{"title":"MFT: A novel memory flow transformer efficient intrusion detection method","authors":"Xuefeng Jiang , Liuquan Xu , Li Yu , Xianjin Fang","doi":"10.1016/j.cose.2024.104174","DOIUrl":null,"url":null,"abstract":"<div><div>Intrusion detection is a critical field in network security research that is devoted to detecting malicious traffic or attacks on networks. Even with the advances in today's Internet environment, a lot of intrusion detection techniques still fail to take into account the long-term characteristics present in network data, which results in a high false alarm rate. Some researchers have tried to address this problem by using the traditional transformer model; however, it is not very effective when dealing with complex relationships and the subtle classification requirements of large amounts of sequential data. This work presents a novel solution called the memory flow transformer (MFT) in response to the limitations of the conventional transformer model. By utilizing a carefully designed memory flow structure, MFT transcends traditional limitations and makes it possible to obtain complex long-term features from network traffic. This innovation enables the model to identify deep connections at a finer level between a wide variety of network traffic data. Extensive experiments were carried out on the complex CICIDS 2017 and NSL-KDD datasets to validate the effectiveness of the MFT model. The results were outstanding, demonstrating MFT's powerful detection abilities. With regard to performance metrics like accuracy, F1 score, false alarm rate, and training time, MFT is superior to current state-of-the-art approaches. Network security is greatly strengthened by MFT, which provides practitioners in the intrusion detection field with novel and effective techniques.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104174"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004796","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Intrusion detection is a critical field in network security research that is devoted to detecting malicious traffic or attacks on networks. Even with the advances in today's Internet environment, a lot of intrusion detection techniques still fail to take into account the long-term characteristics present in network data, which results in a high false alarm rate. Some researchers have tried to address this problem by using the traditional transformer model; however, it is not very effective when dealing with complex relationships and the subtle classification requirements of large amounts of sequential data. This work presents a novel solution called the memory flow transformer (MFT) in response to the limitations of the conventional transformer model. By utilizing a carefully designed memory flow structure, MFT transcends traditional limitations and makes it possible to obtain complex long-term features from network traffic. This innovation enables the model to identify deep connections at a finer level between a wide variety of network traffic data. Extensive experiments were carried out on the complex CICIDS 2017 and NSL-KDD datasets to validate the effectiveness of the MFT model. The results were outstanding, demonstrating MFT's powerful detection abilities. With regard to performance metrics like accuracy, F1 score, false alarm rate, and training time, MFT is superior to current state-of-the-art approaches. Network security is greatly strengthened by MFT, which provides practitioners in the intrusion detection field with novel and effective techniques.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.