Malicious traffic detection in multi-environment networks using novel S-DATE and PSO-D-SEM approaches

Abstract

The rapid advancement of network architectures, protocols, and tools poses significant challenges to network security, especially due to the use of AI-based tools by cybercriminals. It is crucial to develop a versatile malicious traffic detection system capable of identifying attacks across diverse traffic types. This paper presents an enhanced system for detecting malicious traffic in multi-environment (M-En) networks, including IoT, SDN, and traditional IP-based traffic. Existing techniques often under-utilize diversity in network traffic, limiting their effectiveness. To address this, we propose a comprehensive approach that combines the power of Synthetic Data Augmentation TEchnique (S-DATE) and Particle Swarm Optimizer (PSO)-based Diverse-Self Ensemble Model (D-SEM). Our approach proposes the M-En dataset, a combination of three different network architectures datasets including InSDN, UNSWNB-15, and IoTID-20 that accurately represent real-world scenarios. S-DATE is then employed to address imbalanced data distribution in novel generated M-En dataset, enabling better model convergence and enhancing the detection rate of normal and abnormal traffic. Additionally, we introduce PSO-D-SEM, a novel ensemble model that leverages the diversity provided by PSO to handle the complexity of M-En networks. The PSO-D-SEM combines individual models trained on a subset of the M-En dataset, resulting in improved overall performance. The experimental results demonstrate the superiority of our enhanced system, achieving a significant accuracy score of 0.989. Further, we also deploy a statistical T-test to demonstrate the significance of the proposed PSO-D-SEM approach in comparison with state-of-the-art methods.