The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational neces...The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.展开更多
A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a...A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.展开更多
Intrusion detection systems are increasingly using machine learning.While machine learning has shown excellent performance in identifying malicious traffic,it may increase the risk of privacy leakage.This paper focuse...Intrusion detection systems are increasingly using machine learning.While machine learning has shown excellent performance in identifying malicious traffic,it may increase the risk of privacy leakage.This paper focuses on imple-menting a model stealing attack on intrusion detection systems.Existing model stealing attacks are hard to imple-ment in practical network environments,as they either need private data of the victim dataset or frequent access to the victim model.In this paper,we propose a novel solution called Fast Model Stealing Attack(FMSA)to address the problem in the field of model stealing attacks.We also highlight the risks of using ML-NIDS in network security.First,meta-learning frameworks are introduced into the model stealing algorithm to clone the victim model in a black-box state.Then,the number of accesses to the target model is used as an optimization term,resulting in minimal queries to achieve model stealing.Finally,adversarial training is used to simulate the data distribution of the target model and achieve the recovery of privacy data.Through experiments on multiple public datasets,compared to existing state-of-the-art algorithms,FMSA reduces the number of accesses to the target model and improves the accuracy of the clone model on the test dataset to 88.9%and the similarity with the target model to 90.1%.We can demonstrate the successful execution of model stealing attacks on the ML-NIDS system even with protective measures in place to limit the number of anomalous queries.展开更多
A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have ...A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protectin...The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.展开更多
Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network I...Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS, which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network. And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.展开更多
In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciat...In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.展开更多
The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may hav...The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.展开更多
Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the co...Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively.展开更多
Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approache...Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approaches for data extraction and machine learning to find anomalies.In terms of feature selection,NIDS is far more effective.This is accurate since anomaly identification uses a number of time-consuming features.Because of this,the feature selec-tion method influences how long it takes to analyze movement patterns and how clear it is.The goal of the study is to provide NIDS with an attribute selection approach.PSO has been used for that purpose.The Network Intrusion Detection System that is being developed will be able to identify any malicious activity in the network or any unusual behavior in the network,allowing the identification of the illegal activities and safeguarding the enormous amounts of confidential data belonging to the customers from being compromised.In the research,datasets were produced utilising both a network infrastructure and a simulation network.Wireshark is used to gather data packets whereas Cisco Packet Tracer is used to build a network in a simulated environment.Additionally,a physical network consisting of six node MCUs connected to a laptop and a mobile hotspot,has been built and communication packets are being recorded using the Wireshark tool.To train several machine learning models,all the datasets that were gatheredcre-ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle-were employed.Additionally,PsO,which is an optimization method,has been used with these ML algorithms for feature selection.In the research,KNN,decision trees,and ANN have all been combined with PSO for a specific case study.And it was found demonstrated the classification methods PSO+ANN outperformed PSO+KNN and PSO+DT in this case study.展开更多
Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification...Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification of anomalies in IoT infrastructure is a growing problem in the IoT domain.Machine Learning Based Ensemble Intrusion Detection(MLEID)method is applied in order to resolve the drawback by minimizing malicious actions in related botnet attacks on Message Queue Telemetry Transport(MQTT)and Hyper-Text Transfer Proto-col(HTTP)protocols.The proposed work has two significant contributions which are a selection of features and detection of attacks.New features are chosen from Improved Ant Colony Optimization(IACO)in the feature selection,and then the detection of attacks is carried out based on a combination of their possible proper-ties.The IACO approach is focused on defining the attacker’s important features against HTTP and MQTT.In the IACO algorithm,the constant factor is calculated against HTTP and MQTT based on the mean function for each element.Attack detection,the performance of several machine learning models are Distance Deci-sion Tree(DDT),Adaptive Neuro-Fuzzy Inference System(ANFIS)and Mahala-nobis Distance Support Vector Machine(MDSVM)were compared with predicting accurate attacks on the IoT network.The outcomes of these classifiers are combined into the ensemble model.The proposed MLEID strategy has effec-tively established malicious incidents.The UNSW-NB15 dataset is used to test the MLEID technique using data from simulated IoT sensors.Besides,the pro-posed MLEID technique has a greater detection rate and an inferior rate of false-positive compared to other conventional techniques.展开更多
