Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang
{"title":"LDA-ID:基于 LDA 的实时网络入侵检测框架","authors":"Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang","doi":"10.23919/JCC.ea.2021-0446.202302","DOIUrl":null,"url":null,"abstract":"Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.","PeriodicalId":9814,"journal":{"name":"China Communications","volume":"601 ","pages":"166-181"},"PeriodicalIF":3.1000,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LDA-ID: An LDA-based framework for real-time network intrusion detection\",\"authors\":\"Weidong Zhou, Shengwei Lei, Chunhe Xia, Tianbo Wang\",\"doi\":\"10.23919/JCC.ea.2021-0446.202302\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.\",\"PeriodicalId\":9814,\"journal\":{\"name\":\"China Communications\",\"volume\":\"601 \",\"pages\":\"166-181\"},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2023-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.ea.2021-0446.202302\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.23919/JCC.ea.2021-0446.202302","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
LDA-ID: An LDA-based framework for real-time network intrusion detection
Network intrusion poses a severe threat to the Internet. However, existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap. In addition, efficient real-time detection is an urgent problem. To address the two above problems, we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection (LDA-ID), consisting of static and online LDA-ID. The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection. Thus, the detection is based on the latent topic features. To achieve efficient real-time detection, we design an online computing mode for static LDA-ID, in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information. Furthermore, we design two matching mechanisms to accommodate the static and online LDA-ID, respectively. Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.
期刊介绍:
China Communications (ISSN 1673-5447) is an English-language monthly journal cosponsored by the China Institute of Communications (CIC) and IEEE Communications Society (IEEE ComSoc). It is aimed at readers in industry, universities, research and development organizations, and government agencies in the field of Information and Communications Technologies (ICTs) worldwide.
The journal's main objective is to promote academic exchange in the ICTs sector and publish high-quality papers to contribute to the global ICTs industry. It provides instant access to the latest articles and papers, presenting leading-edge research achievements, tutorial overviews, and descriptions of significant practical applications of technology.
China Communications has been indexed in SCIE (Science Citation Index-Expanded) since January 2007. Additionally, all articles have been available in the IEEE Xplore digital library since January 2013.