More Web Proxy on the site http://driver.im/

research-article

A multi-label network attack detection approach based on two-stage model fusion

Authors:

Yongqing Huang,

Yanmin ZhuangAuthors Info & Claims

Volume 83, Issue C

https://doi.org/10.1016/j.jisa.2024.103790

Published: 08 August 2024 Publication History

Abstract

The diversification and complexity of network attacks pose a serious challenge to network security and lead to the phenomenon of overlapping attributes of network attack behaviors. In this context, traditional network attack detection methods are limited to single-label learning, which cannot effectively deal with complex and diverse network attacks. To better understand the relation between network attack behaviors and improve the effect of network security protection, we first analyze the well-known network attack datasets (UNSW-NB15 and CCCS-CIC-AndMal-2020) according to the proposed multi-label metrics. Subsequently, we propose a multi-label cyber-attack detection method based on two-stage model fusion. In the first stage, a category is selected based on the analysis of multi-label metrics, and binary classification is performed. In the second stage, the binary labels generated in the first stage are added to the feature space for the multi-label categorization. Experimental results show that the two-stage model fusion method effectively improves the performance of the baseline methods. In addition, we analyze the impact of different categories and binary classification performance for the multi-label detection. The experimental results show that, theoretically, when the binary classification accuracy of Normal and Adware reaches 77% and 95% respectively, the performance of the two-stage multi-label detection method exceeds the state-of-the-art methods. This indicates the effectiveness of the two-stage strategy used in our proposed method for improving the ability of multi-label network attack detection.

References

[1]

Xie J., Li S., Zhang Y., Sun P., Xu H., Analysis and detection against network attacks in the overlapping phenomenon of behavior attribute, Comput Secur 121 (2022).

[2]

Moustafa N., Slay J., UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), in: 2015 military communications and information systems conference (milCIS), IEEE, 2015, pp. 1–6.

[3]

Keyes D.S., Li B., Kaur G., Lashkari A.H., Gagnon F., Massicotte F., EntropLyzer: Android malware classification and characterization using entropy analysis of dynamic characteristics, in: 2021 reconciling data analytics, automation, privacy, and security: a big data challenge, RDAAPS, IEEE, 2021, pp. 1–12.

[4]

Rashid M., Kamruzzaman J., Imam T., Wibowo S., Gordon S., A tree-based stacking ensemble technique with feature selection for network intrusion detection, Appl Intell 52 (9) (2022) 9768–9781.

[5]

Rajapaksha S., Kalutarage H., Al-Kadri M.O., Petrovski A., Madzudzo G., Beyond vanilla: Improved autoencoder-based ensemble in-vehicle intrusion detection system, J. Inf. Secur. Appl. 77 (2023).

[6]

Singh K., Kaur L., Maini R., Ensemble voting based intrusion detection technique using negative selection algorithm., Int Arab J Inf Technol 20 (2) (2023) 151–158.

[7]

Agrawal S., Chowdhuri A., Sarkar S., Selvanambi R., Gadekallu T.R., et al., Temporal weighted averaging for asynchronous federated intrusion detection systems, Comput Intell Neurosci 2021 (2021).

[8]

Mushtaq E., Zameer A., Khan A., A two-stage stacked ensemble intrusion detection system using five base classifiers and MLP with optimal feature selection, Microprocess Microsyst 94 (2022).

[9]

Lazzarini R., Tianfield H., Charissis V., A stacking ensemble of deep learning models for IoT intrusion detection, Knowl-Based Syst 279 (2023).

[10]

Yao W., Hu L., Hou Y., Li X., A two-layer soft-voting ensemble learning model for network intrusion detection, in: 2022 52nd annual IEEE/iFIP international conference on dependable systems and networks workshops (DSN-w), IEEE, 2022, pp. 155–161.

[11]

Gautam S., Om H., Dixit K., A novel multilevel classifier hybrid model for intrusion detection using machine learning, Nat-Inspir Comput Smart Appl Des (2021) 249–266.

[12]

Zhang H., Zhang B., Huang L., Zhang Z., Huang H., An efficient two-stage network intrusion detection system in the Internet of Things, Information 14 (2) (2023) 77.

[13]

Hnamte V., Nhung-Nguyen H., Hussain J., Hwa-Kim Y., A novel two-stage deep learning model for network intrusion detection: LSTM-AE, IEEE Access 11 (2023) 37131–37148.

[14]

Zhang M.-L., Zhou Z.-H., A review on multi-label learning algorithms, IEEE Trans Knowl Data Eng 26 (8) (2013) 1819–1837.

[15]

Boutell M.R., Luo J., Shen X., Brown C.M., Learning multi-label scene classification, Pattern Recognit 37 (9) (2004) 1757–1771.

[16]

Fürnkranz J., Hüllermeier E., Loza Mencía E., Brinker K., Multilabel classification via calibrated label ranking, Mach Learn 73 (2008) 133–153.

Digital Library

[17]

Read J., Pfahringer B., Holmes G., Frank E., Classifier chains for multi-label classification, in: Machine learning and knowledge discovery in databases: European conference, ECML pKDD 2009, bled, Slovenia, September 7-11, 2009, proceedings, part II 20, Springer, 2009, pp. 254–269.

[18]

Read J., Pfahringer B., Holmes G., Frank E., Classifier chains for multi-label classification, Mach Learn 85 (2011) 333–359.

