With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have a...With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.展开更多
The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion dete...The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion detection system.It uses a combined method that integrates machine learning(ML)and deep learning(DL)techniques to improve the protection of contemporary information technology(IT)systems.Unlike traditional signature-based or singlemodel methods,this system integrates the strengths of ensemble learning for binary classification and deep learning for multi-class classification.This combination provides a more nuanced and adaptable defense.The research utilizes the NF-UQ-NIDS-v2 dataset,a recent,comprehensive benchmark for evaluating network intrusion detection systems(NIDS).Our methodological framework employs advanced artificial intelligence techniques.Specifically,we use ensemble learning algorithms(Random Forest,Gradient Boosting,AdaBoost,and XGBoost)for binary classification.Deep learning architectures are also employed to address the complexities of multi-class classification,allowing for fine-grained identification of intrusion types.To mitigate class imbalance,a common problem in multi-class intrusion detection that biases model performance,we use oversampling and data augmentation.These techniques ensure equitable class representation.The results demonstrate the efficacy of the proposed hybrid ML-DL system.It achieves significant improvements in intrusion detection accuracy and reliability.This research contributes substantively to cybersecurity by providing a more robust and adaptable intrusion detection solution.展开更多
The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Netwo...The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Network(GNN)-based feature selection strategy specifically tailored forNetwork Intrusion Detection Systems(NIDS).By modeling feature correlations and leveraging their topological relationships,this method addresses challenges such as feature redundancy and class imbalance.Experimental analysis using the KDDTest+dataset demonstrates that the proposed model achieves 98.5% detection accuracy,showing notable gains in both computational efficiency and minority class detection.Compared to conventional machine learning methods,the GNN-based approach exhibits a superior capability to adapt to the dynamics of evolving cyber threats.The findings support the feasibility of deploying GNNs for scalable,real-time anomaly detection in modern networks.Furthermore,key predictive features,notably f35 and f23,are identified and validated through correlation analysis,thereby enhancing the model’s interpretability and effectiveness.展开更多
Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class at...Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class attacks,this study proposes an intrusion detection method based on a two-layer structure.The first layer employs a CNN-BiLSTM model incorporating an attention mechanism to classify network traffic into normal traffic,majority class attacks,and merged minority class attacks.The second layer further segments the minority class attacks through Stacking ensemble learning.The datasets are selected from the generic network dataset CIC-IDS2017,NSL-KDD,and the industrial network dataset Mississippi Gas Pipeline dataset to enhance the generalization and practical applicability of the model.Experimental results show that the proposed model achieves an overall detection accuracy of 99%,99%,and 95%on the CIC-IDS2017,NSL-KDD,and industrial network datasets,respectively.It also significantly outperforms traditional methods in terms of detection accuracy and recall rate for minority class attacks.Compared with the single-layer deep learning model,the two-layer structure effectively reduces the false alarm rate while improving the minority-class attack detection performance.The research in this paper not only improves the adaptability of NIDS to complex network environments but also provides a new solution for minority-class attack detection in industrial network security.展开更多
The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also e...The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.展开更多
6G is desired to support more intelligence networks and this trend attaches importance to the self-healing capability if degradation emerges in the cellular networks.As a primary component of selfhealing networks,faul...6G is desired to support more intelligence networks and this trend attaches importance to the self-healing capability if degradation emerges in the cellular networks.As a primary component of selfhealing networks,fault detection is investigated in this paper.Considering the fast response and low timeand-computational consumption,it is the first time that the Online Broad Learning System(OBLS)is applied to identify outages in cellular networks.In addition,the Automatic-constructed Online Broad Learning System(AOBLS)is put forward to rationalize its structure and consequently avoid over-fitting and under-fitting.Furthermore,a multi-layer classification structure is proposed to further improve the classification performance.To face the challenges caused by imbalanced data in fault detection problems,a novel weighting strategy is derived to achieve the Multilayer Automatic-constructed Weighted Online Broad Learning System(MAWOBLS)and ensemble learning with retrained Support Vector Machine(SVM),denoted as EMAWOBLS,for superior treatment with this imbalance issue.Simulation results show that the proposed algorithm has excellent performance in detecting faults with satisfactory time usage.展开更多
