More Web Proxy on the site http://driver.im/

research-article

Dynamic multi-scale topological representation for enhancing network intrusion detection

Authors:

Zhu HeAuthors Info & Claims

Volume 135, Issue C

https://doi.org/10.1016/j.cose.2023.103516

Published: 10 January 2024 Publication History

Abstract

Network intrusion detection systems (NIDS) play a crucial role in maintaining network security. However, current NIDS techniques tend to neglect the topological structures of network traffic to varying degrees. This fundamental oversight leads to challenges in handling class-imbalanced and highly dynamic network traffic. In this paper, we propose a novel dynamic multi-scale topological representation (DMTR) method for improving network intrusion detection performance. Our DMTR method achieves the perception of multi-scale topology and exhibits strong robustness. It provides accurate and stable representations even in the presence of data distribution shifts and class imbalance problems. The multi-scale topology is obtained through multiple topology lenses, which reveal topological structures from different dimensional aspects. Furthermore, to address the limitations of existing detection models based on static network traffic, the DMTR method also achieves dynamic topological representation through our proposed group shuffle operation (GSO) strategy. When new traffic data arrives, the topological representation is updated by preserving a portion of the original information without reprocessing all data. Experiments on four publicly available network traffic datasets demonstrate the feasibility and effectiveness of the proposed DMTR method in handling class imbalanced and highly dynamic network traffic.

References

[1]

G. Abdelmoumin, D.B. Rawat, A. Rahman, On the performance of machine learning models for anomaly-based intelligent intrusion detection systems for the internet of things, IEEE Int. Things J. 9 (2022) 4280–4290,.

[2]

S. Aktar, A. Yasin Nur, Towards DDoS attack detection using deep learning approach, Comput. Secur. 129 (2023),.

Digital Library

[3]

A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, M. Ayyash, Internet of things: a survey on enabling technologies, protocols, and applications, IEEE Commun. Surv. Tutor. 17 (2015) 2347–2376,.

Digital Library

[4]

S. Barannikov, I. Trofimov, N. Balabin, E. Burnaev, Representation topology divergence: a method for comparing neural network representations, in: Proceedings of the 39th International Conference on Machine Learning, PMLR, 2022, pp. 1607–1626. https://proceedings.mlr.press/v162/barannikov22a.html.

[5]

P.H. Barros, E.T. Chagas, L.B. Oliveira, F. Queiroz, H.S. Ramos, Malware-smell: a zero-shot learning strategy for detecting zero-day vulnerabilities, Comput. Secur. 120 (2022),.

Digital Library

[6]

O. Belarbi, A. Khan, P. Carnelli, T. Spyridopoulos, An intrusion detection system based on deep belief networks, in: Science of Cyber Security, Springer International Publishing, Cham, 2022, pp. 377–392,.

Digital Library

[7]

Y. Bengio, A. Courville, P. Vincent, Representation learning: a review and new perspectives, IEEE Trans. Pattern Anal. Mach. Intell. 35 (2013) 1798–1828,.

Digital Library

[8]

S. Bhatia, A. Jain, P. Li, R. Kumar, B. Hooi, MSTREAM: fast anomaly detection in multi-aspect streams, in: Proceedings of the Web Conference 2021, Association for Computing Machinery, New York, NY, USA, 2021, pp. 3371–3382,.

Digital Library

[9]

R. Bitton, A. Shabtai, A machine learning-based intrusion detection system for securing remote desktop connections to electronic flight bag servers, IEEE Trans. Dependable Secure Comput. 18 (2021) 1164–1181,.

[10]

A.L. Buczak, E. Guven, A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Commun. Surv. Tutor. 18 (2016) 1153–1176,.

Digital Library

[11]

I. Butun, S.D. Morgera, R. Sankar, A survey of intrusion detection systems in wireless sensor networks, IEEE Commun. Surv. Tutor. 16 (2014) 266–282,.

[12]

T. Carrier, P. Victor, A. Tekeoglu, A.H. Lashkari, Detecting obfuscated malware using memory feature engineering, in: Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP, SCITEPRESS, 2022, pp. 177–188,.

[13]

A. Casteigts, P. Flocchini, W. Quattrociocchi, N. Santoro, Time-varying graphs and dynamic networks, in: Ad-Hoc, Mobile, and Wireless Networks, Springer Berlin Heidelberg, Berlin, Heidelberg, 2011, pp. 346–359.

[14]

M. Catillo, A. Pecchia, U. Villano, CPS-GUARD: intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders, Comput. Secur. 129 (2023),.