Digital Library

[19]

Tsoumakas G., Vlahavas I., Random k-labelsets: An ensemble method for multilabel classification, in: European conference on machine learning, Springer, 2007, pp. 406–417.

[20]

Zhang M.-L., Zhou Z.-H., ML-KNN: A lazy learning approach to multi-label learning, Pattern Recognit 40 (7) (2007) 2038–2048.

Digital Library

[21]

Clare A., King R.D., Knowledge discovery in multi-label phenotype data, in: European conference on principles of data mining and knowledge discovery, Springer, 2001, pp. 42–53.

[22]

Benites F., Sapozhnikova E., Haram: a hierarchical aram neural network for large-scale text classification, in: 2015 IEEE international conference on data mining workshop, ICDMW, IEEE, 2015, pp. 847–854.

[23]

Liang Z., Guo J., Qiu W., Huang Z., Li S., When graph convolution meets double attention: online privacy disclosure detection with multi-label text classification, Data Min Knowl Discov 38 (2024) 1171–1192.

[24]

Mehmood F., Shahzadi R., Ghafoor H., Asim M.N., Ghani M.U., Mahmood W., Dengel A., Enml: multi-label ensemble learning for urdu text classification, ACM Trans Asian Low-Resour Lang Inf Process 22 (9) (2023) 1–31.

[25]

Ameer I., Bölücü N., Siddiqui M.H.F., Can B., Sidorov G., Gelbukh A., Multi-label emotion classification in texts using transfer learning, Expert Syst Appl 213 (2023).

[26]

Ciobotaru A, Constantinescu MV, Dinu LP, Dumitrescu S. RED v2: enhancing red dataset for multi-label emotion detection. In: Proceedings of the thirteenth language resources and evaluation conference. 2022, p. 1392–9.

[27]

Hu P., Sun X., Sclaroff S., Saenko K., DualCoOp++: Fast and effective adaptation to multi-label recognition with limited annotations, IEEE Trans Pattern Anal Mach Intell 46 (5) (2023) 3450–3462.

[28]

Chai Y., Liu H., Xu J., Samtani S., Jiang Y., Liu H., A multi-label classification with an adversarial-based denoising autoencoder for medical image annotation, ACM Trans Manage Inf Syst 14 (2) (2023) 1–21.

[29]

Abdullayeva F., Suleymanzade S., Using transfer adaptation method for dynamic features expansion in multi-label deep neural network for recommender systems, Stat Optim Inf Comput 12 (2) (2024) 524–529.

[30]

Manoharan S., Senthilkumar R., Jayakumar S., Optimized multi-label convolutional neural network using modified genetic algorithm for popularity based personalized news recommendation system, Concurr Comput: Pract Exper 34 (19) (2022).

[31]

Du H., Huang D., Multi-attack detection: General defense strategy based on neural networks for CV-QKD, Photonics 9 (3) (2022) 177.

[32]

Li M., Zheng R., Liu L., Yang P., Extraction of threat actions from threat-related articles using multi-label machine learning classification method, in: 2019 2nd international conference on safety produce informatization, IICSPI, IEEE, 2019, pp. 428–431.

[33]

Hegazy H.I., Tag Eldien A.S., Tantawy M.M., Fouda M.M., TagElDien H.A., Real-time locational detection of stealthy false data injection attack in smart grid: Using multivariate-based multi-label classification approach, Energies 15 (14) (2022) 5312.

[34]

Han Y., Feng H., Li K., Zhao Q., False data injection attacks detection with modified temporal multi-graph convolutional network in smart grids, Comput Secur 124 (2023).

[35]

Rahali A, Lashkari AH, Kaur G, Taheri L, Gagnon F, Massicotte F. Didroid: Android malware classification and characterization using deep image learning. In: 2020 the 10th international conference on communication and network security. 2020, p. 70–82.

[36]

Zhang H., Li J.-L., Liu X.-M., Dong C., Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection, Future Gener Comput Syst 122 (2021) 130–143.

[37]

Resende P.A.A., Drummond A.C., A survey of random forest based methods for intrusion detection systems, ACM Comput Surv 51 (3) (2018) 1–36.

Digital Library

[38]

Godbole S., Sarawagi S., Discriminative methods for multi-labeled classification, in: Pacific-Asia conference on knowledge discovery and data mining, Springer, 2004, pp. 22–30.

Recommendations

Dynamic Label Propagation for Semi-supervised Multi-class Multi-label Classification
ICCV '13: Proceedings of the 2013 IEEE International Conference on Computer Vision

In graph-based semi-supervised learning approaches, the classification rate is highly dependent on the size of the availabel labeled data, as well as the accuracy of the similarity measures. Here, we propose a semi-supervised multi-class/multi-label ...
Analysis and Detection against Network Attacks in the Overlapping Phenomenon of Behavior Attribute
Abstract
The proliferation of network attacks poses a significant threat. Researchers propose datasets for network attacks to support research in related fields. Then, many attack detection methods based on these datasets are proposed. These detection ...
Addressing class-imbalance in multi-label learning via two-stage multi-label hypernetwork

Multi-label learning is concerned with learning from data examples that are represented by a single feature vector while associated with multiple labels simultaneously. Existing multi-label learning approaches mainly focus on exploiting label ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Information Security and Applications

Journal of Information Security and Applications Volume 83, Issue C

Jun 2024

455 pages

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 08 August 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents