基于数据包有效载荷的网络入侵检测的超参数调整卷积神经网络

Symmetry Pub Date : 2024-09-04 DOI:10.3390/sym16091151
Ammar Boulaiche, Sofiane Haddad, Ali Lemouari
{"title":"基于数据包有效载荷的网络入侵检测的超参数调整卷积神经网络","authors":"Ammar Boulaiche, Sofiane Haddad, Ali Lemouari","doi":"10.3390/sym16091151","DOIUrl":null,"url":null,"abstract":"In the last few years, the use of convolutional neural networks (CNNs) in intrusion detection domains has attracted more and more attention. However, their results in this domain have not lived up to expectations compared to the results obtained in other domains, such as image classification and video analysis. This is mainly due to the datasets used, which contain preprocessed features that are not compatible with convolutional neural networks, as they do not allow a full exploit of all the information embedded in the original network traffic. With the aim of overcoming these issues, we propose in this paper a new efficient convolutional neural network model for network intrusion detection based on raw traffic data (pcap files) rather than preprocessed data stored in CSV files. The novelty of this paper lies in the proposal of a new method for adapting the raw network traffic data to the most suitable format for CNN models, which allows us to fully exploit the strengths of CNNs in terms of pattern recognition and spatial analysis, leading to more accurate and effective results. Additionally, to further improve its detection performance, the structure and hyperparameters of our proposed CNN-based model are automatically adjusted using the self-adaptive differential evolution (SADE) metaheuristic, in which symmetry plays an essential role in balancing the different phases of the algorithm, so that each phase can contribute in an equal and efficient way to finding optimal solutions. This helps to make the overall performance more robust and efficient when solving optimization problems. The experimental results on three datasets, KDD-99, UNSW-NB15, and CIC-IDS2017, show a strong symmetry between the frequency values implemented in the images built for each network traffic and the different attack classes. This was confirmed by a good predictive accuracy that goes well beyond similar competing models in the literature.","PeriodicalId":501198,"journal":{"name":"Symmetry","volume":"8 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Convolutional Neural Network with Hyperparameter Tuning for Packet Payload-Based Network Intrusion Detection\",\"authors\":\"Ammar Boulaiche, Sofiane Haddad, Ali Lemouari\",\"doi\":\"10.3390/sym16091151\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the last few years, the use of convolutional neural networks (CNNs) in intrusion detection domains has attracted more and more attention. However, their results in this domain have not lived up to expectations compared to the results obtained in other domains, such as image classification and video analysis. This is mainly due to the datasets used, which contain preprocessed features that are not compatible with convolutional neural networks, as they do not allow a full exploit of all the information embedded in the original network traffic. With the aim of overcoming these issues, we propose in this paper a new efficient convolutional neural network model for network intrusion detection based on raw traffic data (pcap files) rather than preprocessed data stored in CSV files. The novelty of this paper lies in the proposal of a new method for adapting the raw network traffic data to the most suitable format for CNN models, which allows us to fully exploit the strengths of CNNs in terms of pattern recognition and spatial analysis, leading to more accurate and effective results. Additionally, to further improve its detection performance, the structure and hyperparameters of our proposed CNN-based model are automatically adjusted using the self-adaptive differential evolution (SADE) metaheuristic, in which symmetry plays an essential role in balancing the different phases of the algorithm, so that each phase can contribute in an equal and efficient way to finding optimal solutions. This helps to make the overall performance more robust and efficient when solving optimization problems. The experimental results on three datasets, KDD-99, UNSW-NB15, and CIC-IDS2017, show a strong symmetry between the frequency values implemented in the images built for each network traffic and the different attack classes. This was confirmed by a good predictive accuracy that goes well beyond similar competing models in the literature.\",\"PeriodicalId\":501198,\"journal\":{\"name\":\"Symmetry\",\"volume\":\"8 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Symmetry\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3390/sym16091151\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symmetry","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/sym16091151","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

最近几年,卷积神经网络(CNN)在入侵检测领域的应用吸引了越来越多的关注。然而,与图像分类和视频分析等其他领域的结果相比,卷积神经网络在这一领域的结果并不尽如人意。这主要是由于所使用的数据集包含的预处理特征与卷积神经网络不兼容,因为它们无法充分利用原始网络流量中蕴含的所有信息。为了克服这些问题,我们在本文中提出了一种新的高效卷积神经网络模型,用于基于原始流量数据(pcap 文件)而非存储在 CSV 文件中的预处理数据的网络入侵检测。本文的新颖之处在于提出了一种新方法,可将原始网络流量数据调整为最适合 CNN 模型的格式,从而充分发挥 CNN 在模式识别和空间分析方面的优势,获得更准确、更有效的结果。此外,为了进一步提高其检测性能,我们提出的基于 CNN 的模型的结构和超参数使用自适应微分进化(SADE)元启发式进行自动调整,其中对称性在平衡算法的不同阶段方面发挥着至关重要的作用,从而使每个阶段都能以平等、高效的方式为找到最优解做出贡献。这有助于使算法在解决优化问题时的整体性能更稳健、更高效。在 KDD-99、UNSW-NB15 和 CIC-IDS2017 三个数据集上的实验结果表明,为每个网络流量和不同攻击类别构建的图像中的频率值之间具有很强的对称性。良好的预测准确性也证实了这一点,远远超出了文献中类似的竞争模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A Convolutional Neural Network with Hyperparameter Tuning for Packet Payload-Based Network Intrusion Detection
In the last few years, the use of convolutional neural networks (CNNs) in intrusion detection domains has attracted more and more attention. However, their results in this domain have not lived up to expectations compared to the results obtained in other domains, such as image classification and video analysis. This is mainly due to the datasets used, which contain preprocessed features that are not compatible with convolutional neural networks, as they do not allow a full exploit of all the information embedded in the original network traffic. With the aim of overcoming these issues, we propose in this paper a new efficient convolutional neural network model for network intrusion detection based on raw traffic data (pcap files) rather than preprocessed data stored in CSV files. The novelty of this paper lies in the proposal of a new method for adapting the raw network traffic data to the most suitable format for CNN models, which allows us to fully exploit the strengths of CNNs in terms of pattern recognition and spatial analysis, leading to more accurate and effective results. Additionally, to further improve its detection performance, the structure and hyperparameters of our proposed CNN-based model are automatically adjusted using the self-adaptive differential evolution (SADE) metaheuristic, in which symmetry plays an essential role in balancing the different phases of the algorithm, so that each phase can contribute in an equal and efficient way to finding optimal solutions. This helps to make the overall performance more robust and efficient when solving optimization problems. The experimental results on three datasets, KDD-99, UNSW-NB15, and CIC-IDS2017, show a strong symmetry between the frequency values implemented in the images built for each network traffic and the different attack classes. This was confirmed by a good predictive accuracy that goes well beyond similar competing models in the literature.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信