{"title":"HCRP-OSD: Fine-Grained Open-Set Intrusion Detection Based on Hybrid Convolution and Adversarial Reciprocal Points Learning","authors":"Nengfu Cai, Yi Jiang, Haitao Zhang, Zhiwen Yang, Laicheng Zhong, Qi Chen","doi":"10.1002/cpe.70010","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Amidst the swift progression of network technology, unknown network attacks and malicious code iterations perpetually surface, thereby imposing augmented exigencies on the efficacy and innovativeness of intrusion detection systems within networks. Timely detection of unknown network attacks is critical to reducing the risk of significant damage to systems. This paper aims to develop an open-set intrusion detection model that is able to infer unknown network attacks and correctly classify known attacks. In order to enable the model to classify known attacks while inferring unknown attacks correctly, we consider the open space risk of unknown attacks when training the known attacks classification model. Specifically, we propose an open-set intrusion detection system, HCRP-OSD, consisting of three modules: Network flow feature extraction, hybrid convolutional network, and ARPL open-set intrusion detection. The network flow feature extraction module extracts data information from the original network traffic to avoid the loss of original information caused by manual design and selection of features. The hybrid convolutional network module learns distinguishable features between different known attacks. The hybrid convolutional network uses two learning channels, a two-dimensional CNN and a one-dimensional residual network, to obtain attack features from different angles. The features are aggregated at the output layer. The ARPL open-set intrusion detection module learns a set of vectors as reciprocal points for each known attack and maximizes the distance between the known attack and its reciprocal point during training. This increases the discrimination between known and unknown attacks while accurately classifying known attacks. Experiments on the dataset CICIDS2017 show that our method outperforms the baseline models. The AUROC for identifying unknown attacks is 97.59%. The classification accuracy for known attacks is 99.97%.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 4-5","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70010","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Amidst the swift progression of network technology, unknown network attacks and malicious code iterations perpetually surface, thereby imposing augmented exigencies on the efficacy and innovativeness of intrusion detection systems within networks. Timely detection of unknown network attacks is critical to reducing the risk of significant damage to systems. This paper aims to develop an open-set intrusion detection model that is able to infer unknown network attacks and correctly classify known attacks. In order to enable the model to classify known attacks while inferring unknown attacks correctly, we consider the open space risk of unknown attacks when training the known attacks classification model. Specifically, we propose an open-set intrusion detection system, HCRP-OSD, consisting of three modules: Network flow feature extraction, hybrid convolutional network, and ARPL open-set intrusion detection. The network flow feature extraction module extracts data information from the original network traffic to avoid the loss of original information caused by manual design and selection of features. The hybrid convolutional network module learns distinguishable features between different known attacks. The hybrid convolutional network uses two learning channels, a two-dimensional CNN and a one-dimensional residual network, to obtain attack features from different angles. The features are aggregated at the output layer. The ARPL open-set intrusion detection module learns a set of vectors as reciprocal points for each known attack and maximizes the distance between the known attack and its reciprocal point during training. This increases the discrimination between known and unknown attacks while accurately classifying known attacks. Experiments on the dataset CICIDS2017 show that our method outperforms the baseline models. The AUROC for identifying unknown attacks is 97.59%. The classification accuracy for known attacks is 99.97%.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
