Multi-class Network Intrusion Detection with Class Imbalance via LSTM & SMOTE

• URL: http://arxiv.org/abs/2310.01850v1
• Date: Tue, 3 Oct 2023 07:28:04 GMT
• Title: Multi-class Network Intrusion Detection with Class Imbalance via LSTM & SMOTE
• Authors: Muhammad Wasim Nawaz, Rashid Munawar, Ahsan Mehmood, Muhammad Mahboob Ur Rahman, Qammer H. Abbasi,
• Abstract summary: This paper proposes to use oversampling techniques along with appropriate loss functions to handle class imbalance for the detection of various types of network intrusions. Our deep learning model employs LSTM with fully connected layers to perform multi-class classification of network attacks.
• Score: 1.0591656257413806
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Monitoring network traffic to maintain the quality of service (QoS) and to detect network intrusions in a timely and efficient manner is essential. As network traffic is sequential, recurrent neural networks (RNNs) such as long short-term memory (LSTM) are suitable for building network intrusion detection systems. However, in the case of a few dataset examples of the rare attack types, even these networks perform poorly. This paper proposes to use oversampling techniques along with appropriate loss functions to handle class imbalance for the detection of various types of network intrusions. Our deep learning model employs LSTM with fully connected layers to perform multi-class classification of network attacks. We enhance the representation of minority classes: i) through the application of the Synthetic Minority Over-sampling Technique (SMOTE), and ii) by employing categorical focal cross-entropy loss to apply a focal factor to down-weight examples of the majority classes and focus more on hard examples of the minority classes. Extensive experiments on KDD99 and CICIDS2017 datasets show promising results in detecting network intrusions (with many rare attack types, e.g., Probe, R2L, DDoS, PortScan, etc.).

Related papers

• Dealing with Imbalanced Classes in Bot-IoT Dataset [3.7399138244928145]
  We propose a binary classification method with synthetic minority over-sampling techniques (SMOTE) to address the class imbalance problem in the Bot-IoT dataset. The proposed classifier aims to detect attack packets and overcome the class imbalance problem using the SMOTE algorithm.
  arXiv  Detail & Related papers  (2024-03-27T20:09:59Z)
• Effective Intrusion Detection in Highly Imbalanced IoT Networks with Lightweight S2CGAN-IDS [48.353590166168686]
  Internet of Things (IoT) networks contain benign traffic far more than abnormal traffic, with some rare attacks. Most existing studies have been focused on sacrificing the detection rate of the majority class in order to improve the detection rate of the minority class. We propose a lightweight framework named S2CGAN-IDS to expand the number of minority categories in both data space and feature space.
  arXiv  Detail & Related papers  (2023-06-06T14:19:23Z)
• DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection [2.7122540465034106]
  Intrusion detection systems (IDS) are an essential security technology for detecting these attacks. We implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our findings demonstrate that training the DRL on specific synthetic datasets can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.
  arXiv  Detail & Related papers  (2023-01-05T19:51:24Z)
• DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection [0.0]
  Machine Learning approaches have been used to enhance the detection capabilities of Network Intrusion Detection Systems (NIDSs) Recent work has achieved near-perfect performance by following binary- and multi-class network anomaly detection tasks. This paper proposes a Deep One-Class (DOC) classifier for network intrusion detection by only training on benign network data samples.
  arXiv  Detail & Related papers  (2022-12-15T00:08:05Z)
• Unfolding Local Growth Rate Estimates for (Almost) Perfect Adversarial Detection [22.99930028876662]
  Convolutional neural networks (CNN) define the state-of-the-art solution on many perceptual tasks. Current CNN approaches largely remain vulnerable against adversarial perturbations of the input that have been crafted specifically to fool the system. We propose a simple and light-weight detector, which leverages recent findings on the relation between networks' local intrinsic dimensionality (LID) and adversarial attacks.
  arXiv  Detail & Related papers  (2022-12-13T17:51:32Z)
• Deep learning approach for interruption attacks detection in LEO satellite networks [0.0]
  This work aims to provide an interruption detection strategy for Low Earth Orbit (textsfLEO) satellite networks using deep learning algorithms. We test different deep learning algorithms including Multi Layer Perceptron (MLP), Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Gated Recurrent Units (GRU)
  arXiv  Detail & Related papers  (2022-12-10T21:21:14Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Adversarial Attacks on Deep Learning Based Power Allocation in a Massive MIMO Network [62.77129284830945]
  We show that adversarial attacks can break DL-based power allocation in the downlink of a massive multiple-input-multiple-output (maMIMO) network. We benchmark the performance of these attacks and show that with a small perturbation in the input of the neural network (NN), the white-box attacks can result in infeasible solutions up to 86%.
  arXiv  Detail & Related papers  (2021-01-28T16:18:19Z)
• ESPN: Extremely Sparse Pruned Networks [50.436905934791035]
  We show that a simple iterative mask discovery method can achieve state-of-the-art compression of very deep networks. Our algorithm represents a hybrid approach between single shot network pruning methods and Lottery-Ticket type approaches.
  arXiv  Detail & Related papers  (2020-06-28T23:09:27Z)
• ReMarNet: Conjoint Relation and Margin Learning for Small-Sample Image Classification [49.87503122462432]
  We introduce a novel neural network termed Relation-and-Margin learning Network (ReMarNet) Our method assembles two networks of different backbones so as to learn the features that can perform excellently in both of the aforementioned two classification mechanisms. Experiments on four image datasets demonstrate that our approach is effective in learning discriminative features from a small set of labeled samples.
  arXiv  Detail & Related papers  (2020-06-27T13:50:20Z)
• Resolution Adaptive Networks for Efficient Inference [53.04907454606711]
  We propose a novel Resolution Adaptive Network (RANet), which is inspired by the intuition that low-resolution representations are sufficient for classifying "easy" inputs. In RANet, the input images are first routed to a lightweight sub-network that efficiently extracts low-resolution representations. High-resolution paths in the network maintain the capability to recognize the "hard" samples.
  arXiv  Detail & Related papers  (2020-03-16T16:54:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.