A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a...A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.展开更多
A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have ...A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
Target detection is an important task in computer vision research, and such an anomaly detection and the topic of small target detection task is more concerned. However, there are still some problems in this kind of r...Target detection is an important task in computer vision research, and such an anomaly detection and the topic of small target detection task is more concerned. However, there are still some problems in this kind of researches, such as small target detection in complex environments is susceptible to background interference and poor detection results. To solve these issues, this study proposes a method which introduces the attention mechanism into the you only look once(YOLO) network. In addition, the amateur-produced mask dataset was created and experiments were conducted. The results showed that the detection effect of the proposed mothed is much better.展开更多
Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible...Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.展开更多
The increasing amount and intricacy of network traffic in the modern digital era have worsened the difficulty of identifying abnormal behaviours that may indicate potential security breaches or operational interruptio...The increasing amount and intricacy of network traffic in the modern digital era have worsened the difficulty of identifying abnormal behaviours that may indicate potential security breaches or operational interruptions. Conventional detection approaches face challenges in keeping up with the ever-changing strategies of cyber-attacks, resulting in heightened susceptibility and significant harm to network infrastructures. In order to tackle this urgent issue, this project focused on developing an effective anomaly detection system that utilizes Machine Learning technology. The suggested model utilizes contemporary machine learning algorithms and frameworks to autonomously detect deviations from typical network behaviour. It promptly identifies anomalous activities that may indicate security breaches or performance difficulties. The solution entails a multi-faceted approach encompassing data collection, preprocessing, feature engineering, model training, and evaluation. By utilizing machine learning methods, the model is trained on a wide range of datasets that include both regular and abnormal network traffic patterns. This training ensures that the model can adapt to numerous scenarios. The main priority is to ensure that the system is functional and efficient, with a particular emphasis on reducing false positives to avoid unwanted alerts. Additionally, efforts are directed on improving anomaly detection accuracy so that the model can consistently distinguish between potentially harmful and benign activity. This project aims to greatly strengthen network security by addressing emerging cyber threats and improving their resilience and reliability.展开更多
The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protectin...The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.展开更多
Based on lightning location data of lightning monitoring network in Guizhou Province in recent eight years,the effective detection radius of a station and the effective detection range of lightning monitoring network ...Based on lightning location data of lightning monitoring network in Guizhou Province in recent eight years,the effective detection radius of a station and the effective detection range of lightning monitoring network in Guizhou Province were analyzed. The results show that the effective detection radius of a lightning monitoring sub-station in Guizhou Province is 160 km; some counties in the southwest,northwest and northeast of Guizhou were not detected. To improve the detector efficiency of lightning monitoring network in Guizhou Province,it is suggested that nine sub-stations should be built in Weining,Shuicheng,Qinglong,Pingtang,Rongjiang,Yuping,Songtao,Tongren and Renhuai,so that the effective detection efficiency will reach more than 95%.展开更多
Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the foc...Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.展开更多
In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has...In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has attracted more attention and still faces severe challenges.As malware detection based traditional machine learning relies on exports’experience to design efficient features to distinguish different malware,it causes bottleneck on feature engineer and is also time-consuming to find efficient features.Due to its promising ability in automatically proposing and selecting significant features,deep learning has gradually become a research hotspot.In this paper,aiming to detect the malicious payload and identify their categories with high accuracy,we proposed a packet-based malicious payload detection and identification algorithm based on object detection deep learning network.A dataset of malicious payload on code execution vulnerability has been constructed under the Metasploit framework and used to evaluate the performance of the proposed malware detection and identification algorithm.The experimental results demonstrated that the proposed object detection network can efficiently find and identify malicious payloads with high accuracy.展开更多
To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bit...To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.展开更多
To solve the problem of the design of classifier in network threat detection, we conduct a simulation experiment for the parameters’ optimal on least squares support vector machine (LSSVM) using the classic PSO alg...To solve the problem of the design of classifier in network threat detection, we conduct a simulation experiment for the parameters’ optimal on least squares support vector machine (LSSVM) using the classic PSO algorithm, and the experiment shows that uneven distribution of the initial particle swarm exerts a great impact on the results of LSSVM algorithm’s classification. This article proposes an improved PSO-LSSVM algorithm based on Divide-and-Conquer (DCPSO- LSSVM) to split the optimal domain where the parameters of LSSVM are in. It can achieve the purpose of distributing the initial particles uniformly. And using the idea of Divide-and-Conquer, it can split a big problem into multiple sub-problems, thus, completing problems’ modularization Meanwhile, this paper introduces variation factors to make the particles escape from the local optimum. The results of experiment prove that DCPSO-LSSVM has better effect on classification of network threat detection compared with SVM and classic PSOLSSVM.展开更多
Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,w...Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS.Besides,this paper suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets.The experimental results prove validity of the scheme and algorithm,which is the foundation of the immune model.展开更多
A substantial body of work has been done to identify network anomalies using supervised and unsupervised learning techniques with their unique strengths and weaknesses.In this work,we propose a new approach that takes...A substantial body of work has been done to identify network anomalies using supervised and unsupervised learning techniques with their unique strengths and weaknesses.In this work,we propose a new approach that takes advantage of both worlds of unsupervised and supervised learnings.The main objective of the proposed approach is to enable supervised anomaly detection without the provision of the associated labels by users.To this end,we estimate the labels of each connection in the training phase using clustering.The“estimated”labels are then utilized to establish a supervised learning model for the subsequent classification of connections in the testing stage.We set up a new property that defines anomalies in the context of network anomaly detection to improve the quality of estimated labels.Through our extensive experiments with a public dataset(NSL-KDD),we will prove that the proposed method can achieve performance comparable to one with the “original”labels provided in the dataset.We also introduce two heuristic functions that minimize the impact of the randomness of clustering to improve the overall quality of the estimated labels.展开更多
文摘With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.
文摘The rapid increase in the number of Internet of Things(IoT)devices,coupled with a rise in sophisticated cyberattacks,demands robust intrusion detection systems.This study presents a holistic,intelligent intrusion detection system.It uses a combined method that integrates machine learning(ML)and deep learning(DL)techniques to improve the protection of contemporary information technology(IT)systems.Unlike traditional signature-based or singlemodel methods,this system integrates the strengths of ensemble learning for binary classification and deep learning for multi-class classification.This combination provides a more nuanced and adaptable defense.The research utilizes the NF-UQ-NIDS-v2 dataset,a recent,comprehensive benchmark for evaluating network intrusion detection systems(NIDS).Our methodological framework employs advanced artificial intelligence techniques.Specifically,we use ensemble learning algorithms(Random Forest,Gradient Boosting,AdaBoost,and XGBoost)for binary classification.Deep learning architectures are also employed to address the complexities of multi-class classification,allowing for fine-grained identification of intrusion types.To mitigate class imbalance,a common problem in multi-class intrusion detection that biases model performance,we use oversampling and data augmentation.These techniques ensure equitable class representation.The results demonstrate the efficacy of the proposed hybrid ML-DL system.It achieves significant improvements in intrusion detection accuracy and reliability.This research contributes substantively to cybersecurity by providing a more robust and adaptable intrusion detection solution.
