Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

A Hybrid Feature Fusion Traffic Sign Detection Algorithm Based on YOLOv7

Autonomous driving technology has entered a period of rapid development,and traffic sign detection is one of the important tasks.Existing target detection networks are difficult to adapt to scenarios where target sizes are seriously imbalanced,and traffic sign targets are small and have unclear features,which makes detection more difficult.Therefore,we propose aHybrid Feature Fusion Traffic Sign detection algorithmbased onYOLOv7(HFFTYOLO).First,a self-attention mechanism is incorporated at the end of the backbone network to calculate feature interactions within scales;Secondly,the cross-scale fusion part of the neck introduces a bottom-up multi-path fusion method.Design reuse paths at the end of the neck,paying particular attention to cross-scale fusion of highlevel features.In addition,we found the appropriate channel width through a lot of experiments and reduced the superfluous parameters.In terms of training,a newregression lossCMPDIoUis proposed,which not only considers the problem of loss degradation when the aspect ratio is the same but the width and height are different,but also enables the penalty term to dynamically change at different scales.Finally,our proposed improved method shows excellent results on the TT100K dataset.Compared with the baseline model,without increasing the number of parameters and computational complexity,AP0.5 and AP increased by 2.2%and 2.7%,respectively,reaching 92.9%and 58.1%.

Anomaly Detection in Imbalanced Encrypted Traffic with Few Packet Metadata-Based Feature Extraction

In the IoT(Internet of Things)domain,the increased use of encryption protocols such as SSL/TLS,VPN(Virtual Private Network),and Tor has led to a rise in attacks leveraging encrypted traffic.While research on anomaly detection using AI(Artificial Intelligence)is actively progressing,the encrypted nature of the data poses challenges for labeling,resulting in data imbalance and biased feature extraction toward specific nodes.This study proposes a reconstruction error-based anomaly detection method using an autoencoder(AE)that utilizes packet metadata excluding specific node information.The proposed method omits biased packet metadata such as IP and Port and trains the detection model using only normal data,leveraging a small amount of packet metadata.This makes it well-suited for direct application in IoT environments due to its low resource consumption.In experiments comparing feature extraction methods for AE-based anomaly detection,we found that using flowbased features significantly improves accuracy,precision,F1 score,and AUC(Area Under the Receiver Operating Characteristic Curve)score compared to packet-based features.Additionally,for flow-based features,the proposed method showed a 30.17%increase in F1 score and improved false positive rates compared to Isolation Forest and OneClassSVM.Furthermore,the proposedmethod demonstrated a 32.43%higherAUCwhen using packet features and a 111.39%higher AUC when using flow features,compared to previously proposed oversampling methods.This study highlights the impact of feature extraction methods on attack detection in imbalanced,encrypted traffic environments and emphasizes that the one-class method using AE is more effective for attack detection and reducing false positives compared to traditional oversampling methods.

AI-Based Helmet Violation Detection for Traffic Management System

Enhancing road safety globally is imperative,especially given the significant portion of traffic-related fatalities attributed to motorcycle accidents resulting from non-compliance with helmet regulations.Acknowledging the critical role of helmets in rider protection,this paper presents an innovative approach to helmet violation detection using deep learning methodologies.The primary innovation involves the adaptation of the PerspectiveNet architecture,transitioning from the original Res2Net to the more efficient EfficientNet v2 backbone,aimed at bolstering detection capabilities.Through rigorous optimization techniques and extensive experimentation utilizing the India driving dataset(IDD)for training and validation,the system demonstrates exceptional performance,achieving an impressive detection accuracy of 95.2%,surpassing existing benchmarks.Furthermore,the optimized PerspectiveNet model showcases reduced computational complexity,marking a significant stride in real-time helmet violation detection for enhanced traffic management and road safety measures.

Traffic Sign Detection Model Based on Improved RT-DETR

The correct identification of traffic signs plays an important role in automatic driving technology and road safety driving.Therefore,to address the problems of misdetection and omission in traffic sign detection due to the variety of sign types,significant size differences and complex background information,an improved traffic sign detection model for RT-DETR was proposed in this study.Firstly,the HiLo attention mechanism was added to the Attention-based Intra-scale Feature Interaction,which further enhanced the feature extraction capability of the network and improved the detection efficiency on high-resolution images.Secondly,the CAFMFusion feature fusion mechanism was designed,which enabled the network to pay attention to the features in different regions in each channel.Based on this,the model could better capture the remote dependencies and neighborhood feature correlation,improving the feature fusion capability of the model.Finally,the MPDIoU was used as the loss function of the improved model to achieve faster convergence and more accurate regression results.The experimental results on the TT100k-2021 traffic sign dataset showed that the improved model achieves the performance with a precision value of 90.2%,recall value of 88.1%and mAP@0.5 value of 91.6%,which are 4.6%,5.8%,and 4.4%better than the original RT-DETR model respectively.The model effectively improves the problem of poor traffic sign detection and has greater practical value.

