Neda Matin, Mina Zolfy Lighvan, Najibeh Farzi-Veijouyeh
{"title":"Convolutional Neural Networks for Imbalanced Advanced Security Network Metrics and Non-Payload-Based Obfuscations Dataset to Detect Intrusion","authors":"Neda Matin, Mina Zolfy Lighvan, Najibeh Farzi-Veijouyeh","doi":"10.1002/cpe.8377","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Network Intrusion Detection Systems (NIDSs) are essential for identifying and preventing cyber threats in modern networks. However, improving their adaptability and responsiveness to unforeseen threats remains a significant challenge. Among the various datasets available for NIDS, the ASNM dataset holds particular significance due to its rich diversity of network traffic traces, including detailed labels for legitimate traffic, direct attacks, and obfuscated network attacks. Despite its potential, the ASNM dataset has been relatively underexplored in existing research, presenting an opportunity for further investigation and application in the development and benchmarking of advanced NIDS models. In this paper, we introduce a convolutional neural network (CNN) architecture designed for network intrusion detection, which autonomously learns patterns and anomalies directly from raw network data. Unlike traditional methods that rely on handcrafted features or predefined signatures, the proposed CNN dynamically adapts to detect both known and obfuscated attacks. The quality and balance of the dataset used to train NIDSs are critical, as imbalanced data can skew detection results and significantly impact overall system performance. To address this, we introduce an innovative preprocessing technique to mitigate class imbalances, ensuring more accurate classification across all categories, including under-represented attack types. The proposed CNN architecture was rigorously tested against decision trees, neural networks, and k-nearest neighbor classifiers, demonstrating superior performance. The model achieved a True Positive Rate (TPR) of 99.43% and an average recall of 99.26% on a balanced dataset, significantly outperforming traditional models. Furthermore, the preprocessing method improved the TPR by 62% and 83% on datasets with and without obfuscated samples, respectively, highlighting its effectiveness in addressing dataset imbalances and improving detection accuracy. In conclusion, the combination of the ASNM dataset's comprehensive attack scenarios and the dynamic feature-learning capabilities of the proposed CNN represents a significant advancement in intrusion detection technology.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 4-5","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8377","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Network Intrusion Detection Systems (NIDSs) are essential for identifying and preventing cyber threats in modern networks. However, improving their adaptability and responsiveness to unforeseen threats remains a significant challenge. Among the various datasets available for NIDS, the ASNM dataset holds particular significance due to its rich diversity of network traffic traces, including detailed labels for legitimate traffic, direct attacks, and obfuscated network attacks. Despite its potential, the ASNM dataset has been relatively underexplored in existing research, presenting an opportunity for further investigation and application in the development and benchmarking of advanced NIDS models. In this paper, we introduce a convolutional neural network (CNN) architecture designed for network intrusion detection, which autonomously learns patterns and anomalies directly from raw network data. Unlike traditional methods that rely on handcrafted features or predefined signatures, the proposed CNN dynamically adapts to detect both known and obfuscated attacks. The quality and balance of the dataset used to train NIDSs are critical, as imbalanced data can skew detection results and significantly impact overall system performance. To address this, we introduce an innovative preprocessing technique to mitigate class imbalances, ensuring more accurate classification across all categories, including under-represented attack types. The proposed CNN architecture was rigorously tested against decision trees, neural networks, and k-nearest neighbor classifiers, demonstrating superior performance. The model achieved a True Positive Rate (TPR) of 99.43% and an average recall of 99.26% on a balanced dataset, significantly outperforming traditional models. Furthermore, the preprocessing method improved the TPR by 62% and 83% on datasets with and without obfuscated samples, respectively, highlighting its effectiveness in addressing dataset imbalances and improving detection accuracy. In conclusion, the combination of the ASNM dataset's comprehensive attack scenarios and the dynamic feature-learning capabilities of the proposed CNN represents a significant advancement in intrusion detection technology.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
