IDS-INT:Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

从中国首台紫外-可见光高光谱卫星仪器反演得到的高空间分辨率臭氧廓线

Understanding the vertical distribution of ozone is crucial when assessing both its horizontal and vertical transport,as well as when analyzing the physical and chemical properties of the atmosphere.One of the most effective ways to obtain high spatial resolution ozone profiles is through satellite observations.The Environmental Trace Gases Monitoring Instrument(EMI)deployed on the Gaofen-5 satellite is the first Chinese ultraviolet-visible hyperspectral spectrometer.However,retrieving ozone profiles using backscattered radiance values measured by the EMI is challenging due to unavailable measurement errors and a low signal-to-noise ratio.The algorithm developed for the Tropospheric Monitoring Instrument did not allow us to retrieve 87%of the EMI pixels.Therefore,we developed an algorithm specific to the characteristics of the EMI.The fitting residuals are smaller than 0.3%in most regions.The retrieved ozone profiles were in good agreement with ozonesonde data,with maximum mean biases of 20%at five latitude bands.By applying EMI averaging kernels to the ozonesonde profiles,the integrated stratospheric column ozone and tropospheric column ozone also showed excellent agreement with ozonesonde data,The lower layers(0-7.5 km)of the EMI ozone profiles reflected the seasonal variation in surface ozone derived from the China National Environmental Monitoring Center(CNEMC).However,the upper layers(9.7-16.7 km)of the ozone profiles show different trends,with the ozone peak occurring at an altitude of 9.7-16.7 km in March,2019.A stratospheric intrusion event in central China from August 11 to 15,2019,is captured using the EMI ozone profiles,potential vorticity data,and relative humidity data.The increase in the CNEMC ozone co ncentration showed that downward transport enhanced surface ozone pollution.

A Data Intrusion Tolerance Model Based on an Improved Evolutionary Game Theory for the Energy Internet

Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.

A Hybrid Intrusion Detection Method Based on Convolutional Neural Network and AdaBoost

To solve the problem of poor detection and limited application range of current intrusion detection methods,this paper attempts to use deep learning neural network technology to study a new type of intrusion detection method.Hence,we proposed an intrusion detection algorithm based on convolutional neural network(CNN)and AdaBoost algorithm.This algorithm uses CNN to extract the characteristics of network traffic data,which is particularly suitable for the analysis of continuous and classified attack data.The AdaBoost algorithm is used to classify network attack data that improved the detection effect of unbalanced data classification.We adopt the UNSW-NB15 dataset to test of this algorithm in the PyCharm environment.The results show that the detection rate of algorithm is99.27%and the false positive rate is lower than 0.98%.Comparative analysis shows that this algorithm has advantages over existing methods in terms of detection rate and false positive rate for small proportion of attack data.

An Intelligent SDN-IoT Enabled Intrusion Detection System for Healthcare Systems Using a Hybrid Deep Learning and Machine Learning Approach

The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.

Feature extraction for machine learning-based intrusion detection in IoT networks

A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.

Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

A Novel Intrusion Detection Model of Unknown Attacks Using Convolutional Neural Networks

With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.

Mafic and felsic magmatism in the Wadi Kalalat area, South Eastern Desert, Egypt: mineralogy, geochemistry and geodynamic evolution during the Neoproterozoic in the Nubian Shield

