A hybrid model for detecting intrusions using stacked autoencoders and extreme gradient boosting

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-11-19 DOI:10.1016/j.cose.2024.104212

Hari Vinayak M.V. , Jarin T.

{"title":"A hybrid model for detecting intrusions using stacked autoencoders and extreme gradient boosting","authors":"Hari Vinayak M.V. , Jarin T.","doi":"10.1016/j.cose.2024.104212","DOIUrl":null,"url":null,"abstract":"<div><div>In the contemporary digital landscape dominated by the internet, a wide array of attacks occurs daily, driven by a large and diverse user base. The field of identifying these cyberattacks is rapidly growing and is mainly accomplished through the utilization of intrusion detection systems (IDS). The IDS is designed to continuously observe data flow and identify any potentially harmful or suspicious acts that could signal a cyberattack. Traditional machine learning (ML) techniques encounter challenges in effectively detecting unknown attacks and dealing with imbalanced data distributions, resulting in reduced detection performance. This paper presents a hybrid IDS model that integrates an ML classifier like XGBoost with a stacked sparse autoencoder (SSAE). The low-dimensional features obtained from the SSAE are utilized for training the classifier. The experimental outcomes indicate that the model surpasses the formerly recommended approaches regarding intrusion detection and decreases the ML classifier’s training and testing times. We have also evaluated our model’s performance by comparing it with other advanced techniques documented in the existing literature.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104212"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005182","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In the contemporary digital landscape dominated by the internet, a wide array of attacks occurs daily, driven by a large and diverse user base. The field of identifying these cyberattacks is rapidly growing and is mainly accomplished through the utilization of intrusion detection systems (IDS). The IDS is designed to continuously observe data flow and identify any potentially harmful or suspicious acts that could signal a cyberattack. Traditional machine learning (ML) techniques encounter challenges in effectively detecting unknown attacks and dealing with imbalanced data distributions, resulting in reduced detection performance. This paper presents a hybrid IDS model that integrates an ML classifier like XGBoost with a stacked sparse autoencoder (SSAE). The low-dimensional features obtained from the SSAE are utilized for training the classifier. The experimental outcomes indicate that the model surpasses the formerly recommended approaches regarding intrusion detection and decreases the ML classifier’s training and testing times. We have also evaluated our model’s performance by comparing it with other advanced techniques documented in the existing literature.

Abstract Image

查看原文本刊更多论文

使用堆叠自动编码器和极梯度提升技术检测入侵的混合模型

在以互联网为主导的当代数字环境中，每天都会发生各种各样的攻击，这些攻击是由庞大而多样化的用户群驱动的。识别这些网络攻击的领域正在迅速发展，主要通过使用入侵检测系统（IDS）来实现。IDS 的设计目的是持续观察数据流，并识别任何可能预示着网络攻击的潜在有害或可疑行为。传统的机器学习（ML）技术在有效检测未知攻击和处理不平衡数据分布方面面临挑战，导致检测性能下降。本文提出了一种混合 IDS 模型，它集成了类似 XGBoost 的 ML 分类器和堆叠稀疏自动编码器（SSAE）。从 SSAE 中获得的低维特征被用于训练分类器。实验结果表明，该模型超越了以前推荐的入侵检测方法，并减少了 ML 分类器的训练和测试时间。我们还通过与现有文献中记载的其他先进技术进行比较，评估了我们模型的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.