Digital Library

[15]

T. Chen, C. Dong, M. Lv, Q. Song, H. Liu, T. Zhu, K. Xu, L. Chen, S. Ji, Y. Fan, APT-KGL: an intelligent APT detection system based on threat knowledge and heterogeneous provenance graph learning, IEEE Trans. Dependable Secure Comput. (2022) 1–15,. early access.

[16]

Y. Chen, N. Ashizawa, S. Yean, C.K. Yeo, N. Yanai, Self-organizing map assisted deep autoencoding Gaussian mixture model for intrusion detection, in: 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), 2021, pp. 1–6,.

Digital Library

[17]

Y. Chen, M. Lin, Z. He, K. Polat, A. Alhudhaif, F. Alenezi, Consistency- and dependence-guided knowledge distillation for object detection in remote sensing images, Expert Syst. Appl. 229 (2023),.

Digital Library

[18]

S. Das, S. Saha, A.T. Priyoti, E.K. Roy, F.T. Sheldon, A. Haque, S. Shiva, Network intrusion detection and comparative analysis using ensemble machine learning and feature selection, IEEE Trans. Netw. Serv. Manag. 19 (2022) 4821–4833,.

[19]

X. Deng, J. Zhu, X. Pei, L. Zhang, Z. Ling, K. Xue, Flow topology-based graph convolutional network for intrusion detection in label-limited IoT networks, IEEE Trans. Netw. Serv. Manag. 20 (2023) 684–696,.

Digital Library

[20]

H. Ding, L. Chen, L. Dong, Z. Fu, X. Cui, Imbalanced data classification: a KNN and generative adversarial networks-based hybrid approach for intrusion detection, Future Gener. Comput. Syst. 131 (2022) 240–254,.

Digital Library

[21]

W. Ding, J. Nayak, B. Naik, D. Pelusi, M. Mishra, Fuzzy and real-coded chemical reaction optimization for intrusion detection in industrial big data environment, IEEE Trans. Ind. Inform. 17 (2021) 4298–4307,.

[22]

W. Guo, H. Qiu, Z. Liu, J. Zhu, Q. Wang, GLD-Net: deep learning to detect DDoS attack via topological and traffic feature fusion, Comput. Intell. Neurosci. 2022 (2022),.

[23]

Z. He, M. Lin, Z. Xu, Z. Yao, H. Chen, A. Alhudhaif, F. Alenezi, Deconv-transformer (DecT): a histopathological image classification model for breast cancer based on color deconvolution and transformer architecture, Inf. Sci. 608 (2022) 1093–1112,.

Digital Library

[24]

M. Injadat, A. Moubayed, A.B. Nassif, A. Shami, Multi-stage optimized machine learning framework for network intrusion detection, IEEE Trans. Netw. Serv. Manag. 18 (2021) 1803–1816,.

[25]

F. Jiang, Y. Fu, B.B. Gupta, Y. Liang, S. Rho, F. Lou, F. Meng, Z. Tian, Deep learning based multi-channel intelligent attack detection for data security, IEEE Trans. Sustain. Comput. 5 (2020) 204–212,.

[26]

M. Lin, C. Huang, R. Chen, H. Fujita, X. Wang, Directional correlation coefficient measures for Pythagorean fuzzy sets: their applications to medical diagnosis and cluster analysis, Complex Intell. Syst. 7 (2021) 1025–1043,.

[27]

M. Lin, C. Huang, Z. Xu, TOPSIS method based on correlation coefficient and entropy measure for linguistic Pythagorean fuzzy sets and its application to multiple attribute decision making, Complexity 2019 (2019),.

Digital Library

[28]

M. Lin, J. Wei, Z. Xu, R. Chen, et al., Multiattribute group decision-making based on linguistic Pythagorean fuzzy interaction partitioned Bonferroni mean aggregation operators, Complexity 2018 (2018),.

Digital Library

[29]

C. Liu, K. Wang, Y. Wang, X. Yuan, Learning deep multimanifold structure feature representation for quality prediction with an industrial application, IEEE Trans. Ind. Inform. 18 (2022) 5849–5858,.

[30]

T. Liu, L. Zhang, Y. Wang, J. Guan, Y. Fu, J. Zhao, S. Zhou, Recent few-shot object detection algorithms: a survey with performance comparison, ACM Trans. Intell. Syst. Technol. 14 (2023),.