In the south Eastern Desert of Egypt,two contrasting types of magmatism(mafic and felsic) are recorded in the Wadi Kalalat area,and form the Gabal El Motaghiarat and Gabal Batuga intrusions,respectively.The two intrusions post-dates ophiolitic and arc associations represented by serpentinite and metagabbro-diorite,respectively.The mafic intrusion has a basal ultramafic member represented by fresh peridotite,which is followed upward by olivine gabbro and anorthositic or leucogabbro.This mafic intrusion pertains to the Alaskan-type mafic-ultramafic intrusions in the Arabian-Nubian Shield(ANS)being of tholeiitic nature and emplaced in a typical arc setting.On the other hand,the Gabal Batuga intrusion comprises three varieties of fresh A-type granites of high K-calc alkaline nature,which is peraluminous and garnetbearing in parts.A narrow thermal aureole in the olivine gabbro of the mafic intrusion was developed due to the intrusion of the Batuga granites.This results in the development of a hornfelsic melagabbro variety in which the composition changed from tholeiitic to a calc-alkaline composition due to the addition of S_(i)O_(2),Al_(2)O_(3),alkalis,lithosphile elements(LILEs) such as Rb(70 ppm) and Y(28 ppm) from the felsic intrusion.Outside the thermal aureole,Rb amounts 2-8 ppm and Y lies in the range <2-6ppm.It is believed that the Gabal Batuga felsic intrusion started to emplace during the waning stage of an arc system,with transition from the pre-collisional(i.e.,arc setting) to post-collisional and within plate settings.Magma from which the Gabal Batuga granites were fractionated is high-K calc-alkaline giving rise to a typical post-collisional A-type granite(A_(2)-subtype) indicating an origin from an underplating crustal source.Accordingly,it is stressed here that the younger granites in the ANS are not exclusively post-collisional and within-plate but most likely they started to develop before closure of the arc system.The possible source(s) of mafic magmas that resulted in the formation of the two intrusions are discussed.Mineralogical and geochemical data of the post-intrusion dykes(mafic and felsic) suggest typical active continental rift/within-plate settings.

Igneous intrusion contact metamorphic system and its reservoir characteristics:A case study of Paleogene Shahejie Formation in Nanpu sag of Bohai Bay Basin,China

Taking the Paleogene Shahejie Formation in Nanpu sag of Bohai Bay Basin as an example,this study comprehensively utilizes seismic,mud logging,well logging,physical property analysis and core thin section data to investigate the metamorphic reservoir formed by contact metamorphism after igneous rock intrusion.(1)A geological model of the igneous intrusion contact met amorphic system is proposed,which can be divided into five structural layers vertically:the intrusion,upper metamorphic aureole,lower metamorphic aureole,normal sedimentary layers on the roof and floor.(2)The intrusion is characterized by xenoliths indicating intrusive facies at the top,regular changes in rock texture and mineral crystallization from the center to the edge on a microscopic scale,and low-angle oblique penetrations of the intrusion through sedimentary strata on a macroscopic scale.The metamorphic aureole has characteristics such as sedimentary rocks as the host rock,typical palimpsest textures developed,various low-temperature thermal metamorphic minerals developed,and medium-low grade thermal metamorphic rocks as the lithology.(3)The reservoir in contact metamorphic aureole has two types of reservoir spaces:matrix pores and fractures.The matrix pores are secondary"intergranular pores"distributed around metamorphic minerals after thermal metamorphic transformation in metasandstones.The fractures are mainly structural fractures and intrusive compressive fractures in metamudstones.The reservoirs generally have three spatial distribution characteristics:layered,porphyritic and hydrocarbon impregnation along fracture.(4)The distribution of reservoirs in the metamorphic aureole is mainly controlled by the intensity of thermal baking.Furthermore,the distribution of favorable reservoirs is controlled by the coupling of favorable lithofacies and thermal contact metamorphism,intrusive compression and hydrothermal dissolution.The proposal and application of the geological model of the intrusion contact metamorphic system are expected to promote the discovery of exploration targets of contact metamorphic rock in Nanpu sag,and provide a reference for the study and exploration of deep contact metamorphic rock reservoirs in the Bohai Bay Basin.

Robust Malicious Executable Detection Using Host-Based Machine Learning Classifier

The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.

Mantle Driven Early Eocene Magmatic Flare-up of the Gangdese Arc, Tibet: A Case Study on the Nymo Intrusive Complex

