MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

Download Full-text

Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽

10.3390/sym13081453 ◽

2021 ◽

Vol 13 (8) ◽

pp. 1453

Author(s):

Renjian Lyu ◽

Mingshu He ◽

Yu Zhang ◽

Lei Jin ◽

Xinlei Wang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Traffic Monitoring ◽

Classification Model ◽

Network Intrusion Detection ◽

Traffic Classification ◽

Neural Architecture ◽

Network Intrusion ◽

Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

Download Full-text

Comparative Study of Datasets used in Cyber Security Intrusion Detection

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit2063103 ◽

2020 ◽

pp. 302-312

Author(s):

Rahul Yadav ◽

Phalguni Pathak ◽

Saumya Saraswat

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Cyber Security ◽

Malware Detection ◽

Data Sets ◽

Security Threat ◽

Data Set ◽

Android Malware ◽

Network Intrusion

In recent years, deep learning frameworks are applied in various domains and achieved shows potential performance that includes malware detection software, self-driving cars, identity recognition cameras, adversarial attacks became one crucial security threat to several deep learning applications in today’s world Deep learning techniques became the core part for several cyber security applications like intrusion detection, android malware detection, spam, malware classification, binary analysis and phishing detection. . One of the major research challenges in this field is the insufficiency of a comprehensive data set which reflects contemporary network traffic scenarios, broad range of low footprint intrusions and in depth structured information about the network traffic. For Evaluation of network intrusion detection systems, many benchmark data sets were developed a decade ago. In this paper, we provides a focused literature survey of data sets used for network based intrusion detection and characterize the underlying packet and flow-based network data in detail used for intrusion detection in cyber security. The datasets plays incredibly vital role in intrusion detection; as a result we illustrate cyber datasets and provide a categorization of those datasets.

Download Full-text

A Deep Learning Approach to Network Intrusion Detection Using Deep Autoencoder

Revue d intelligence artificielle ◽

10.18280/ria.340410 ◽

2020 ◽

Vol 34 (4) ◽

pp. 457-463

Author(s):

Srikanthyadav Moraboena ◽

Gayatri Ketepalli ◽

Padmaja Ragam

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Detection System ◽

Human Interaction ◽

Classification Model ◽

Knowledge Discovery In Databases ◽

Network Intrusion Detection ◽

Detection Accuracy ◽

Intrusion Prevention ◽

Network Intrusion

The security of computer networks is critical for network intrusion detection systems (NIDS). However, concerns exist about the suitability and sustainable development of current approaches in light of modern networks. Such concerns are particularly related to increasing levels of human interaction required and decreased detection accuracy. These concerns are also highlighted. This post presents a modern intrusion prevention deep learning methodology. For unattended function instruction, we clarify our proposed Symmetric Deep Autoencoder (SDAE). Also, we are proposing our latest deep research classification model developed with stacked SDAEs. The classification proposed by the Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Canadian Institute for Cybersecurity -Intrusion Detection System (CICIDS 2017) data sets was implemented in Tensor Flow, a Graphics Procedure Unit (GPU) enabled and evaluated. We implemented and tested our experiment with different batch sizes using Adam optimizer. Promising findings from our model have been achieved so far, which demonstrates improvements over current solutions and the subsequent improvement for use in advanced NIDS.

Download Full-text

Network intrusion detection method based on deep learning

Journal of Physics Conference Series ◽

10.1088/1742-6596/1966/1/012051 ◽

2021 ◽

Vol 1966 (1) ◽

pp. 012051

Author(s):

Shuai Zou ◽

Fangwei Zhong ◽

Bing Han ◽

Hao Sun ◽

Tao Qian ◽

...

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Detection Method ◽

Network Intrusion Detection ◽

Network Intrusion

Download Full-text

Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks

Sensors ◽

10.3390/s21144736 ◽

2021 ◽

Vol 21 (14) ◽

pp. 4736

Author(s):

Sk. Tanzir Mehedi ◽

Adnan Anwar ◽

Ziaur Rahman ◽

Kawsar Ahmed

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Intrusion Detection ◽

Real Time ◽

Transfer Learning ◽

Security Requirements ◽

Detection Accuracy ◽

Area Network ◽

Complex Data ◽

Network Intrusion

The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

Download Full-text

Power information network intrusion detection based on deep learning and cloud computing

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-219104 ◽

2021 ◽

pp. 1-9

Author(s):

Xiangbing Zhao ◽

Jianhui Zhou

Keyword(s):

Cloud Computing ◽

Deep Learning ◽

Intrusion Detection ◽

High Speed ◽

Information Networks ◽

Network Intrusion Detection ◽

Information Network ◽

Advantages And Disadvantages ◽

Network Intrusion ◽

Capture Mechanism

With the advent of the computer network era, people like to think in deeper ways and methods. In addition, the power information network is facing the problem of information leakage. The research of power information network intrusion detection is helpful to prevent the intrusion and attack of bad factors, ensure the safety of information, and protect state secrets and personal privacy. In this paper, through the NRIDS model and network data analysis method, based on deep learning and cloud computing, the demand analysis of the real-time intrusion detection system for the power information network is carried out. The advantages and disadvantages of this kind of message capture mechanism are compared, and then a high-speed article capture mechanism is designed based on the DPDK research. Since cloud computing and power information networks are the most commonly used tools and ways for us to obtain information in our daily lives, our lives will be difficult to carry out without cloud computing and power information networks, so we must do a good job to ensure the security of network information network intrusion detection and defense measures.

Download Full-text