Cluster DetectionMethod of Endogenous Security Abnormal Attack Behavior in Air Traffic Control Network

In order to enhance the accuracy of Air Traffic Control(ATC)cybersecurity attack detection,in this paper,a new clustering detection method is designed for air traffic control network security attacks.The feature set for ATC cybersecurity attacks is constructed by setting the feature states,adding recursive features,and determining the feature criticality.The expected information gain and entropy of the feature data are computed to determine the information gain of the feature data and reduce the interference of similar feature data.An autoencoder is introduced into the AI(artificial intelligence)algorithm to encode and decode the characteristics of ATC network security attack behavior to reduce the dimensionality of the ATC network security attack behavior data.Based on the above processing,an unsupervised learning algorithm for clustering detection of ATC network security attacks is designed.First,determine the distance between the clustering clusters of ATC network security attack behavior characteristics,calculate the clustering threshold,and construct the initial clustering center.Then,the new average value of all feature objects in each cluster is recalculated as the new cluster center.Second,it traverses all objects in a cluster of ATC network security attack behavior feature data.Finally,the cluster detection of ATC network security attack behavior is completed by the computation of objective functions.The experiment took three groups of experimental attack behavior data sets as the test object,and took the detection rate,false detection rate and recall rate as the test indicators,and selected three similar methods for comparative test.The experimental results show that the detection rate of this method is about 98%,the false positive rate is below 1%,and the recall rate is above 97%.Research shows that this method can improve the detection performance of security attacks in air traffic control network.

C2Net-YOLOv5: A Bidirectional Res2Net-Based Traffic Sign Detection Algorithm

Rapid advancement of intelligent transportation systems(ITS)and autonomous driving(AD)have shown the importance of accurate and efficient detection of traffic signs.However,certain drawbacks,such as balancing accuracy and real-time performance,hinder the deployment of traffic sign detection algorithms in ITS and AD domains.In this study,a novel traffic sign detection algorithm was proposed based on the bidirectional Res2Net architecture to achieve an improved balance between accuracy and speed.An enhanced backbone network module,called C2Net,which uses an upgraded bidirectional Res2Net,was introduced to mitigate information loss in the feature extraction process and to achieve information complementarity.Furthermore,a squeeze-and-excitation attention mechanism was incorporated within the channel attention of the architecture to perform channel-level feature correction on the input feature map,which effectively retains valuable features while removing non-essential features.A series of ablation experiments were conducted to validate the efficacy of the proposed methodology.The performance was evaluated using two distinct datasets:the Tsinghua-Tencent 100K and the CSUST Chinese traffic sign detection benchmark 2021.On the TT100K dataset,the method achieves precision,recall,and Map0.5 scores of 83.3%,79.3%,and 84.2%,respectively.Similarly,on the CCTSDB 2021 dataset,the method achieves precision,recall,and Map0.5 scores of 91.49%,73.79%,and 81.03%,respectively.Experimental results revealed that the proposed method had superior performance compared to conventional models,which includes the faster region-based convolutional neural network,single shot multibox detector,and you only look once version 5.

Research on Traffic Sign Detection Based on Improved YOLOv8

Aiming at solving the problem of missed detection and low accuracy in detecting traffic signs in the wild, an improved method of YOLOv8 is proposed. Firstly, combined with the characteristics of small target objects in the actual scene, this paper further adds blur and noise operation. Then, the asymptotic feature pyramid network (AFPN) is introduced to highlight the influence of key layer features after feature fusion, and simultaneously solve the direct interaction of non-adjacent layers. Experimental results on the TT100K dataset show that compared with the YOLOv8, the detection accuracy and recall are higher. .