Magmatic periodicity is recognized in continental arcs worldwide, but the mechanism responsible for punctuated arc magmatism is controversial. Continental arcs in the Trans-Himalayan orogenic system display episodic magmatism and the most voluminous flare-up in this system was in early Eocene during the transition from subduction to collision. The close association of the flare-up with collision is intriguing. Our study employs zircon Lu-Hf and bulk rock Sr-Nd isotopes, along with mineral geochemistry, to track the melt sources of the Nymo intrusive complex and the role of mantle magma during the early Eocene flare-up of the Gangdese arc, Tibet. The Nymo intrusive complex is composed of gabbronorite, diorite, quartz diorite, and granodiorite which define an arc-related calc-alkaline suite. Zircon U-Pb ages reveal that the complex was emplaced between ~50–47 Ma. Zircon Hf isotopes yield εHf(t) values of 8.2–13.1, while whole-rock Sr and Nd isotopes yield εNd(t) values of 2.7–6.5 indicative of magmatism dominated by melting of a juvenile mantle source with only minor crustal assimilation(~15%–25%) as indicated by assimilation and fractional crystallization modeling. Together with published data, the early Eocene magmatic flare-up was likely triggered by slab breakoff of subducted oceanic lithosphere at depths shallower than the overriding plate. The early Eocene magmatic flare-up may have contributed to crustal thickening of the Gangdese arc. This study provides important insights into the magmatic flare-up and its significant role in the generation of large batholiths during the transition from subduction to collision.

Blockchain-Enabled Mitigation Strategies for Distributed Denial of Service Attacks in IoT Sensor Networks:An Experimental Approach

Information security has emerged as a crucial consideration over the past decade due to escalating cyber security threats,with Internet of Things(IoT)security gaining particular attention due to its role in data communication across various industries.However,IoT devices,typically low-powered,are susceptible to cyber threats.Conversely,blockchain has emerged as a robust solution to secure these devices due to its decentralised nature.Nevertheless,the fusion of blockchain and IoT technologies is challenging due to performance bottlenecks,network scalability limitations,and blockchain-specific security vulnerabilities.Blockchain,on the other hand,is a recently emerged information security solution that has great potential to secure low-powered IoT devices.This study aims to identify blockchain-specific vulnerabilities through changes in network behaviour,addressing a significant research gap and aiming to mitigate future cybersecurity threats.Integrating blockchain and IoT technologies presents challenges,including performance bottlenecks,network scalability issues,and unique security vulnerabilities.This paper analyses potential security weaknesses in blockchain and their impact on network operations.We developed a real IoT test system utilising three prevalent blockchain applications to conduct experiments.The results indicate that Distributed Denial of Service(DDoS)attacks on low-powered,blockchain-enabled IoT sensor networks cause measurable anomalies in network and device performance,specifically:(1)an average increase in CPU core usage to 34.32%,(2)a reduction in hash rates by up to 66%,(3)an increase in batch timeout by up to 14.28%,and(4)an increase in block latency by up to 11.1%.These findings suggest potential strategies to counter future DDoS attacks on IoT networks.

Influence of typhoon MITAG on the Kuroshio intrusion in the Luzon Strait during early fall 2019

Typhoons in the western Pacific have a significant impact on the transport of heat,salt and particles through the Luzon Strait.However,there are very limited field observations of this impact because of extreme difficulties and even dangers for ship-based measurements during the rough weather.Here,we present the preliminary results from analyzing a dataset collected by a glider deployed west of the Luzon Strait a few days prior to the arrival of typhoon MITAG.The gilder data revealed an abnormally salinity(>34.8)subsurface water apparently sourced from Kuroshio intrusion during the typhoon.When typhoon MITAG traveled on the east of the Luzon Strait,the positive wind stress curl strengthened the cyclonic eddy and weakened the anti-cyclonic eddy.This led to a slowdown of Kuroshio and made its intrusion easier.The main axis of the Kuroshio at the northern part of the strait shifted westward after the typhoon and did not return to its original position until a week later.The Ekman transport from persistent northerly wind of typhoon MITAG was significant,but its importance in enhancing the Kuroshio intrusion is only secondary relative to the eddies variations.

