FC-Trans: Deep learning methods for network intrusion detection in big data environments

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-27 DOI:10.1016/j.cose.2025.104392

Yuedi Zhu , Yong Wang , Lin Zhou , Yuan Xia

{"title":"FC-Trans: Deep learning methods for network intrusion detection in big data environments","authors":"Yuedi Zhu , Yong Wang , Lin Zhou , Yuan Xia","doi":"10.1016/j.cose.2025.104392","DOIUrl":null,"url":null,"abstract":"<div><div>With the continuous expansion of Internet traffic, effectively preventing network intrusions in such a vast data environment has become increasingly challenging. Existing intrusion detection systems (IDS) for different network attacks often struggle to identify unknown attacks or respond to them in real-time. In this article, we propose a novel hybrid deep learning model, FC-Trans, designed to enhance network intrusion monitoring. Our approach involves optimizing feature representation using the Feature Tokenizer method, leveraging CNNs to extract meaningful features from the data, and incorporating Transformer’s self-attentive mechanism and residual structure to capture long-term feature dependencies and mitigate gradient vanishing. To address the issue of imbalanced sample distribution, we utilize MultiF Loss as the training loss function for the multi-classification task, enabling the model to prioritize difficult-to-classify samples. We compare the performance of our method with other approaches on the UNSW-NB15 dataset, and the experimental results demonstrate significant improvements in both binary and multivariate classification tasks. The results verify the effectiveness of our proposed method.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104392"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000811","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the continuous expansion of Internet traffic, effectively preventing network intrusions in such a vast data environment has become increasingly challenging. Existing intrusion detection systems (IDS) for different network attacks often struggle to identify unknown attacks or respond to them in real-time. In this article, we propose a novel hybrid deep learning model, FC-Trans, designed to enhance network intrusion monitoring. Our approach involves optimizing feature representation using the Feature Tokenizer method, leveraging CNNs to extract meaningful features from the data, and incorporating Transformer’s self-attentive mechanism and residual structure to capture long-term feature dependencies and mitigate gradient vanishing. To address the issue of imbalanced sample distribution, we utilize MultiF Loss as the training loss function for the multi-classification task, enabling the model to prioritize difficult-to-classify samples. We compare the performance of our method with other approaches on the UNSW-NB15 dataset, and the experimental results demonstrate significant improvements in both binary and multivariate classification tasks. The results verify the effectiveness of our proposed method.

查看原文本刊更多论文

FC-Trans：大数据环境下网络入侵检测的深度学习方法

随着互联网流量的不断扩大，在如此庞大的数据环境下有效防范网络入侵变得越来越具有挑战性。针对不同网络攻击的现有入侵检测系统（IDS）往往难以识别未知攻击或实时响应。在本文中，我们提出了一种新的混合深度学习模型FC-Trans，旨在增强网络入侵监测。我们的方法包括使用feature Tokenizer方法优化特征表示，利用cnn从数据中提取有意义的特征，并结合Transformer的自关注机制和残余结构来捕获长期特征依赖并减轻梯度消失。为了解决样本分布不平衡的问题，我们使用MultiF Loss作为多分类任务的训练损失函数，使模型能够优先考虑难以分类的样本。我们将该方法与其他方法在UNSW-NB15数据集上的性能进行了比较，实验结果表明该方法在二元和多元分类任务上都有显著的改进。实验结果验证了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.