NIDS-CNNRF集成了CNN和随机森林的高效网络入侵检测模型

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-04-17 DOI:10.1016/j.iot.2025.101607

Kai Yang , JiaMing Wang , GeGe Zhao , XuAn Wang , Wei Cong , ManZheng Yuan , JiaXiong Luo , XiaoFang Dong , JiaRui Wang , Jing Tao

{"title":"NIDS-CNNRF集成了CNN和随机森林的高效网络入侵检测模型","authors":"Kai Yang , JiaMing Wang , GeGe Zhao , XuAn Wang , Wei Cong , ManZheng Yuan , JiaXiong Luo , XiaoFang Dong , JiaRui Wang , Jing Tao","doi":"10.1016/j.iot.2025.101607","DOIUrl":null,"url":null,"abstract":"<div><div>Network intrusion detection is crucial for enhancing network security; however, existing models face three prominent challenges. First, many models place too much emphasis on overall accuracy, often neglecting the accurate distinction between different types of attacks. Second, due to feature redundancy in complex high-dimensional attack traffic, these models struggle to extract key information from large feature sets. Lastly, when dealing with imbalanced datasets, models tend to focus on learning from classes with larger sample sizes, thus overlooking those with fewer instances. To address these issues, this paper proposes a novel network intrusion detection model, NIDS-CNNRF. This model integrates Convolutional Neural Networks (CNN) for feature extraction and Random Forest (RF) for classifying attack traffic, enabling precise identification of various attack types. The Adaptive Synthetic Sampling (ADASYN) algorithm is employed to mitigate the bias toward classes with larger sample sizes, while Principal Component Analysis (PCA) is used to address feature redundancy, allowing the model to effectively extract key information. Experimental results demonstrate that the NIDS-CNNRF model significantly outperforms traditional intrusion detection models in enhancing network security, with superior performance observed on the KDD CUP99, NSL_KDD, CIC-IDS2017, and CIC-IDS2018 datasets.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"32 ","pages":"Article 101607"},"PeriodicalIF":6.0000,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"NIDS-CNNRF integrating CNN and random forest for efficient network intrusion detection model\",\"authors\":\"Kai Yang , JiaMing Wang , GeGe Zhao , XuAn Wang , Wei Cong , ManZheng Yuan , JiaXiong Luo , XiaoFang Dong , JiaRui Wang , Jing Tao\",\"doi\":\"10.1016/j.iot.2025.101607\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Network intrusion detection is crucial for enhancing network security; however, existing models face three prominent challenges. First, many models place too much emphasis on overall accuracy, often neglecting the accurate distinction between different types of attacks. Second, due to feature redundancy in complex high-dimensional attack traffic, these models struggle to extract key information from large feature sets. Lastly, when dealing with imbalanced datasets, models tend to focus on learning from classes with larger sample sizes, thus overlooking those with fewer instances. To address these issues, this paper proposes a novel network intrusion detection model, NIDS-CNNRF. This model integrates Convolutional Neural Networks (CNN) for feature extraction and Random Forest (RF) for classifying attack traffic, enabling precise identification of various attack types. The Adaptive Synthetic Sampling (ADASYN) algorithm is employed to mitigate the bias toward classes with larger sample sizes, while Principal Component Analysis (PCA) is used to address feature redundancy, allowing the model to effectively extract key information. Experimental results demonstrate that the NIDS-CNNRF model significantly outperforms traditional intrusion detection models in enhancing network security, with superior performance observed on the KDD CUP99, NSL_KDD, CIC-IDS2017, and CIC-IDS2018 datasets.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"32 \",\"pages\":\"Article 101607\"},\"PeriodicalIF\":6.0000,\"publicationDate\":\"2025-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525001209\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525001209","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

网络入侵检测是提高网络安全的重要手段。然而，现有的模式面临三个突出的挑战。首先，许多模型过于强调整体的准确性，往往忽略了不同类型攻击之间的准确区分。其次，由于复杂高维攻击流量中的特征冗余，这些模型难以从大型特征集中提取关键信息。最后，当处理不平衡的数据集时，模型倾向于从样本量较大的类中学习，从而忽略了那些实例较少的类。为了解决这些问题，本文提出了一种新的网络入侵检测模型NIDS-CNNRF。该模型集成了卷积神经网络（CNN）的特征提取和随机森林（RF）的攻击流量分类，能够精确识别各种攻击类型。采用自适应合成采样（ADASYN）算法减轻对样本量较大的类的偏差，采用主成分分析（PCA）算法解决特征冗余，使模型能够有效地提取关键信息。实验结果表明，NIDS-CNNRF模型在增强网络安全性方面明显优于传统入侵检测模型，在KDD CUP99、NSL_KDD、CIC-IDS2017和CIC-IDS2018数据集上表现优异。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

NIDS-CNNRF integrating CNN and random forest for efficient network intrusion detection model

Network intrusion detection is crucial for enhancing network security; however, existing models face three prominent challenges. First, many models place too much emphasis on overall accuracy, often neglecting the accurate distinction between different types of attacks. Second, due to feature redundancy in complex high-dimensional attack traffic, these models struggle to extract key information from large feature sets. Lastly, when dealing with imbalanced datasets, models tend to focus on learning from classes with larger sample sizes, thus overlooking those with fewer instances. To address these issues, this paper proposes a novel network intrusion detection model, NIDS-CNNRF. This model integrates Convolutional Neural Networks (CNN) for feature extraction and Random Forest (RF) for classifying attack traffic, enabling precise identification of various attack types. The Adaptive Synthetic Sampling (ADASYN) algorithm is employed to mitigate the bias toward classes with larger sample sizes, while Principal Component Analysis (PCA) is used to address feature redundancy, allowing the model to effectively extract key information. Experimental results demonstrate that the NIDS-CNNRF model significantly outperforms traditional intrusion detection models in enhancing network security, with superior performance observed on the KDD CUP99, NSL_KDD, CIC-IDS2017, and CIC-IDS2018 datasets.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.