Strengthening Network Security: Deep Learning Models for Intrusion Detectionwith Optimized Feature Subset and Effective Imbalance Handling

In recent years,frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security.This paper presents a novel intrusion detection system consisting of a data prepro-cessing stage and a deep learning model for accurately identifying network attacks.We have proposed four deep neural network models,which are constructed using architectures such as Convolutional Neural Networks(CNN),Bi-directional Long Short-Term Memory(BiLSTM),Bidirectional Gate Recurrent Unit(BiGRU),and Attention mechanism.These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models,we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset,resulting in an optimized feature subset.Moreover,we address class imbalance in the dataset using focal loss.Finally,we employ the BO-TPE algorithm to optimize the hyperparameters of the four models,maximizing their detection performance.The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively.In binary and multiclass experiments,it achieved accuracy rates of 0.999158 and 0.999091,respectively,surpassing other state-of-the-art methods.

Solute transport and geochemical modeling of the coastal quaternary aquifer, Delta Dahab Basin, South Sinai, Egypt

The wadi dahab delta is in a dry, arid coastal zone within Egypt’s south Sinai Peninsula’s eastern portion. The primary water source is the Quaternary coastal alluvial aquifer. The groundwater salinity varies from 890to 8213 mg/L, with a mean value of 3417 mg/L. The dissolved major ions have been used to calculate the seawater mixing index(SWMI) using a linear equation that discriminates the groundwater mostly affected by water–rock interaction(SWMI 1>) and other samples mixed with Seawater(SWMI < 1). The isotopic composition of groundwater for specifically chosen groundwater samples ranges from-0.645‰ to +5.212‰ for δ^(18)O and from-9.582‰ to + 22.778‰ for δ^(2)H, where the seawater represented by a Red Sea water sample(δ^(18)O + 1.64‰-δ^(2)H + 9.80‰) and reject brine water are considerably enriched the isotopic groundwater values. The geochemical NETPATH model constrained by the dissolved significant ions, isotopes, and the rock aquifer forming minerals as phases indicate the mixing percent with the seawater ranges from 9% to 97% of seawater from 91% to 3% of original recharge water. According to the SEAWAT 3-D flow models, seawater has penetrated the Northeastern Dahab delta aquifer, with the intrusion zone extending1500 m inland. The salt dissolution, upwelling of saline water, recharge from the upstream mountain block, and seawater encroachment are the primary aspects contributing to the deterioration of groundwater quality. These findings may have significance for effective groundwater withdrawal management in arid locations worldwide with similar hydrogeological systems.

Cyber Security within Smart Cities:A Comprehensive Study and a Novel Intrusion Detection-Based Approach

The expansion of smart cities,facilitated by digital communications,has resulted in an enhancement of the quality of life and satisfaction among residents.The Internet of Things(IoT)continually generates vast amounts of data,which is subsequently analyzed to offer services to residents.The growth and development of IoT have given rise to a new paradigm.A smart city possesses the ability to consistently monitor and utilize the physical environment,providing intelligent services such as energy,transportation,healthcare,and entertainment for both residents and visitors.Research on the security and privacy of smart cities is increasingly prevalent.These studies highlight the cybersecurity risks and the challenges faced by smart city infrastructure in handling and managing personal data.To effectively uphold individuals’security and privacy,developers of smart cities must earn the trust of the public.In this article,we delve into the realms of privacy and security within smart city applications.Our comprehensive study commences by introducing architecture and various applications tailored to smart cities.Then,concerns surrounding security and privacy within these applications are thoroughly explored subsequently.Following that,we delve into several research endeavors dedicated to addressing security and privacy issues within smart city applications.Finally,we emphasize our methodology and present a case study illustrating privacy and security in smart city contexts.Our proposal consists of defining an Artificial Intelligence(AI)based framework that allows:Thoroughly documenting penetration attempts and cyberattacks;promptly detecting any deviations from security standards;monitoring malicious behaviors and accurately tracing their sources;and establishing strong controls to effectively repel and prevent such threats.Experimental results using the Edge-IIoTset(Edge Industrial Internet of Things Security Evaluation Test)dataset demonstrated good accuracy.They were compared to related state-of-theart works,which highlight the relevance of our proposal.

