IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

Farhan Ullah , Shamsher Ullah , Gautam Srivastava , Jerry Chun-Wei Lin

›› 2024, Vol. 10 ›› Issue (1) : 190 -204.

PDF
›› 2024, Vol. 10 ›› Issue (1) :190 -204. DOI: 10.1016/j.dcan.2023.03.008
Special issue on intelligent anomaly/novelty detection to enhance IoT and AIoT
research-article
IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic
Author information +
History +
PDF

Abstract

A network intrusion detection system is critical for cyber security against illegitimate attacks. In terms of feature perspectives, network traffic may include a variety of elements such as attack reference, attack type, a sub-category of attack, host information, malicious scripts, etc. In terms of network perspectives, network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic. It is challenging to identify a specific attack due to complex features and data imbalance issues. To address these issues, this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic (IDS-INT). IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data. First, detailed information about each type of attack is gathered from network interaction descriptions, which include network nodes, attack type, reference, host information, etc. Second, the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors. Third, the Synthetic Minority Oversampling Technique (SMOTE) is implemented to balance abnormal traffic and detect minority attacks. Fourth, the Convolution Neural Network (CNN) model is designed to extract deep features from the balanced network traffic. Finally, the hybrid approach of the CNN-Long Short-Term Memory (CNN-LSTM) model is developed to detect different types of attacks from the deep features. Detailed experiments are conducted to test the proposed approach using three standard datasets, i.e., UNSW-NB15, CIC-IDS2017, and NSL-KDD. An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

Keywords

Network intrusion detection / Transfer learning / Features extraction / Imbalance data / Explainable AI / Cybersecurity

Cite this article

Download citation ▾
Farhan Ullah, Shamsher Ullah, Gautam Srivastava, Jerry Chun-Wei Lin. IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic. , 2024, 10(1): 190-204 DOI:10.1016/j.dcan.2023.03.008

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

B.B. Zarpel-ao, R.S. Miani, C.T. Kawakani, S.C. de Alvarenga, A survey of intrusion detection in internet of things, J. Netw. Comput. Appl. 84 (2017) 25-37.
[2]

R. Samrin, D. Vasumathi, Review on anomaly based network intrusion detection system, in: 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), IEEE, 2017, pp. 141-147.
[3]

S.R. Davies, R. Macfarlane, W.J. Buchanan, Differential area analysis for ransomware attack detection within mixed file datasets, Comput. Secur. 108 (2021) 102377.
[4]

J. Liu, Y. Gao, F. Hu, A fast network intrusion detection system using adaptive synthetic oversampling and lightgbm, Comput. Secur. 106 (2021) 102289.
[5]

T. Mehmood, H.B.M. Rais, Machine learning algorithms in context of intrusion detection, in: 2016 3rd International Conference on Computer and Information Sciences (ICCOINS), IEEE, 2016, pp. 369-373.
[6]

N. Shone, T.N. Ngoc, V.D. Phai, Q. Shi, A deep learning approach to network intrusion detection, IEEE transactions on emerging topics in computational intelligence 2 (1) (2018) 41-50.
[7]

B.B. Rao, K. Swathi, Fast knn classifiers for network intrusion detection system, Indian Journal of Science and Technology 10 (14) (2017) 1-10.
[8]

L. Koc, T.A. Mazzuchi, S. Sarkani, A network intrusion detection system based on a hidden naïve bayes multiclass classifier, Expert Syst. Appl. 39 (18) (2012) 13492-13500.
[9]

S. Sahu, B.M. Mehtre, Network intrusion detection system using j48 decision tree, in: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2015, pp. 2023-2026.
[10]

Y. Chang, W. Li, Z. Yang, Network intrusion detection based on random forest and support vector machine, in: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 1, IEEE, 2017, pp. 635-638.
[11]

A. Rosay, F. Carlier, P. Leroux, Mlp4nids: an efficient mlp-based network intrusion detection for cicids2017 dataset,in: International Conference on Machine Learning for Networking, Springer, 2019, pp. 240-254.
[12]

C. Yue, L. Wang, D. Wang, R. Duo, X. Nie, An ensemble intrusion detection method for train ethernet consist network based on cnn and rnn, IEEE Access 9 (2021) 59527-59539.
[13]

F. Ullah, A. Alsirhani, M.M. Alshahrani, A. Alomari, H. Naeem, S.A. Shah, Explainable malware detection system using transformers-based transfer learning and multi-model visual representation, Sensors 22 (18) (2022) 6766.
[14]

Y.E. Seyyar, A.G. Yavuz, H.M. Ünver, Detection of web attacks using the bert model, in: 2022 30th Signal Processing and Communications Applications Conference (SIU), IEEE, 2022, pp. 1-4.
[15]

K. Yu, L. Tan, S. Mumtaz, S. Al-Rubaye, A. Al-Dulaimi, A.K. Bashir, F.A. Khan, Securing critical infrastructures: deep-learning-based threat detection in iiot, IEEE Commun. Mag. 59 (10) (2021) 76-82.
[16]

