Network intrusion detection leveraging multimodal features

IF 2.3 Q2 COMPUTER SCIENCE, THEORY & METHODS
Array Pub Date : 2024-05-16 DOI:10.1016/j.array.2024.100349
Aklil Kiflay, Athanasios Tsokanos, Mahmood Fazlali, Raimund Kirner
{"title":"Network intrusion detection leveraging multimodal features","authors":"Aklil Kiflay,&nbsp;Athanasios Tsokanos,&nbsp;Mahmood Fazlali,&nbsp;Raimund Kirner","doi":"10.1016/j.array.2024.100349","DOIUrl":null,"url":null,"abstract":"<div><p>Network Intrusion Detection Systems (NIDSes) are essential for safeguarding critical information systems. However, the lack of adaptability of Machine Learning (ML) based NIDSes to different environments could cause slow adoption. In this paper, we propose a multimodal NIDS that combines flow and payload features to detect cyber-attacks. The focus of the paper is to evaluate the use of multimodal traffic features in detecting attacks, but not on a practical online implementation. In the multimodal NIDS, two random forest models are trained to classify network traffic using selected flow-based features and the first few bytes of protocol payload, respectively. Predictions from the two models are combined using a soft voting approach to get the final traffic classification results. We evaluate the multimodal NIDS using flow-based features and the corresponding payloads extracted from Packet Capture (PCAP) files of a publicly available UNSW-NB15 dataset. The experimental results show that the proposed multimodal NIDS can detect most attacks with average Accuracy, Recall, Precision and F<span><math><msub><mrow></mrow><mrow><mn>1</mn></mrow></msub></math></span> scores ranging from 98% to 99% using only six flow-based traffic features, and the first 32 bytes of protocol payload. The proposed multimodal NIDS provides a reliable approach to detecting cyber-attacks in different environments.</p></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":"22 ","pages":"Article 100349"},"PeriodicalIF":2.3000,"publicationDate":"2024-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2590005624000158/pdfft?md5=571a5eb4d14694ec615bacb4ecbc6a5f&pid=1-s2.0-S2590005624000158-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005624000158","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

Network Intrusion Detection Systems (NIDSes) are essential for safeguarding critical information systems. However, the lack of adaptability of Machine Learning (ML) based NIDSes to different environments could cause slow adoption. In this paper, we propose a multimodal NIDS that combines flow and payload features to detect cyber-attacks. The focus of the paper is to evaluate the use of multimodal traffic features in detecting attacks, but not on a practical online implementation. In the multimodal NIDS, two random forest models are trained to classify network traffic using selected flow-based features and the first few bytes of protocol payload, respectively. Predictions from the two models are combined using a soft voting approach to get the final traffic classification results. We evaluate the multimodal NIDS using flow-based features and the corresponding payloads extracted from Packet Capture (PCAP) files of a publicly available UNSW-NB15 dataset. The experimental results show that the proposed multimodal NIDS can detect most attacks with average Accuracy, Recall, Precision and F1 scores ranging from 98% to 99% using only six flow-based traffic features, and the first 32 bytes of protocol payload. The proposed multimodal NIDS provides a reliable approach to detecting cyber-attacks in different environments.

利用多模态特征进行网络入侵检测
网络入侵检测系统(NIDS)对于保护关键信息系统至关重要。然而,基于机器学习(ML)的网络入侵检测系统缺乏对不同环境的适应性,这可能会导致采用速度缓慢。在本文中,我们提出了一种多模式 NIDS,它结合了流量和有效载荷特征来检测网络攻击。本文的重点是评估多模态流量特征在检测攻击中的应用,而不是实际的在线实施。在多模态 NIDS 中,训练了两个随机森林模型,分别使用选定的基于流量的特征和协议有效载荷的前几个字节对网络流量进行分类。使用软投票方法将两个模型的预测结果结合起来,得到最终的流量分类结果。我们使用从公开的 UNSW-NB15 数据集的数据包捕获(PCAP)文件中提取的基于流量的特征和相应的有效载荷对多模态 NIDS 进行了评估。实验结果表明,拟议的多模态 NIDS 只需使用六个基于流量的特征和协议有效载荷的前 32 个字节,就能检测到大多数攻击,平均准确率、召回率、精确率和 F1 分数介于 98% 到 99% 之间。所提出的多模式 NIDS 为检测不同环境中的网络攻击提供了一种可靠的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Array
Array Computer Science-General Computer Science
CiteScore
4.40
自引率
0.00%
发文量
93
审稿时长
45 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信