文摘The rapid evolution of AI-driven cybersecurity solutions has led to increasingly complex network infrastructures,which in turn increases their exposure to sophisticated threats.This study proposes a Graph Neural Network(GNN)-based feature selection strategy specifically tailored forNetwork Intrusion Detection Systems(NIDS).By modeling feature correlations and leveraging their topological relationships,this method addresses challenges such as feature redundancy and class imbalance.Experimental analysis using the KDDTest+dataset demonstrates that the proposed model achieves 98.5% detection accuracy,showing notable gains in both computational efficiency and minority class detection.Compared to conventional machine learning methods,the GNN-based approach exhibits a superior capability to adapt to the dynamics of evolving cyber threats.The findings support the feasibility of deploying GNNs for scalable,real-time anomaly detection in modern networks.Furthermore,key predictive features,notably f35 and f23,are identified and validated through correlation analysis,thereby enhancing the model’s interpretability and effectiveness.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)—Innovative Human Resource Development for Local Intellectualization program grant funded by the Korea government(MSIT)(IITP-2025-RS-2022-00156334)in part by Liaoning Province Nature Fund Project(2024-BSLH-214).
文摘Network Intrusion Detection System(NIDS)detection of minority class attacks is always a difficult task when dealing with attacks in complex network environments.To improve the detection capability of minority-class attacks,this study proposes an intrusion detection method based on a two-layer structure.The first layer employs a CNN-BiLSTM model incorporating an attention mechanism to classify network traffic into normal traffic,majority class attacks,and merged minority class attacks.The second layer further segments the minority class attacks through Stacking ensemble learning.The datasets are selected from the generic network dataset CIC-IDS2017,NSL-KDD,and the industrial network dataset Mississippi Gas Pipeline dataset to enhance the generalization and practical applicability of the model.Experimental results show that the proposed model achieves an overall detection accuracy of 99%,99%,and 95%on the CIC-IDS2017,NSL-KDD,and industrial network datasets,respectively.It also significantly outperforms traditional methods in terms of detection accuracy and recall rate for minority class attacks.Compared with the single-layer deep learning model,the two-layer structure effectively reduces the false alarm rate while improving the minority-class attack detection performance.The research in this paper not only improves the adaptability of NIDS to complex network environments but also provides a new solution for minority-class attack detection in industrial network security.
基金supported by the National Natural Science Foundation of China(NSFC)under grant No.62371187the Hunan Provincial Natural Science Foundation of China under Grant Nos.2024JJ8309 and 2023JJ50495.
文摘The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.
基金supported in part by the National Key Research and Development Project under Grant 2020YFB1806805partially funded through a grant from Qualcomm。
文摘6G is desired to support more intelligence networks and this trend attaches importance to the self-healing capability if degradation emerges in the cellular networks.As a primary component of selfhealing networks,fault detection is investigated in this paper.Considering the fast response and low timeand-computational consumption,it is the first time that the Online Broad Learning System(OBLS)is applied to identify outages in cellular networks.In addition,the Automatic-constructed Online Broad Learning System(AOBLS)is put forward to rationalize its structure and consequently avoid over-fitting and under-fitting.Furthermore,a multi-layer classification structure is proposed to further improve the classification performance.To face the challenges caused by imbalanced data in fault detection problems,a novel weighting strategy is derived to achieve the Multilayer Automatic-constructed Weighted Online Broad Learning System(MAWOBLS)and ensemble learning with retrained Support Vector Machine(SVM),denoted as EMAWOBLS,for superior treatment with this imbalance issue.Simulation results show that the proposed algorithm has excellent performance in detecting faults with satisfactory time usage.
文摘A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.
文摘A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
基金supported by the National Key Research and Development Program of China (No.2022YFE0196000)the National Natural Science Foundation of China (No.61502429)。
文摘Target detection is an important task in computer vision research, and such an anomaly detection and the topic of small target detection task is more concerned. However, there are still some problems in this kind of researches, such as small target detection in complex environments is susceptible to background interference and poor detection results. To solve these issues, this study proposes a method which introduces the attention mechanism into the you only look once(YOLO) network. In addition, the amateur-produced mask dataset was created and experiments were conducted. The results showed that the detection effect of the proposed mothed is much better.