Detecting While Accessing:A Semi-Supervised Learning-Based Approach for Malicious Traffic Detection in Internet of Things

In the upcoming large-scale Internet of Things(Io T),it is increasingly challenging to defend against malicious traffic,due to the heterogeneity of Io T devices and the diversity of Io T communication protocols.In this paper,we propose a semi-supervised learning-based approach to detect malicious traffic at the access side.It overcomes the resource-bottleneck problem of traditional malicious traffic defenders which are deployed at the victim side,and also is free of labeled traffic data in model training.Specifically,we design a coarse-grained behavior model of Io T devices by self-supervised learning with unlabeled traffic data.Then,we fine-tune this model to improve its accuracy in malicious traffic detection by adopting a transfer learning method using a small amount of labeled data.Experimental results show that our method can achieve the accuracy of 99.52%and the F1-score of 99.52%with only 1%of the labeled training data based on the CICDDoS2019 dataset.Moreover,our method outperforms the stateof-the-art supervised learning-based methods in terms of accuracy,precision,recall and F1-score with 1%of the training data.

Traffic Sign Detection with Low Complexity for Intelligent Vehicles Based on Hybrid Features

Globally traffic signs are used by all countries for healthier traffic flow and to protect drivers and pedestrians.Consequently,traffic signs have been of great importance for every civilized country,which makes researchers give more focus on the automatic detection of traffic signs.Detecting these traffic signs is challenging due to being in the dark,far away,partially occluded,and affected by the lighting or the presence of similar objects.An innovative traffic sign detection method for red and blue signs in color images is proposed to resolve these issues.This technique aimed to devise an efficient,robust and accurate approach.To attain this,initially,the approach presented a new formula,inspired by existing work,to enhance the image using red and green channels instead of blue,which segmented using a threshold calculated from the correlational property of the image.Next,a new set of features is proposed,motivated by existing features.Texture and color features are fused after getting extracted on the channel of Red,Green,and Blue(RGB),Hue,Saturation,and Value(HSV),and YCbCr color models of images.Later,the set of features is employed on different classification frameworks,from which quadratic support vector machine(SVM)outnumbered the others with an accuracy of 98.5%.The proposed method is tested on German Traffic Sign Detection Benchmark(GTSDB)images.The results are satisfactory when compared to the preceding work.

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.

Mirai Botnet Attack Detection in Low-Scale Network Traffic

The Internet of Things(IoT)has aided in the development of new products and services.Due to the heterogeneity of IoT items and networks,traditional techniques cannot identify network risks.Rule-based solutions make it challenging to secure and manage IoT devices and services due to their diversity.While the use of artificial intelligence eliminates the need to define rules,the training and retraining processes require additional processing power.This study proposes a methodology for analyzing constrained devices in IoT environments.We examined the relationship between different sized samples from the Kitsune dataset to simulate the Mirai attack on IoT devices.The training and retraining stages for the Mirai attack were also evaluated for accuracy.Various approaches are evaluated in smaller sample sizes to minimize training time on low-resource devices.Cross-validation was used to avoid overfitting classification methods during the learning process.We used the Bootstrapping technique to generate 1000,10000,and 100000 samples to examine the performance metrics of different-sized variations of the dataset.In this study,we demonstrated that a sample size of 10000 is sufficient for 99,56%accuracy and learning in the detection of Mirai attacks in IoT devices.

A Deep Learning Model of Traffic Signs in Panoramic Images Detection

To pursue the ideal of a safe high-tech society in a time when traffic accidents are frequent,the traffic signs detection system has become one of the necessary topics in recent years and in the future.The ultimate goal of this research is to identify and classify the types of traffic signs in a panoramic image.To accomplish this goal,the paper proposes a new model for traffic sign detection based on the Convolutional Neural Network for com-prehensive traffic sign classification and Mask Region-based Convolutional Neural Networks(R-CNN)implementation for identifying and extracting signs in panoramic images.Data augmentation and normalization of the images are also applied to assist in classifying better even if old traffic signs are degraded,and considerably minimize the rates of discovering the extra boxes.The proposed model is tested on both the testing dataset and the actual images and gets 94.5%of the correct signs recognition rate,the classification rate of those signs discovered was 99.41%and the rate of false signs was only around 0.11.

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.

A Model Training Method for DDoS Detection Using CTGAN under 5GC Traffic

With the commercialization of 5th-generation mobile communications(5G)networks,a large-scale internet of things(IoT)environment is being built.Security is becoming increasingly crucial in 5G network environments due to the growing risk of various distributed denial of service(DDoS)attacks across vast IoT devices.Recently,research on automated intrusion detection using machine learning(ML)for 5G environments has been actively conducted.However,5G traffic has insufficient data due to privacy protection problems and imbalance problems with significantly fewer attack data.If this data is used to train an ML model,it will likely suffer from generalization errors due to not training enough different features on the attack data.Therefore,this paper aims to study a training method to mitigate the generalization error problem of the ML model that classifies IoT DDoS attacks even under conditions of insufficient and imbalanced 5G traffic.We built a 5G testbed to construct a 5G dataset for training to solve the problem of insufficient data.To solve the imbalance problem,synthetic minority oversampling technique(SMOTE)and generative adversarial network(GAN)-based conditional tabular GAN(CTGAN)of data augmentation were used.The performance of the trained ML models was compared and meaningfully analyzed regarding the generalization error problem.The experimental results showed that CTGAN decreased the accuracy and f1-score compared to the Baseline.Still,regarding the generalization error,the difference between the validation and test results was reduced by at least 1.7 and up to 22.88 times,indicating an improvement in the problem.This result suggests that the ML model training method that utilizes CTGANs to augment attack data for training data in the 5G environment mitigates the generalization error problem.