In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion...In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion detection on the basis of GoogLeNet Inception and deep convolutional neural networks(CNNs)models is proposed.The proposed method used the GoogLeNet Inception model to identify the network packets’binary problem.Subsequently,the characteristics of the packets’raw data and the traffic features are extracted.The CNNs model is also used to identify the multiclass intrusions by the network packets’features.In the experimental results,the proposed method shows an improvement in the identification accuracy,where it achieves up to 99.63%.In addition,the missed detection rate is reduced to be 0.1%.The results prove the high performance of the proposed method in enhancing the NIDS’s reliability.展开更多
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism...An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.展开更多
In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owin...In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owing to the lack of accurately labeled network traffic data,many unsupervised feature representation learning models have been proposed with state-of-theart performance.Yet,these models fail to consider the classification error while learning the feature representation.Intuitively,the learnt feature representation may degrade the performance of the classification task.For the first time in the field of intrusion detection,this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder(DAE)for learning the robust feature representation and one-class support vector machine(OCSVM)for finding the more compact decision hyperplane for intrusion detection.Specially,the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously.This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection.Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model.First,the ablation evaluation on benchmark dataset,NSL-KDD validates the design decision of the proposed model.Next,the performance evaluation on recent intrusion dataset,UNSW-NB15 signifies the stable performance of the proposed model.Finally,the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.展开更多
Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub ...Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.展开更多
Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attack...Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.展开更多
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune...This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.展开更多
The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model ...The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.展开更多
The Cloud system shows its growing functionalities in various industrial applications.The safety towards data transfer seems to be a threat where Network Intrusion Detection System(NIDS)is measured as an essential ele...The Cloud system shows its growing functionalities in various industrial applications.The safety towards data transfer seems to be a threat where Network Intrusion Detection System(NIDS)is measured as an essential element to fulfill security.Recently,Machine Learning(ML)approaches have been used for the construction of intellectual IDS.Most IDS are based on ML techniques either as unsupervised or supervised.In supervised learning,NIDS is based on labeled data where it reduces the efficiency of the reduced model to identify attack patterns.Similarly,the unsupervised model fails to provide a satisfactory outcome.Hence,to boost the functionality of unsupervised learning,an effectual auto-encoder is applied for feature selection to select good features.Finally,the Naïve Bayes classifier is used for classification purposes.This approach exposes the finest generalization ability to train the data.The unlabelled data is also used for adoption towards data analysis.Here,redundant and noisy samples over the dataset are eliminated.To validate the robustness and efficiency of NIDS,the anticipated model is tested over the NSL-KDD dataset.The experimental outcomes demonstrate that the anticipated approach attains superior accuracy with 93%,which is higher compared to J48,AB tree,Random Forest(RF),Regression Tree(RT),Multi-Layer Perceptrons(MLP),Support Vector Machine(SVM),and Fuzzy.Similarly,False Alarm Rate(FAR)and True Positive Rate(TPR)of Naive Bayes(NB)is 0.3 and 0.99,respectively.When compared to prevailing techniques,the anticipated approach also delivers promising outcomes.展开更多
基金This work was supported by the National Research Foundation of Korea(NRF)NRF-2022R1A2C1011774.
文摘The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.
文摘A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.
基金supported by Grant Nos.U22A2036,HIT.OCEF.2021007,2020YFB1406902,2020B0101360001.
文摘Intrusion detection systems are increasingly using machine learning.While machine learning has shown excellent performance in identifying malicious traffic,it may increase the risk of privacy leakage.This paper focuses on imple-menting a model stealing attack on intrusion detection systems.Existing model stealing attacks are hard to imple-ment in practical network environments,as they either need private data of the victim dataset or frequent access to the victim model.In this paper,we propose a novel solution called Fast Model Stealing Attack(FMSA)to address the problem in the field of model stealing attacks.We also highlight the risks of using ML-NIDS in network security.First,meta-learning frameworks are introduced into the model stealing algorithm to clone the victim model in a black-box state.Then,the number of accesses to the target model is used as an optimization term,resulting in minimal queries to achieve model stealing.Finally,adversarial training is used to simulate the data distribution of the target model and achieve the recovery of privacy data.Through experiments on multiple public datasets,compared to existing state-of-the-art algorithms,FMSA reduces the number of accesses to the target model and improves the accuracy of the clone model on the test dataset to 88.9%and the similarity with the target model to 90.1%.We can demonstrate the successful execution of model stealing attacks on the ML-NIDS system even with protective measures in place to limit the number of anomalous queries.
文摘A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
基金funded by the National Natural Science Foundation of China(grant number.62171228)National Key Research and Development Program of China(grant number.2021YFE0105500).
