin Business and Technology College(No.kz2018002).
文摘In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion detection on the basis of GoogLeNet Inception and deep convolutional neural networks(CNNs)models is proposed.The proposed method used the GoogLeNet Inception model to identify the network packets’binary problem.Subsequently,the characteristics of the packets’raw data and the traffic features are extracted.The CNNs model is also used to identify the multiclass intrusions by the network packets’features.In the experimental results,the proposed method shows an improvement in the identification accuracy,where it achieves up to 99.63%.In addition,the missed detection rate is reduced to be 0.1%.The results prove the high performance of the proposed method in enhancing the NIDS’s reliability.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korean government(MSIT)(No.2021R1A2C2011391)was supported by the Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806Development of security by design and security management technology in smart factory).
文摘Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively.
基金funded by the National Natural Science Foundation of China(grant number.62171228)National Key Research and Development Program of China(grant number.2021YFE0105500).
文摘The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.
文摘To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.
基金This work was supported by the Research Deanship of Prince Sattam Bin Abdulaziz University,Al-Kharj,Saudi Arabia(Grant No.2020/01/17215).Also,the author thanks Deanship of college of computer engineering and sciences for technical support provided to complete the project successfully。
文摘In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owing to the lack of accurately labeled network traffic data,many unsupervised feature representation learning models have been proposed with state-of-theart performance.Yet,these models fail to consider the classification error while learning the feature representation.Intuitively,the learnt feature representation may degrade the performance of the classification task.For the first time in the field of intrusion detection,this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder(DAE)for learning the robust feature representation and one-class support vector machine(OCSVM)for finding the more compact decision hyperplane for intrusion detection.Specially,the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously.This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection.Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model.First,the ablation evaluation on benchmark dataset,NSL-KDD validates the design decision of the proposed model.Next,the performance evaluation on recent intrusion dataset,UNSW-NB15 signifies the stable performance of the proposed model.Finally,the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.
基金Project(50275150) supported by the National Natural Science Foundation of ChinaProjects(20040533035, 20070533131) supported by the National Research Foundation for the Doctoral Program of Higher Education of China
文摘An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.
基金supported in part by the Gansu Province Higher Education Institutions Industrial Support Program:Security Situational Awareness with Artificial Intelligence and Blockchain Technology.Project Number(2020C-29).
文摘In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.
基金Project (No. 60073034) supported by the National Natural Sci-ence Foundation of China
文摘This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.