Digital Library

[31]

W. Liu, X. Xu, L. Wu, L. Qi, A. Jolfaei, W. Ding, M.R. Khosravi, Intrusion detection for maritime transportation systems with batch federated aggregation, IEEE Trans. Intell. Transp. Syst. 24 (2023) 2503–2514,.

[32]

Z. Liu, C. Hu, C. Shan, Riemannian manifold on stream data: Fourier transform and entropy-based DDoS attacks detection method, Comput. Secur. 109 (2021),.

Digital Library

[33]

W.W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, M. Portmann, E-GraphSAGE: a graph neural network based intrusion detection system for IoT, in: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1–9,.

Digital Library

[34]

J. Long, W. Liang, K.C. Li, Y. Wei, M.D. Marino, A regularized cross-layer ladder network for intrusion detection in industrial internet of things, IEEE Trans. Ind. Inform. 19 (2023) 1747–1755,.

[35]

H. Lu, T. Wang, X. Xu, T. Wang, Cognitive memory-guided autoencoder for effective intrusion detection in internet of things, IEEE Trans. Ind. Inform. 18 (2022) 3358–3366,.

[36]

P.Y. Lum, G. Singh, A. Lehman, T. Ishkanov, M. Vejdemo-Johansson, M. Alagappan, J. Carlsson, G. Carlsson, Extracting insights from the shape of complex data using topology, Sci. Rep. 3 (2013) 1236,.

[37]

S. Mahdavifar, A.F. Abdul Kadir, R. Fatemi, D. Alhadidi, A.A. Ghorbani, Dynamic Android malware category classification using semi-supervised deep learning, in: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), 2020, pp. 515–522,.

[38]

I. Martins, J.S. Resende, P.R. Sousa, S. Silva, L. Antunes, J. Gama, Host-based IDS: a review and open issues of an anomaly detection system in IoT, Future Gener. Comput. Syst. 133 (2022) 95–113,.

Digital Library

[39]

McInnes, L.; Healy, J.; Melville, J. (2020): UMAP: uniform manifold approximation and projection for dimension reduction. arXiv:1802.03426.

[40]

H. Mi, X. Huang, A. Muruganujan, H. Tang, C. Mills, D. Kang, P.D. Thomas, PANTHER version 11: expanded annotation data from Gene Ontology and Reactome pathways, and data analysis tool enhancements, Nucleic Acids Res. 45 (2017) D183–D189,.

[41]

J.W. Mikhail, J.M. Fossaceca, R. Iammartino, A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection, ACM Trans. Intell. Syst. Technol. 10 (2019),.

Digital Library

[42]

N. Moustafa, J. Slay, UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), in: 2015 Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6,.

[43]

R. Pan, Y. Zhu, B. Guo, X. Zhu, H. Wang, A sequential addressing subsampling method for massive data analysis under memory constraint, IEEE Trans. Knowl. Data Eng. 35 (2023) 9502–9513,.

Digital Library

[44]

Y. Pei, Y. Huang, Q. Zou, X. Zhang, S. Wang, Effects of image degradation and degradation removal to CNN-based image classification, IEEE Trans. Pattern Anal. Mach. Intell. 43 (2021) 1239–1253,.

[45]

M. Safaei Pour, C. Nader, K. Friday, E. Bou-Harb, A comprehensive survey of recent internet measurement techniques for cyber security, Comput. Secur. 128 (2023),.

Digital Library

[46]

F. Salo, A.B. Nassif, A. Essex, Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection, Comput. Netw. 148 (2019) 164–175,.

[47]

I. Sharafaldin, A. Habibi Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, in: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), INSTICC, SciTePress, 2018, pp. 108–116,.

[48]

N. Shone, T.N. Ngoc, V.D. Phai, Q. Shi, A deep learning approach to network intrusion detection, IEEE Trans. Emerg. Top. Comput. Intell. 2 (2018) 41–50,.

[49]

G. Singh, F. Mémoli, G.E. Carlsson, Topological methods for the analysis of high dimensional data sets and 3D object recognition, in: Proceedings of the Eurographics Symposium on Point-Based Graphics, 2007, pp. 91–100.

[50]

B. Sun, W. Yang, M. Yan, D. Wu, Y. Zhu, Z. Bai, An encrypted traffic classification method combining graph convolutional network and autoencoder, in: 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), 2020, pp. 1–8,.

[51]

A. Thakkar, R. Lohiya, Fusion of statistical importance for feature selection in deep neural network-based intrusion detection system, Inf. Fusion 90 (2023) 353–363,.

