TSIDS: Spatial–temporal fusion gating Multilayer Perceptron for network intrusion detection

IF 7.5 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Expert Systems with Applications Pub Date : 2024-11-10 DOI:10.1016/j.eswa.2024.125687

Jie Fu , Lina Wang , Jianpeng Ke , Kang Yang , Rongwei Yu

{"title":"TSIDS: Spatial–temporal fusion gating Multilayer Perceptron for network intrusion detection","authors":"Jie Fu , Lina Wang , Jianpeng Ke , Kang Yang , Rongwei Yu","doi":"10.1016/j.eswa.2024.125687","DOIUrl":null,"url":null,"abstract":"<div><div>Due to the heterogeneous and dynamic nature of networks, modeling spatiotemporal correlations has become a trend. Although spatiotemporal-based network intrusion detection systems (NIDSs) enhance the performance of intrusion classification, they still suffer from inadequacies in the multi-classification of intrusions and model generalization ability. First, the static attack topologies of network traffic always ignore some important information; Second, the interaction between spatial and temporal dimensions is rarely considered. To mitigate these issues, this paper proposes TSIDS, a spatiotemporal analysis-based approach that extracts the interaction of network behaviors for intrusion detection. TSIDS combines the spatial analysis module to extract spatial information between different events, and the temporal analysis module to learn the temporal dependencies from historical traffic data. To model spatial correlations of temporal features, we propose a feature fusion module based on our customized gating Multilayer Perceptron (cgMLP). The experimental results on four datasets show that our work is effective in intrusion detection, especially multi-classification, and outperforms other baseline methods.</div></div>","PeriodicalId":50461,"journal":{"name":"Expert Systems with Applications","volume":"263 ","pages":"Article 125687"},"PeriodicalIF":7.5000,"publicationDate":"2024-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems with Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0957417424025545","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Due to the heterogeneous and dynamic nature of networks, modeling spatiotemporal correlations has become a trend. Although spatiotemporal-based network intrusion detection systems (NIDSs) enhance the performance of intrusion classification, they still suffer from inadequacies in the multi-classification of intrusions and model generalization ability. First, the static attack topologies of network traffic always ignore some important information; Second, the interaction between spatial and temporal dimensions is rarely considered. To mitigate these issues, this paper proposes TSIDS, a spatiotemporal analysis-based approach that extracts the interaction of network behaviors for intrusion detection. TSIDS combines the spatial analysis module to extract spatial information between different events, and the temporal analysis module to learn the temporal dependencies from historical traffic data. To model spatial correlations of temporal features, we propose a feature fusion module based on our customized gating Multilayer Perceptron (cgMLP). The experimental results on four datasets show that our work is effective in intrusion detection, especially multi-classification, and outperforms other baseline methods.

查看原文本刊更多论文

TSIDS：用于网络入侵检测的时空融合门控多层感知器

由于网络的异构性和动态性，时空关联建模已成为一种趋势。基于时空的网络入侵检测系统（NIDS）虽然提高了入侵分类的性能，但在入侵的多分类和模型泛化能力方面仍存在不足。首先，网络流量的静态攻击拓扑总是会忽略一些重要信息；其次，很少考虑空间维度和时间维度之间的交互作用。为了解决这些问题，本文提出了一种基于时空分析的方法--TSIDS，它能提取网络行为的交互作用，用于入侵检测。TSIDS 结合了空间分析模块和时间分析模块，空间分析模块用于提取不同事件之间的空间信息，时间分析模块用于从历史流量数据中学习时间依赖关系。为了对时间特征的空间相关性进行建模，我们提出了基于定制门控多层感知器（cgMLP）的特征融合模块。在四个数据集上的实验结果表明，我们的工作在入侵检测（尤其是多分类）方面非常有效，并且优于其他基线方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Expert Systems with Applications 工程技术-工程：电子与电气

CiteScore

13.80

自引率

10.60%

发文量

2045

审稿时长

8.7 months

期刊介绍： Expert Systems With Applications is an international journal dedicated to the exchange of information on expert and intelligent systems used globally in industry, government, and universities. The journal emphasizes original papers covering the design, development, testing, implementation, and management of these systems, offering practical guidelines. It spans various sectors such as finance, engineering, marketing, law, project management, information management, medicine, and more. The journal also welcomes papers on multi-agent systems, knowledge management, neural networks, knowledge discovery, data mining, and other related areas, excluding applications to military/defense systems.