scholarly journals LCHI: Low-Order Correlation and High-Order Interaction Integrated Model Oriented to Network Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Shengwei Lei ◽  
Chunhe Xia ◽  
Tianbo Wang
Keyword(s):  
Intrusion Detection ◽  
High Order ◽  
Network Intrusion Detection ◽  
Feature Interaction ◽  
Detection Accuracy ◽  
High Order Interaction ◽  
Order Interaction ◽  
Feature Interactions ◽  
Network Intrusion ◽  
Low Order

Network intrusion poses a severe threat to the Internet of Things (IoT). Thus, it is essential to study information security protection technology in IoT. Learning sophisticated feature interactions is critical in improving detection accuracy for network intrusion. Despite significant progress, existing methods seem to have a strong bias towards single low- or high-order feature interaction. Moreover, they always extract all possible low-order interactions indiscriminately, introducing too much noise. To address the above problems, we propose a low-order correlation and high-order interaction (LCHI) integrated feature extraction model. First, we selectively extract the beneficial low-order correlation between the same-type features by the multivariate correlation analysis (MCA) model and attention mechanism. Second, we extract the complicated high-order feature interaction by the deep neural network (DNN) model. Finally, we emphasize both the low- and high-order feature interactions and incorporate them. Our LCHI model seamlessly combines the linearity of MCA in modeling lower-order feature correlation and the nonlinearity of DNN in modeling higher-order feature interaction. Conceptually, our LCHI is more expressive than the previous models. We carry on a series of experiments on the public wireless and wired network intrusion detection datasets. The experimental results show that LCHI improves 1.06%, 2.46%, 3.74%, 0.25%, 1.17%, and 0.64% on the AWID, NSL-KDD, UNSW-NB15, CICIDS 2017, CICIDS 2018, and DAPT 2020 datasets, respectively.

scholarly journals MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

2021 ◽  
Author(s):  
Ming Li ◽  
Dezhi Han ◽  
Dun Li ◽  
Han Liu ◽  
Chin- Chen Chang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Feature Fusion ◽  
Imbalanced Data ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Data Sets ◽  
Imbalanced Data Sets ◽  
Network Intrusion

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

scholarly journals Identifying Intrusion Behaviour using Enhanced Hidden Markov Model

2020 ◽  
Vol 9 (4) ◽  
pp. 1618-1623
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Markov Model ◽  
Hidden Markov Model ◽  
Credit Card ◽  
Hidden Markov ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Constant Attention ◽  
Network Intrusion

Data Mining is a method for detecting network intrusion detection in networks. It brings ideas from variety of areas including statistics, machine learning and database processes. Decreasing price of digital networking is now economically viable for network intrusion detection. This analysis chiefly examines the system intrusion detection with machine learning and DM methods. To improve the accuracy and efficiency of SHMM, we are collecting multiple observation in SHMM that will be called as Multiple Hidden Markov Model (MHMM). It is used to improve better Detection accuracy compare with SHMM. In the standard Hidden Markov Model, we have observed three fundamental problems are Evaluation and decoding another one is learning problem. The Evaluation problem can be used for word recognition. And the Decoding problem is related to constant attention and also the segmentation. In this Proposed Research, the primary purpose is to model the sequence of observation in Network log and credit card log transactions process using Enhanced Hidden Markov Model (EHMM). And show how it can be used for intrusion detection in Network. In this procedure, an EHMM is primarily trained with the conventional manners of a intruders. If the trained EHMM does not recognize an incoming Intruder transaction with adequately high probability, it is thought to be fraudulent.

scholarly journals A Residual Learning-Based Network Intrusion Detection System

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Jiarui Man ◽  
Guozi Sun
Keyword(s):  
Neural Networks ◽  
Intrusion Detection ◽  
Detection System ◽  
Attack Detection ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Class Imbalance Problem ◽  
Data Set ◽  
Residual Learning ◽  
Network Intrusion

Neural networks have been proved to perform well in network intrusion detection. In order to acquire better features of network traffic, more learning layers are necessarily required. However, according to the results of the previous research, adding layers to the neural networks might fail to improve the classification results. In fact, after the number of layers has reached a certain threshold, performance of the model tends to degrade. In this paper, we propose a network intrusion detection model based on residual learning. After transforming the UNSW-NB15 data set into images, deeper convolutional neural networks with residual blocks are built to learn more critical features. Instead of the cross-entropy loss function, the modified focal loss is calculated to address the class imbalance problem in the training set and identify minor attacks in the testing set. Batch normalization and global average pooling are used to avoid overfitting and enhance the model. Experimental results show that the proposed model can improve attack detection accuracy compared with existing models.

scholarly journals Network Intrusion Detection with Nonsymmetric Deep Autoencoding Feature Extraction

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Zhaojun Gu ◽  
Liyin Wang ◽  
Chunbo Liu ◽  
Zhi Wang
Keyword(s):  
Feature Extraction ◽  
Intrusion Detection ◽  
Reconstruction Error ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Extraction Technology ◽  
Training Time ◽  
Detection Model ◽  
Network Intrusion ◽  
Low Dimensional

To address the problems of high reconstruction error and long training time when using Stack Nonsymmetric Deep Autoencoder (SNDAE) feature extraction technology for intrusion detection, Adam Nonsymmetric Deep Autoencoder (ANDAE) is proposed based on SNDAE. The Adam optimization algorithm is used to update network parameters during training so that the loss function can quickly converge to the ideal value. Under the premise of not affecting the effect of feature extraction, the network structure is simplified, and the training time of the network is reduced to realize the efficient extraction of the rapid growth of high-dimension and nonlinear network traffic features. For the low-dimensional prominent features extracted by ANDAE, Random Forest is used for classification to detect intrusion action, and a network intrusion detection model based on ANDAE feature extraction is implemented. The experimental results on the NSL-KDD and the CIC-IDS2017 datasets show that, compared to the SNDAE-based intrusion detection model, the ANDAE model has an average increase of 6.78% in accuracy, an average of 13.06% in recall, and an average of 14.9% in F1 scores. Feature extraction time is reduced by 23.1% on average. Thus, the ANDAE model is an intrusion detection solution, which can simultaneously improve detection accuracy and time efficiency.