P. He, J. Zhu, S. He, J. Li, M.R. Lyu, Towards automated log parsing for large-scale log data analysis, IEEE Trans. Dependable Secure Comput. 15 (6) (2017) 931-944.
[17]

J. Li, H. Zhang, Z. Wei, The weighted word2vec paragraph vectors for anomaly detection over http traffic, IEEE Access 8 (2020) 141787-141798.
[18]

S. Huang, Y. Liu, C. Fung, R. He, Y. Zhao, H. Yang, Z. Luan, Hitanomaly: hierarchical transformers for anomaly detection in system log, IEEE transactions on network and service management 17 (4) (2020) 2064-2076.
[19]

E. Min, J. Long, Q. Liu, J. Cui, W. Chen, Tr-ids: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest, Security and Communication Networks, 2018.
[20]

B. Aslahi-Shahri, R. Rahmani, M. Chizari, A. Maralani, M. Eslami, M.J. Golkar, A. Ebrahimi, A hybrid method consisting of ga and svm for intrusion detection system, Neural Comput. Appl. 27 (6) (2016) 1669-1676.
[21]

H. Alazzam, A. Sharieh, K.E. Sabri, A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer, Expert Syst. Appl. 148 (2020) 113249.
[22]

C. Khammassi, S. Krichen, A ga-lr wrapper approach for feature selection in network intrusion detection, Comput. Secur. 70 (2017) 255-277.
[23]

S. Pouyanfar, S. Sadiq, Y. Yan, H. Tian, Y. Tao, M.P. Reyes, M.-L. Shyu, S.-C. Chen, S.S. Iyengar, A survey on deep learning: algorithms, techniques, and applications, ACM Comput. Surv. 51 (5) (2018) 1-36.
[24]

R. Vinayakumar, M. Alazab, K. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system, IEEE Access 7 (2019) 41525-41550.
[25]

S. Jian, G. Pang, L. Cao, K. Lu, H. Gao, Cure: flexible categorical data representation by hierarchical coupling learning, IEEE Trans. Knowl. Data Eng. 31 (5) (2018) 853-866.
[26]

S. Naseer, Y. Saleem, S. Khalid, M.K. Bashir, J. Han, M.M. Iqbal, K. Han, Enhanced network anomaly detection based on deep neural networks, IEEE Access 6 (2018) 48231-48246.
[27]

F.A. Acheampong, H. Nunoo-Mensah, W. Chen, Transformer models for text-based emotion detection: a review of bert-based approaches, Artif. Intell. Rev. 54 (8) (2021) 5789-5829.
[28]

A. Yates, R. Nogueira, J. Lin, Pretrained transformers for text ranking: bert and beyond,in: Proceedings of the 14th ACM International Conference on Web Search and Data Mining, 2021, pp. 1154-1156.
[29]

A. Fernández, S. Garcia, F. Herrera, N.V. Chawla, Smote for learning from imbalanced data: progress and challenges, marking the 15-year anniversary, J. Artif. Intell. Res. 61 (2018) 863-905.
[30]

M. Azizjon, A. Jumabek, W. Kim, 1d cnn based network intrusion detection with normalization on imbalanced data, in: 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), IEEE, 2020, pp. 218-224.
[31]

Y. Li, Y. Xu, Z. Liu, H. Hou, Y. Zheng, Y. Xin, Y. Zhao, L. Cui, Robust detection for network intrusion of industrial iot based on multi-cnn fusion, Measurement 154 (2020) 107450.
[32]

X. Zhang, J. Ran, J. Mi, An intrusion detection system based on convolutional neural network for imbalanced network traffic, in: 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT), IEEE, 2019, pp. 456-460.
[33]

R. Vinayakumar, K. Soman, P. Poornachandran, Applying convolutional neural network for network intrusion detection, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2017, pp. 1222-1228.
[34]

P. Sun, P. Liu, Q. Li, C. Liu, X. Lu, R. Hao, J. Chen, Dl-ids: Extracting Features Using Cnn-Lstm Hybrid Network for Intrusion Detection System, Security and Communication Networks, 2020.
[35]

N. Moustafa, J. Slay, Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set), in: 2015 Military Communications and Information Systems Conference (MilCIS), IEEE, 2015, pp. 1-6.
[36]

N. Moustafa, J. Slay, The evaluation of network anomaly detection systems: statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set, Inf. Secur. J. A Glob. Perspect. 25 (1-3) (2016) 18-31.
[37]

I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp 1 (2018) 108-116.
[38]

M. Tavallaee, E. Bagheri, W. Lu, A.A. Ghorbani, A detailed analysis of the kdd cup 99 data set, in: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ieee, 2009, pp. 1-6.
[39]

D.L. Marino, C.S. Wickramasinghe, M. Manic,An adversarial approach for explainable ai in intrusion detection systems, in: IECON 2018-44 th Annual Conference of the, IEEE Industrial Electronics Society, IEEE, 2018, pp. 3237-3243.
PDF

814

Accesses

0

Citation

Detail
Sections
Recommended

/