Trusted Encrypted Traffic Intrusion Detection Method Based on Federated Learning and Autoencoder

With the rapid development of the Internet,network security and data privacy are increasingly valued.Although classical Network Intrusion Detection System(NIDS)based on Deep Learning(DL)models can provide good detection accuracy,but collecting samples for centralized training brings the huge risk of data privacy leakage.Furthermore,the training of supervised deep learning models requires a large number of labeled samples,which is usually cumbersome.The“black-box”problem also makes the DL models of NIDS untrustworthy.In this paper,we propose a trusted Federated Learning(FL)Traffic IDS method called FL-TIDS to address the above-mentioned problems.In FL-TIDS,we design an unsupervised intrusion detection model based on autoencoders that alleviates the reliance on marked samples.At the same time,we use FL for model training to protect data privacy.In addition,we design an improved SHAP interpretable method based on chi-square test to perform interpretable analysis of the trained model.We conducted several experiments to evaluate the proposed FL-TIDS.We first determine experimentally the structure and the number of neurons of the unsupervised AE model.Secondly,we evaluated the proposed method using the UNSW-NB15 and CICIDS2017 datasets.The exper-imental results show that the unsupervised AE model has better performance than the other 7 intrusion detection models in terms of precision,recall and f1-score.Then,federated learning is used to train the intrusion detection model.The experimental results indicate that the model is more accurate than the local learning model.Finally,we use an improved SHAP explainability method based on Chi-square test to analyze the explainability.The analysis results show that the identification characteristics of the model are consistent with the attack characteristics,and the model is reliable.

A Robust Approach for Multi Classification-Based Intrusion Detection through Stacking Deep Learning Models

Intrusion detection is a predominant task that monitors and protects the network infrastructure.Therefore,many datasets have been published and investigated by researchers to analyze and understand the problem of intrusion prediction and detection.In particular,the Network Security Laboratory-Knowledge Discovery in Databases(NSL-KDD)is an extensively used benchmark dataset for evaluating intrusion detection systems(IDSs)as it incorporates various network traffic attacks.It is worth mentioning that a large number of studies have tackled the problem of intrusion detection using machine learning models,but the performance of these models often decreases when evaluated on new attacks.This has led to the utilization of deep learning techniques,which have showcased significant potential for processing large datasets and therefore improving detection accuracy.For that reason,this paper focuses on the role of stacking deep learning models,including convolution neural network(CNN)and deep neural network(DNN)for improving the intrusion detection rate of the NSL-KDD dataset.Each base model is trained on the NSL-KDD dataset to extract significant features.Once the base models have been trained,the stacking process proceeds to the second stage,where a simple meta-model has been trained on the predictions generated from the proposed base models.The combination of the predictions allows the meta-model to distinguish different classes of attacks and increase the detection rate.Our experimental evaluations using the NSL-KDD dataset have shown the efficacy of stacking deep learning models for intrusion detection.The performance of the ensemble of base models,combined with the meta-model,exceeds the performance of individual models.Our stacking model has attained an accuracy of 99%and an average F1-score of 93%for the multi-classification scenario.Besides,the training time of the proposed ensemble model is lower than the training time of benchmark techniques,demonstrating its efficiency and robustness.

Macroscopic and microscopic mechanical behavior and seepage characteristics of coal under hydro-mechanical coupling

Understanding the physical,mechanical behavior,and seepage characteristics of coal under hydro-mechanical coupling holds significant importance for ensuring the stability of surrounding rock formations and preventing gas outbursts.Scanning electron microscopy,uniaxial tests,and triaxial tests were conducted to comprehensively analyze the macroscopic and microscopic physical and mechanical characteristics of coal under different soaking times.Moreover,by restoring the stress path and water injection conditions of the protective layer indoors,we explored the coal mining dynamic behavior and the evolution of permeability.The results show that water causes the micro-surface of coal to peel off and cracks to expand and develop.With the increase of soaking time,the uniaxial and triaxial strengths were gradually decreased with nonlinear trend,and decreased by 63.31%and 30.95%after soaking for 240 h,respectively.Under different water injection pressure conditions,coal permeability undergoes three stages during the mining loading process and ultimately increases to higher values.The peak stress of coal,the deviatoric stress and strain at the permeability surge point all decrease with increasing water injection pressure.The results of this research can help improve the understanding of the coal mechanical properties and seepage evolution law under hydro-mechanical coupling.