文摘Network anomaly detection plays a vital role in safeguarding network security.However,the existing network anomaly detection task is typically based on the one-class zero-positive scenario.This approach is susceptible to overfitting during the training process due to discrepancies in data distribution between the training set and the test set.This phenomenon is known as prediction drift.Additionally,the rarity of anomaly data,often masked by normal data,further complicates network anomaly detection.To address these challenges,we propose the PUNet network,which ingeniously combines the strengths of traditional machine learning and deep learning techniques for anomaly detection.Specifically,PUNet employs a reconstruction-based autoencoder to pre-train normal data,enabling the network to capture potential features and correlations within the data.Subsequently,PUNet integrates a sampling algorithm to construct a pseudo-label candidate set among the outliers based on the reconstruction loss of the samples.This approach effectively mitigates the prediction drift problem by incorporating abnormal samples.Furthermore,PUNet utilizes the CatBoost classifier for anomaly detection to tackle potential data imbalance issues within the candidate set.Extensive experimental evaluations demonstrate that PUNet effectively resolves the prediction drift and data imbalance problems,significantly outperforming competing methods.
文摘The increasing amount and intricacy of network traffic in the modern digital era have worsened the difficulty of identifying abnormal behaviours that may indicate potential security breaches or operational interruptions. Conventional detection approaches face challenges in keeping up with the ever-changing strategies of cyber-attacks, resulting in heightened susceptibility and significant harm to network infrastructures. In order to tackle this urgent issue, this project focused on developing an effective anomaly detection system that utilizes Machine Learning technology. The suggested model utilizes contemporary machine learning algorithms and frameworks to autonomously detect deviations from typical network behaviour. It promptly identifies anomalous activities that may indicate security breaches or performance difficulties. The solution entails a multi-faceted approach encompassing data collection, preprocessing, feature engineering, model training, and evaluation. By utilizing machine learning methods, the model is trained on a wide range of datasets that include both regular and abnormal network traffic patterns. This training ensures that the model can adapt to numerous scenarios. The main priority is to ensure that the system is functional and efficient, with a particular emphasis on reducing false positives to avoid unwanted alerts. Additionally, efforts are directed on improving anomaly detection accuracy so that the model can consistently distinguish between potentially harmful and benign activity. This project aims to greatly strengthen network security by addressing emerging cyber threats and improving their resilience and reliability.
基金funded by the National Natural Science Foundation of China(grant number.62171228)National Key Research and Development Program of China(grant number.2021YFE0105500).
文摘The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.
基金Supported by the Foundation for Young Scholars of Guizhou Meteorological Bureau,China(QN[2012]13)
文摘Based on lightning location data of lightning monitoring network in Guizhou Province in recent eight years,the effective detection radius of a station and the effective detection range of lightning monitoring network in Guizhou Province were analyzed. The results show that the effective detection radius of a lightning monitoring sub-station in Guizhou Province is 160 km; some counties in the southwest,northwest and northeast of Guizhou were not detected. To improve the detector efficiency of lightning monitoring network in Guizhou Province,it is suggested that nine sub-stations should be built in Weining,Shuicheng,Qinglong,Pingtang,Rongjiang,Yuping,Songtao,Tongren and Renhuai,so that the effective detection efficiency will reach more than 95%.
基金the Natural Science Foundation of China (No. 61802404, 61602470)the Strategic Priority Research Program (C) of the Chinese Academy of Sciences (No. XDC02040100)+3 种基金the Fundamental Research Funds for the Central Universities of the China University of Labor Relations (No. 20ZYJS017, 20XYJS003)the Key Research Program of the Beijing Municipal Science & Technology Commission (No. D181100000618003)partially the Key Laboratory of Network Assessment Technology,the Chinese Academy of Sciencesthe Beijing Key Laboratory of Network Security and Protection Technology
文摘Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.
基金This work was supported by Natural Science Foundation of China(61702013,61572492)the National Key research and Development Plan(Grant No.2018YFB0803504)+1 种基金Joint of Beijing Natural Science Foundation and Education Commission(KZ201810009011)Science and Technology Innovation Project of North China University of Technology(19XN108).
文摘In recent years,the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware.Malware detection has attracted more attention and still faces severe challenges.As malware detection based traditional machine learning relies on exports’experience to design efficient features to distinguish different malware,it causes bottleneck on feature engineer and is also time-consuming to find efficient features.Due to its promising ability in automatically proposing and selecting significant features,deep learning has gradually become a research hotspot.In this paper,aiming to detect the malicious payload and identify their categories with high accuracy,we proposed a packet-based malicious payload detection and identification algorithm based on object detection deep learning network.A dataset of malicious payload on code execution vulnerability has been constructed under the Metasploit framework and used to evaluate the performance of the proposed malware detection and identification algorithm.The experimental results demonstrated that the proposed object detection network can efficiently find and identify malicious payloads with high accuracy.
文摘To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.
基金Supported by the Special Fund of Financial Support for Development of Local Universities in China(2012-140 &2012-118)The Science and Technology Foundation of Guizhou Provincial([2011] 2213)Natural Sciences Research Foundation of Guizhou Normal University for Student(201219)
文摘To solve the problem of the design of classifier in network threat detection, we conduct a simulation experiment for the parameters’ optimal on least squares support vector machine (LSSVM) using the classic PSO algorithm, and the experiment shows that uneven distribution of the initial particle swarm exerts a great impact on the results of LSSVM algorithm’s classification. This article proposes an improved PSO-LSSVM algorithm based on Divide-and-Conquer (DCPSO- LSSVM) to split the optimal domain where the parameters of LSSVM are in. It can achieve the purpose of distributing the initial particles uniformly. And using the idea of Divide-and-Conquer, it can split a big problem into multiple sub-problems, thus, completing problems’ modularization Meanwhile, this paper introduces variation factors to make the particles escape from the local optimum. The results of experiment prove that DCPSO-LSSVM has better effect on classification of network threat detection compared with SVM and classic PSOLSSVM.
基金the National Natural Science Foundation of China(69983005)the Research Fund for the Doctoral Program of Higher Education(RFDP1999048602)
文摘Based on analyzing the techniques and architecture of existing network Intrusion Detection System(IDS),and probing into the fundament of Immune System(IS),a novel immune model is presented and applied to network IDS,which is helpful to design an effective IDS.Besides,this paper suggests a scheme to represent the self profile of network.And an automated self profile extraction algorithm is provided to extract self profile from packets.The experimental results prove validity of the scheme and algorithm,which is the foundation of the immune model.
基金This work was supported in part by Institute of Information and Communications Technology Promotion(ITP)grant funded by the Korea government(MSIP)(No.2016-0-00078,Cloud-based Security In-telligence Technology Development for the Customized Security Service Provisioning)。
文摘A substantial body of work has been done to identify network anomalies using supervised and unsupervised learning techniques with their unique strengths and weaknesses.In this work,we propose a new approach that takes advantage of both worlds of unsupervised and supervised learnings.The main objective of the proposed approach is to enable supervised anomaly detection without the provision of the associated labels by users.To this end,we estimate the labels of each connection in the training phase using clustering.The“estimated”labels are then utilized to establish a supervised learning model for the subsequent classification of connections in the testing stage.We set up a new property that defines anomalies in the context of network anomaly detection to improve the quality of estimated labels.Through our extensive experiments with a public dataset(NSL-KDD),we will prove that the proposed method can achieve performance comparable to one with the “original”labels provided in the dataset.We also introduce two heuristic functions that minimize the impact of the randomness of clustering to improve the overall quality of the estimated labels.