Classified VPN Network Traffic Flow Using Time Related to Artificial Neural Network

VPNs are vital for safeguarding communication routes in the continually changing cybersecurity world.However,increasing network attack complexity and variety require increasingly advanced algorithms to recognize and categorizeVPNnetwork data.We present a novelVPNnetwork traffic flowclassificationmethod utilizing Artificial Neural Networks(ANN).This paper aims to provide a reliable system that can identify a virtual private network(VPN)traffic fromintrusion attempts,data exfiltration,and denial-of-service assaults.We compile a broad dataset of labeled VPN traffic flows from various apps and usage patterns.Next,we create an ANN architecture that can handle encrypted communication and distinguish benign from dangerous actions.To effectively process and categorize encrypted packets,the neural network model has input,hidden,and output layers.We use advanced feature extraction approaches to improve the ANN’s classification accuracy by leveraging network traffic’s statistical and behavioral properties.We also use cutting-edge optimizationmethods to optimize network characteristics and performance.The suggested ANN-based categorization method is extensively tested and analyzed.Results show the model effectively classifies VPN traffic types.We also show that our ANN-based technique outperforms other approaches in precision,recall,and F1-score with 98.79%accuracy.This study improves VPN security and protects against new cyberthreats.Classifying VPNtraffic flows effectively helps enterprises protect sensitive data,maintain network integrity,and respond quickly to security problems.This study advances network security and lays the groundwork for ANN-based cybersecurity solutions.

Design and analysis of traffic incident detection based on random forest

In order to avoid the noise and over fitting and further improve the limited classification performance of the real decision tree, a traffic incident detection method based on the random forest algorithm is presented. From the perspective of classification strength and correlation, three experiments are performed to investigate the potential application of random forest to traffic incident detection： comparison with a different number of decision trees; comparison with different decision trees; comparison with the neural network. The real traffic data of the 1-880 database is used in the experiments. The detection performance is evaluated by the common criteria including the detection rate, the false alarm rate, the mean time to detection, the classification rate and the area under the curve of the receiver operating characteristic （ROC）. The experimental results indicate that the model based on random forest can improve the decision rate, reduce the testing time, and obtain a higher classification rate. Meanwhile, it is competitive compared with multi-layer feed forward neural networks （MLF）.

Traffic light detection and recognition in intersections based on intelligent vehicle

To ensure revulsive driving of intelligent vehicles at intersections, a method is presented to detect and recognize the traffic lights. First, the stabling siding at intersections is detected by applying Hough transformation. Then, the colors of traffic lights are detected with color space transformation. Finally, self-associative memory is used to recognize the countdown characters of the traffic lights. Test results at 20 real intersections show that the ratio of correct stabling siding recognition reaches up to 90%;and the ratios of recognition of traffic lights and divided characters are 85% and 97%, respectively. The research proves that the method is efficient for the detection of stabling siding and is robust enough to recognize the characters from images with noise and broken edges.

Moving Shadow Detection and Removal for Traffic Sequences

Segmentation of moving objects in a video sequence is a basic task for application of computer vision. However, shadows extracted along with the objects can result in large errors in object localization and recognition. In this paper, we propose a method of moving shadow detection based on edge information, which can effectively detect the cast shadow of a moving vehicle in a traffic scene. Having confirmed shadows existing in a figure, we execute the shadow removal algorithm proposed in this paper to segment the shadow from the foreground. The shadow eliminating algorithm removes the boundary of the cast shadow and preserves object edges firstly; secondly, it reconstructs coarse object shapes based on the edge information of objects; and finally, it extracts the cast shadow by subtracting the moving object from the change detection mask and performs further processing. The proposed method has been further tested on images taken under different shadow orientations, vehicle colors and vehicle sizes, and the results have revealed that shadows can be successfully eliminated and thus good video segmentation can be obtained.

Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances,Challenges and Future Directions

Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.