Enhancing network attack detection across infrastructures: An automatic labeling method and deep learning model with an attention mechanism

IF 1.5 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

IET Communications Pub Date : 2024-08-22 DOI:10.1049/cmu2.12819

Dinh-Minh Vu, Thi Ha La, Gia Bach Nguyen, Eui-Nam Huh, Hoang Hai Tran

{"title":"Enhancing network attack detection across infrastructures: An automatic labeling method and deep learning model with an attention mechanism","authors":"Dinh-Minh Vu, Thi Ha La, Gia Bach Nguyen, Eui-Nam Huh, Hoang Hai Tran","doi":"10.1049/cmu2.12819","DOIUrl":null,"url":null,"abstract":"<p>In the era of industry 4.0 and the widespread use of digital devices, the number of cyber attacks poses an escalating and diverse threat, jeopardizing users' online activities. Intrusion detection systems (IDS) emerge as pivotal solutions, playing a crucial role in detecting anomalous signals within network systems. To counter novel attack patterns, IDS systems require periodic rule updates for effective identification of unusual signals. Typically, these policies are updated based on rule-based or deep learning algorithms to enhance detection performance. However, the insufficient number of labeled samples remains a challenge for real-world deployment. In this article, an automated labeling method is presented that has shown high effectiveness, requiring minimal hardware resources, and applicable to IDS systems. Additionally, the approach utilizes transfer learning combined with attention mechanisms to boost the efficiency of abnormal signal detection. The results from the approach are compared with those of a reference model, illustrating an overall improvement of nearly 10% in our model's performance compared to the reference model. This underscores the effectiveness of automating rule adjustments for IDS, contributing significantly to reducing associated financial costs. The research addresses the challenges in deploying IDS in real-world scenarios and provides a valuable contribution to enhancing cyber threat detection capabilities.</p><p>A preprint has previously been published [11].</p>","PeriodicalId":55001,"journal":{"name":"IET Communications","volume":"18 17","pages":"1107-1125"},"PeriodicalIF":1.5000,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cmu2.12819","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Communications","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cmu2.12819","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

In the era of industry 4.0 and the widespread use of digital devices, the number of cyber attacks poses an escalating and diverse threat, jeopardizing users' online activities. Intrusion detection systems (IDS) emerge as pivotal solutions, playing a crucial role in detecting anomalous signals within network systems. To counter novel attack patterns, IDS systems require periodic rule updates for effective identification of unusual signals. Typically, these policies are updated based on rule-based or deep learning algorithms to enhance detection performance. However, the insufficient number of labeled samples remains a challenge for real-world deployment. In this article, an automated labeling method is presented that has shown high effectiveness, requiring minimal hardware resources, and applicable to IDS systems. Additionally, the approach utilizes transfer learning combined with attention mechanisms to boost the efficiency of abnormal signal detection. The results from the approach are compared with those of a reference model, illustrating an overall improvement of nearly 10% in our model's performance compared to the reference model. This underscores the effectiveness of automating rule adjustments for IDS, contributing significantly to reducing associated financial costs. The research addresses the challenges in deploying IDS in real-world scenarios and provides a valuable contribution to enhancing cyber threat detection capabilities.

A preprint has previously been published [11].

Abstract Image

查看原文本刊更多论文

加强跨基础设施的网络攻击检测：带有注意力机制的自动标记方法和深度学习模型

在工业 4.0 时代，随着数字设备的广泛使用，网络攻击的数量不断攀升，威胁日益多样化，危及用户的在线活动。入侵检测系统（IDS）作为关键的解决方案出现，在检测网络系统内的异常信号方面发挥着至关重要的作用。为了应对新的攻击模式，IDS 系统需要定期更新规则，以有效识别异常信号。通常情况下，这些策略基于规则或深度学习算法进行更新，以提高检测性能。然而，标注样本数量不足仍然是实际部署中的一个挑战。本文介绍了一种自动标注方法，该方法显示出很高的有效性，只需极少的硬件资源，且适用于 IDS 系统。此外，该方法利用迁移学习与注意力机制相结合，提高了异常信号检测的效率。我们将该方法的结果与参考模型的结果进行了比较，结果表明，与参考模型相比，我们的模型整体性能提高了近 10%。这凸显了 IDS 规则自动调整的有效性，大大降低了相关的财务成本。这项研究解决了在现实世界场景中部署 IDS 所面临的挑战，为提高网络威胁检测能力做出了宝贵贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Communications 工程技术-工程：电子与电气

CiteScore

4.30

自引率

6.20%

发文量

220

审稿时长

5.9 months

期刊介绍： IET Communications covers the fundamental and generic research for a better understanding of communication technologies to harness the signals for better performing communication systems using various wired and/or wireless media. This Journal is particularly interested in research papers reporting novel solutions to the dominating problems of noise, interference, timing and errors for reduction systems deficiencies such as wasting scarce resources such as spectra, energy and bandwidth. Topics include, but are not limited to: Coding and Communication Theory; Modulation and Signal Design; Wired, Wireless and Optical Communication; Communication System Special Issues. Current Call for Papers: Cognitive and AI-enabled Wireless and Mobile - https://digital-library.theiet.org/files/IET_COM_CFP_CAWM.pdf UAV-Enabled Mobile Edge Computing - https://digital-library.theiet.org/files/IET_COM_CFP_UAV.pdf