文摘The rapid development of the Internet of Things(IoT)and modern information technology has led to the emergence of new types of cyber-attacks.It poses a great potential danger to network security.Consequently,protecting against network attacks has become a pressing issue that requires urgent attention.It is crucial to find practical solutions to combat such malicious behavior.A network intrusion detection(NID)method,known as GMCE-GraphSAGE,was proposed to meet the detection demands of the current intricate network environment.Traffic data is mapped into gaussian distribution,which helps to ensure that subsequent models can effectively learn the features of traffic samples.The conditional generative adversarial network(CGAN)can generate attack samples based on specified labels to create balanced traffic datasets.In addition,we constructed a communication interaction graph based on the connection patterns of traffic nodes.The E-GraphSAGE is designed to capture both the topology and edge features of the traffic graph.From it,global behavioral information is combined with traffic features,providing a solid foundation for classifying and detecting.Experiments on the UNSW-NB15 dataset demonstrate the great detection advantage of the proposed method.Its binary and multi-classification F1-score can achieve 99.36%and 89.29%,respectively.The GMCE-GraphSAGE effectively improves the detection rate of minority class samples in the NID task.
基金the National Natural Science Foundation of China(69983005)and the Research Fund for the Doctoral Program of Higher Education(RFDP1999048602)
文摘Based on analyzing the techniques and architecture of existing network Intrusion Detection System (IDS), and probing into the fundament of Immune System (IS), a novel immune model is presented and applied to network IDS, which is helpful to design an effective IDS. Besides, this paper suggests a scheme to represent the self profile of network. And an automated self profile extraction algorithm is provided to extract self profile from packets. The experimental results prove validity of the scheme and algorithm, which is the foundation of the immune model.
基金supported in part by the Gansu Province Higher Education Institutions Industrial Support Program:Security Situational Awareness with Artificial Intelligence and Blockchain Technology.Project Number(2020C-29).
文摘In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.
基金Supported by the National Natural Science Foundation of China (No. 60671049, 61172168)and Graduate Innovation Project of Heilongjiang (No. YJSCX2011-034HLI)
文摘The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korean government(MSIT)(No.2021R1A2C2011391)was supported by the Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806Development of security by design and security management technology in smart factory).
文摘Contemporary attackers,mainly motivated by financial gain,consistently devise sophisticated penetration techniques to access important information or data.The growing use of Internet of Things(IoT)technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation,as it facilitates multiple new attack vectors to emerge effortlessly.As such,existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems.To address this problem,we designed a blended threat detection approach,considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence.We collectively refer to the convergence of different technology sectors as the internet of blended environment.The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder.An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02%detection accuracy.Furthermore,performance of the proposed approach was compared with various single model(autoencoder)-based network intrusion detection approaches:autoencoder,variational autoencoder,convolutional variational autoencoder,and long short-term memory variational autoencoder.The proposed model outperformed all compared models,demonstrating F1-score improvements of 4.99%,2.25%,1.92%,and 3.69%,respectively.
文摘Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approaches for data extraction and machine learning to find anomalies.In terms of feature selection,NIDS is far more effective.This is accurate since anomaly identification uses a number of time-consuming features.Because of this,the feature selec-tion method influences how long it takes to analyze movement patterns and how clear it is.The goal of the study is to provide NIDS with an attribute selection approach.PSO has been used for that purpose.The Network Intrusion Detection System that is being developed will be able to identify any malicious activity in the network or any unusual behavior in the network,allowing the identification of the illegal activities and safeguarding the enormous amounts of confidential data belonging to the customers from being compromised.In the research,datasets were produced utilising both a network infrastructure and a simulation network.Wireshark is used to gather data packets whereas Cisco Packet Tracer is used to build a network in a simulated environment.Additionally,a physical network consisting of six node MCUs connected to a laptop and a mobile hotspot,has been built and communication packets are being recorded using the Wireshark tool.To train several machine learning models,all the datasets that were gatheredcre-ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle-were employed.Additionally,PsO,which is an optimization method,has been used with these ML algorithms for feature selection.In the research,KNN,decision trees,and ANN have all been combined with PSO for a specific case study.And it was found demonstrated the classification methods PSO+ANN outperformed PSO+KNN and PSO+DT in this case study.
文摘Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification of anomalies in IoT infrastructure is a growing problem in the IoT domain.Machine Learning Based Ensemble Intrusion Detection(MLEID)method is applied in order to resolve the drawback by minimizing malicious actions in related botnet attacks on Message Queue Telemetry Transport(MQTT)and Hyper-Text Transfer Proto-col(HTTP)protocols.The proposed work has two significant contributions which are a selection of features and detection of attacks.New features are chosen from Improved Ant Colony Optimization(IACO)in the feature selection,and then the detection of attacks is carried out based on a combination of their possible proper-ties.The IACO approach is focused on defining the attacker’s important features against HTTP and MQTT.In the IACO algorithm,the constant factor is calculated against HTTP and MQTT based on the mean function for each element.Attack detection,the performance of several machine learning models are Distance Deci-sion Tree(DDT),Adaptive Neuro-Fuzzy Inference System(ANFIS)and Mahala-nobis Distance Support Vector Machine(MDSVM)were compared with predicting accurate attacks on the IoT network.The outcomes of these classifiers are combined into the ensemble model.The proposed MLEID strategy has effec-tively established malicious incidents.The UNSW-NB15 dataset is used to test the MLEID technique using data from simulated IoT sensors.Besides,the pro-posed MLEID technique has a greater detection rate and an inferior rate of false-positive compared to other conventional techniques.
