面向工业物联网的分层混合入侵检测模型

IF 3.3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Zhendong Wang, Xin Yang, Zhiyuan Zeng, Daojing He, Sammy Chan
{"title":"面向工业物联网的分层混合入侵检测模型","authors":"Zhendong Wang, Xin Yang, Zhiyuan Zeng, Daojing He, Sammy Chan","doi":"10.1007/s12083-024-01749-0","DOIUrl":null,"url":null,"abstract":"<p>With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68%, 98.50%, and 99.85%, respectively.</p>","PeriodicalId":49313,"journal":{"name":"Peer-To-Peer Networking and Applications","volume":"13 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A hierarchical hybrid intrusion detection model for industrial internet of things\",\"authors\":\"Zhendong Wang, Xin Yang, Zhiyuan Zeng, Daojing He, Sammy Chan\",\"doi\":\"10.1007/s12083-024-01749-0\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68%, 98.50%, and 99.85%, respectively.</p>\",\"PeriodicalId\":49313,\"journal\":{\"name\":\"Peer-To-Peer Networking and Applications\",\"volume\":\"13 1\",\"pages\":\"\"},\"PeriodicalIF\":3.3000,\"publicationDate\":\"2024-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Peer-To-Peer Networking and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s12083-024-01749-0\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Peer-To-Peer Networking and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12083-024-01749-0","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

随着网络技术的不断发展,物联网(IoT)已经渗透到社会的各个领域。然而,近十年来,每年发现的网络攻击呈指数级激增,对经济发展造成了严重破坏。针对当前入侵检测系统中存在的误报率高、分类性能差、过拟合等问题,本文提出了一种名为 ET-DCANET 的高效分层入侵检测模型。首先,采用极端随机树算法进行特征选择,精心策划出最优特征子集。随后,引入了扩张卷积和双注意机制(包括通道注意和空间注意),并提出了从粗粒度学习逐步过渡到细粒度学习的策略,即逐步缩小空穴卷积的扩张率,并逐步完善 DCNN 和双注意模块,以有效利用 DCNN 和注意的协同作用来提取空间和时间特征。这种从粗粒度学习到细粒度学习的渐进过渡,有助于在处理复杂数据时更好地平衡全局信息和局部信息,提高模型的性能和泛化能力。为了解决数据集中的类不平衡问题,我们引入了一种新的损失函数 EQLv2 来替代传统的交叉熵(CE)损失。这一创新将模型的重点引向少数类别样本,最终提高了模型的整体性能。所提出的模型在 NSL-KDD、UNSW-NB15 和 X-IIoTID 数据集上显示出卓越的入侵检测能力,准确率分别为 99.68%、98.50% 和 99.85%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

A hierarchical hybrid intrusion detection model for industrial internet of things

A hierarchical hybrid intrusion detection model for industrial internet of things

With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68%, 98.50%, and 99.85%, respectively.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Peer-To-Peer Networking and Applications
Peer-To-Peer Networking and Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
CiteScore
8.00
自引率
7.10%
发文量
145
审稿时长
12 months
期刊介绍: The aim of the Peer-to-Peer Networking and Applications journal is to disseminate state-of-the-art research and development results in this rapidly growing research area, to facilitate the deployment of P2P networking and applications, and to bring together the academic and industry communities, with the goal of fostering interaction to promote further research interests and activities, thus enabling new P2P applications and services. The journal not only addresses research topics related to networking and communications theory, but also considers the standardization, economic, and engineering aspects of P2P technologies, and their impacts on software engineering, computer engineering, networked communication, and security. The journal serves as a forum for tackling the technical problems arising from both file sharing and media streaming applications. It also includes state-of-the-art technologies in the P2P security domain. Peer-to-Peer Networking and Applications publishes regular papers, tutorials and review papers, case studies, and correspondence from the research, development, and standardization communities. Papers addressing system, application, and service issues are encouraged.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信