Hybrid Network Intrusion Detection System for Smart Environments Based on Internet of Things

2019 ◽  
Author(s):  
Venkatraman Subbarayalu ◽  
B Surendiran ◽  
P Arun Raj Kumar
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Hybrid Network ◽  
Network Intrusion Detection ◽  
Smart Device ◽  
Smart Environments ◽  
Detection Accuracy ◽  
Network Intrusion ◽  
Iot Devices

Abstract The proliferation of Internet of Things (IoT) devices has led to many applications, including smart homes, smart cities and smart industrial control systems. Attacks like Distributed Denial of Service, event control hijacking, spoofing, event replay and zero day attacks are prevalent in smart environments. Conventional Network Intrusion Detection Systems (NIDSs) are tedious to deploy in the smart environment because of numerous communication architectures, manufacturer policies, technologies, standards and application-specific services. To overcome these challenges, we modeled the operational behavior of IoT network events using timed ACs and proposed a novel hybrid NIDS in this paper. A web server is integrated with IoT devices for remote access, and Constrained Application Protocol is employed in inter- and intra-smart device communication. Experiments are conducted in real time to validate our proposal and achieve 99.17% detection accuracy and 0.01% false positives.

The Research of Network Intrusion Detection Technology Based on Genetic Algorithm and BP Neural Network

2014 ◽  
Vol 599-601 ◽  
pp. 726-730 ◽  
Author(s):  
Gang Ke ◽  
Ying Han Hong
Keyword(s):  
Neural Network ◽  
Genetic Algorithm ◽  
Intrusion Detection ◽  
Bp Neural Network ◽  
Detection System ◽  
Training Sample ◽  
Detection Algorithm ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Network Intrusion

The traditional BP neural network algorithm is applied to intrusion detection system, detection speed slow and low detection accuracy. In order to solve the above problems, this paper proposes a network intrusion detection algorithm using genetic algorithms to optimize neural network weights. which find the most suitable weights of BP neural network by the genetic algorithm, and uses the optimized BP neural network to learn and detect the network intrusion detection data. Matlab simulation results show that the training sample time of the algorithm is shorter, has good intrusion recognition and detection effect, compared with the traditional network intrusion detection algorithm.

A Wavelet Kernel-Based Support Vector Machine for Communication Network Intrusion Detection

2014 ◽  
Vol 989-994 ◽  
pp. 4474-4477
Author(s):  
Ying Zhan
Keyword(s):  
Neural Network ◽  
Communication Network ◽  
Support Vector Machine ◽  
Intrusion Detection ◽  
Bp Neural Network ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
Detection Accuracy ◽  
Network Intrusion ◽  
Better Than

This study is to propose a wavelet kernel-based support vector machine (SVM) for communication network intrusion detection. The common intrusion types of communication network mainly include DOS, R2L, U2R and Probing. SVM, BP neural network are used to compare with the proposed wavelet kernel-based SVM method to show the superiority of wavelet kernel-based SVM. The detection accuracy for communication network intrusion of wavelet kernel-based SVM is 96.67 %, the detection accuracy for communication network intrusion of SVM is 90.83%, and the detection accuracy for communication network intrusion of BP neural network is 86.67%.It can be seen that the detection accuracy for communication network intrusion of wavelet kernel-based SVM is better than that of SVM or BP neural network.

scholarly journals Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-18
Author(s):  
Zengri Zeng ◽  
Wei Peng ◽  
Baokang Zhao
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Algorithm ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Network Intrusion ◽  
Causal Intervention ◽  
Preliminary Classification

In recent years, machine learning (ML) algorithms have been approved effective in the intrusion detection. However, as the ML algorithms are mainly applied to evaluate the anomaly of the network, the detection accuracy for cyberattacks with multiple types cannot be fully guaranteed. The existing algorithms for network intrusion detection based on ML or feature selection are on the basis of spurious correlation between features and cyberattacks, causing several wrong classifications. In order to tackle the abovementioned problems, this research aimed to establish a novel network intrusion detection system (NIDS) based on causal ML. The proposed system started with the identification of noisy features by causal intervention, while only the features that had a causality with cyberattacks were preserved. Then, the ML algorithm was used to make a preliminary classification to select the most relevant types of cyberattacks. As a result, the unique labeled cyberattack could be detected by the counterfactual detection algorithm. In addition to a relatively stable accuracy, the complexity of cyberattack detection could also be effectively reduced, with a maximum reduction to 94% on the size of training features. Moreover, in case of the availability of several types of cyberattacks, the detection accuracy was significantly improved compared with the previous ML algorithms.

Sign in / Sign up

Export Citation Format

Share Document