基金This work was supported by the Education Department of Jilin Province(No.JJKH20180518KJ)Science and Technology Research Project of Jilin Business and Technology College(No.kz2018002).
文摘In the network security field,the network intrusion detection system(NIDS)is considered one of the critical issues in the detection accuracy andmissed detection rate.In this paper,amethod of two-step network intrusion detection on the basis of GoogLeNet Inception and deep convolutional neural networks(CNNs)models is proposed.The proposed method used the GoogLeNet Inception model to identify the network packets’binary problem.Subsequently,the characteristics of the packets’raw data and the traffic features are extracted.The CNNs model is also used to identify the multiclass intrusions by the network packets’features.In the experimental results,the proposed method shows an improvement in the identification accuracy,where it achieves up to 99.63%.In addition,the missed detection rate is reduced to be 0.1%.The results prove the high performance of the proposed method in enhancing the NIDS’s reliability.
基金Project(50275150) supported by the National Natural Science Foundation of ChinaProjects(20040533035, 20070533131) supported by the National Research Foundation for the Doctoral Program of Higher Education of China
文摘An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.
基金This work was supported by the Research Deanship of Prince Sattam Bin Abdulaziz University,Al-Kharj,Saudi Arabia(Grant No.2020/01/17215).Also,the author thanks Deanship of college of computer engineering and sciences for technical support provided to complete the project successfully。
文摘In the era of Big data,learning discriminant feature representation from network traffic is identified has as an invariably essential task for improving the detection ability of an intrusion detection system(IDS).Owing to the lack of accurately labeled network traffic data,many unsupervised feature representation learning models have been proposed with state-of-theart performance.Yet,these models fail to consider the classification error while learning the feature representation.Intuitively,the learnt feature representation may degrade the performance of the classification task.For the first time in the field of intrusion detection,this paper proposes an unsupervised IDS model leveraging the benefits of deep autoencoder(DAE)for learning the robust feature representation and one-class support vector machine(OCSVM)for finding the more compact decision hyperplane for intrusion detection.Specially,the proposed model defines a new unified objective function to minimize the reconstruction and classification error simultaneously.This unique contribution not only enables the model to support joint learning for feature representation and classifier training but also guides to learn the robust feature representation which can improve the discrimination ability of the classifier for intrusion detection.Three set of evaluation experiments are conducted to demonstrate the potential of the proposed model.First,the ablation evaluation on benchmark dataset,NSL-KDD validates the design decision of the proposed model.Next,the performance evaluation on recent intrusion dataset,UNSW-NB15 signifies the stable performance of the proposed model.Finally,the comparative evaluation verifies the efficacy of the proposed model against recently published state-of-the-art methods.
文摘Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.
基金This work was supported in part by the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2020-2016-0-00313),and in part by and the 2021 Yeungnam University Research Grant.
文摘Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.
基金Project (No. 60073034) supported by the National Natural Sci-ence Foundation of China
文摘This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.
文摘The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.
文摘The Cloud system shows its growing functionalities in various industrial applications.The safety towards data transfer seems to be a threat where Network Intrusion Detection System(NIDS)is measured as an essential element to fulfill security.Recently,Machine Learning(ML)approaches have been used for the construction of intellectual IDS.Most IDS are based on ML techniques either as unsupervised or supervised.In supervised learning,NIDS is based on labeled data where it reduces the efficiency of the reduced model to identify attack patterns.Similarly,the unsupervised model fails to provide a satisfactory outcome.Hence,to boost the functionality of unsupervised learning,an effectual auto-encoder is applied for feature selection to select good features.Finally,the Naïve Bayes classifier is used for classification purposes.This approach exposes the finest generalization ability to train the data.The unlabelled data is also used for adoption towards data analysis.Here,redundant and noisy samples over the dataset are eliminated.To validate the robustness and efficiency of NIDS,the anticipated model is tested over the NSL-KDD dataset.The experimental outcomes demonstrate that the anticipated approach attains superior accuracy with 93%,which is higher compared to J48,AB tree,Random Forest(RF),Regression Tree(RT),Multi-Layer Perceptrons(MLP),Support Vector Machine(SVM),and Fuzzy.Similarly,False Alarm Rate(FAR)and True Positive Rate(TPR)of Naive Bayes(NB)is 0.3 and 0.99,respectively.When compared to prevailing techniques,the anticipated approach also delivers promising outcomes.