Digital Library

[52]

X. Wang, L. Jing, Y. Lyu, M. Guo, J. Wang, H. Liu, J. Yu, T. Zeng, Deep generative mixture model for robust imbalance classification, IEEE Trans. Pattern Anal. Mach. Intell. 45 (2023) 2897–2912,.

[53]

Z. Wu, P. Gao, L. Cui, J. Chen, An incremental learning method based on dynamic ensemble RVM for intrusion detection, IEEE Trans. Netw. Serv. Manag. 19 (2022) 671–685,.

[54]

Y. Xie, D. Feng, Y. Hu, Y. Li, S. Sample, D. Long, Pagoda: a hybrid approach to enable efficient real-time provenance based intrusion detection in big data environments, IEEE Trans. Dependable Secure Comput. 17 (2020) 1283–1296,.

[55]

X. Xu, M. Lin, X. Luo, Z. Xu, HRST-LR: a Hessian regularization spatio-temporal low rank algorithm for traffic data imputation, IEEE Trans. Intell. Transp. Syst. (2023) 1–17,. early access.

Digital Library

[56]

J. Yang, X. Chen, S. Chen, X. Jiang, X. Tan, Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection, IEEE Trans. Inf. Forensics Secur. 16 (2021) 3538–3553,.

[57]

C. Yin, S. Zhang, Q. Zeng, Hybrid representation and decision fusion towards visual-textual sentiment, ACM Trans. Intell. Syst. Technol. 14 (2023),.

Digital Library

[58]

L. Zhang, G. Feng, S. Qin, Intrusion detection system for RPL from routing choice intrusion, in: 2015 IEEE International Conference on Communication Workshop (ICCW), 2015, pp. 2652–2658,.

[59]

J. Zheng, D. Li, GCN-TC: combining trace graph with statistical features for network traffic classification, in: ICC 2019 - 2019 IEEE International Conference on Communications (ICC), 2019, pp. 1–6,.

[60]

H. Zhu, J. Lu, Graph-based intrusion detection system using general behavior learning, in: GLOBECOM 2022 - 2022 IEEE Global Communications Conference, 2022, pp. 2621–2626,.

Cited By

Wang YLi XCheng YDu YHuang DChen XFan Y(2024)A neural probabilistic bounded confidence model for opinion dynamics on social networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.123315247:COnline publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.123315
Zhong MLin MZhang CXu Z(2024)A survey on graph neural networks for intrusion detection systemsComputers and Security10.1016/j.cose.2024.103821141:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103821
Cao ZCao Z(2023)Design of a MobilNetV2-Based Retrieval System for Traditional Cultural ArtworksInternational Journal of Gaming and Computer-Mediated Simulations10.4018/IJGCMS.33470016:1(1-17)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.4018/IJGCMS.334700

Index Terms

Dynamic multi-scale topological representation for enhancing network intrusion detection

Index terms have been assigned to the content through auto-classification.

Recommendations

A Novel Self-supervised Few-shot Network Intrusion Detection Method
Wireless Algorithms, Systems, and Applications
Abstract
Supervised models for network intrusion detection usually rely on many training samples, but the annotation costs are very high. Unlabeled network traffic data is relatively easy to obtain. However, there are only a few methods to utilize these ...
Robust unsupervised network intrusion detection with self-supervised masked context reconstruction
Abstract
Modern network intrusion detection systems always utilize deep learning to improve their intelligence and feature learning abilities. To overcome the difficulties of accessing a large amount of labeled data and achieve early warning, lots of ...
Tunable immune detectors for behaviour-based network intrusion detection
ICARIS'11: Proceedings of the 10th international conference on Artificial immune systems

Computer networks are highly dynamic environments in which the meaning of normal and anomalous behaviours can drift considerably throughout time. Behaviour-based Network Intrusion Detection System (NIDS) have thus to cope with the temporal normality ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 135, Issue C

Dec 2023

755 pages

ISSN:0167-4048

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 10 January 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang YLi XCheng YDu YHuang DChen XFan Y(2024)A neural probabilistic bounded confidence model for opinion dynamics on social networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.123315247:COnline publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.123315
Zhong MLin MZhang CXu Z(2024)A survey on graph neural networks for intrusion detection systemsComputers and Security10.1016/j.cose.2024.103821141:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103821
Cao ZCao Z(2023)Design of a MobilNetV2-Based Retrieval System for Traditional Cultural ArtworksInternational Journal of Gaming and Computer-Mediated Simulations10.4018/IJGCMS.33470016:1(1-17)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.4018/IJGCMS.334700

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents