An efficient network intrusion detection model based on beta mixture models

IF 7.6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Knowledge-Based Systems Pub Date : 2025-09-19 DOI:10.1016/j.knosys.2025.114506

Yuping Lai , Zidong Wang , Ziqing Lin , Yuhan Cao , Zihao Li , Qing Ye

{"title":"An efficient network intrusion detection model based on beta mixture models","authors":"Yuping Lai , Zidong Wang , Ziqing Lin , Yuhan Cao , Zihao Li , Qing Ye","doi":"10.1016/j.knosys.2025.114506","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid development of computer networks and network applications, ensuring network security has become a critical concern and has garnered significant attention from both academia and industry. Network intrusion detection (NID) plays a pivotal role in safeguarding cybersecurity and maintaining system stability. Most existing NID approaches rely on traditional machine learning (ML) or deep learning (DL) techniques to identify threats and potential attacks based on network traffic data. However, these methods often suffer from high computational complexity and large model sizes, which significantly impede their deployment in resource-constrained environments such as the Internet of Things (IoT), edge computing infrastructures, and wireless sensor networks. In this study, we propose an efficient NID framework based on the Beta Mixture Model (BMM) classifier. The proposed method integrates the BMM with the recently introduced Extended Stochastic Variational Inference (ESVI) framework to effectively characterize both normal and intrusive behavior patterns. The ESVI framework enables simultaneous parameter estimation and model complexity control in a principled and computationally efficient manner. Experimental evaluations show that, compared to NID methods utilizing established finite mixture models, traditional ML, or state-of-the-art DL techniques, our approach substantially reduces computational overhead while achieving comparable detection performance.</div></div>","PeriodicalId":49939,"journal":{"name":"Knowledge-Based Systems","volume":"330 ","pages":"Article 114506"},"PeriodicalIF":7.6000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Knowledge-Based Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S095070512501545X","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid development of computer networks and network applications, ensuring network security has become a critical concern and has garnered significant attention from both academia and industry. Network intrusion detection (NID) plays a pivotal role in safeguarding cybersecurity and maintaining system stability. Most existing NID approaches rely on traditional machine learning (ML) or deep learning (DL) techniques to identify threats and potential attacks based on network traffic data. However, these methods often suffer from high computational complexity and large model sizes, which significantly impede their deployment in resource-constrained environments such as the Internet of Things (IoT), edge computing infrastructures, and wireless sensor networks. In this study, we propose an efficient NID framework based on the Beta Mixture Model (BMM) classifier. The proposed method integrates the BMM with the recently introduced Extended Stochastic Variational Inference (ESVI) framework to effectively characterize both normal and intrusive behavior patterns. The ESVI framework enables simultaneous parameter estimation and model complexity control in a principled and computationally efficient manner. Experimental evaluations show that, compared to NID methods utilizing established finite mixture models, traditional ML, or state-of-the-art DL techniques, our approach substantially reduces computational overhead while achieving comparable detection performance.

查看原文本刊更多论文

基于beta混合模型的高效网络入侵检测模型

随着计算机网络和网络应用的迅速发展，确保网络安全已成为一个关键问题，并引起了学术界和工业界的极大关注。网络入侵检测（NID）在保障网络安全、维护系统稳定方面发挥着关键作用。大多数现有的NID方法依赖于传统的机器学习（ML）或深度学习（DL）技术来识别基于网络流量数据的威胁和潜在攻击。然而，这些方法通常存在计算复杂度高和模型尺寸大的问题，这极大地阻碍了它们在资源受限环境中的部署，例如物联网（IoT）、边缘计算基础设施和无线传感器网络。在本研究中，我们提出了一个基于Beta混合模型（BMM）分类器的高效NID框架。该方法将BMM与最近引入的扩展随机变分推理（ESVI）框架相结合，有效地表征了正常和侵入行为模式。ESVI框架能够以一种原则和计算效率高的方式同时进行参数估计和模型复杂性控制。实验评估表明，与使用已建立的有限混合模型、传统ML或最先进的DL技术的NID方法相比，我们的方法大大减少了计算开销，同时实现了相当的检测性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Knowledge-Based Systems 工程技术-计算机：人工智能

CiteScore

14.80

自引率

12.50%

发文量

1245

审稿时长

7.8 months

期刊介绍： Knowledge-Based Systems, an international and interdisciplinary journal in artificial intelligence, publishes original, innovative, and creative research results in the field. It focuses on knowledge-based and other artificial intelligence techniques-based systems. The journal aims to support human prediction and decision-making through data science and computation techniques, provide a balanced coverage of theory and practical study, and encourage the development and implementation of knowledge-based intelligence models, methods, systems, and software tools. Applications in business, government, education, engineering, and healthcare are emphasized.