Abstract
The combination of deep learning and intrusion detection has become a hot topic in today’s network security. In the face of massive, high-dimensional network traffic with uneven sample distribution, how to be able to accurately detect anomalous traffic is the primary task of intrusion detection. Most research on intrusion detection systems based on network anomalous traffic detection has focused on supervised learning; however, the process of obtaining labeled data often requires a lot of time and effort, as well as the support of network experts. Therefore, it is worthwhile investigating the development of label-free self-supervised learning-based approaches called BYOL which is a simple and elegant framework with sufficiently powerful feature extraction capabilities for intrusion detection systems. In this paper, we propose a new data augmentation strategy for intrusion detection data and an intrusion detection model based on label-free self-supervised learning, using a new data augmentation strategy to introduce a perturbation enhancement model to learn invariant feature representation capability and an improved BYOL self-supervised learning method to train the UNSW-NB15 intrusion detection dataset without labels to extract network traffic feature representations. Linear evaluation on UNSW-NB15 and transfer learning on NSK-KDD, KDD CUP99, CIC IDS2017, and CIDDS_001 achieve excellent performance in all metrics.
Highlights
With the advent of the information age and the popularity of the Internet, all aspects of our lives have changed greatly
(2) By conducting linear evaluation on UNSW-NB15, the extracted robust network traffic feature representations using the improved BYOL intrusion detection model and the effectiveness of the data augmentation operation proposed in Section 3.1.1 are verified
(3) To compare traditional deep learning models like DNN, convolutional neural network (CNN), and recurrent neural network (RNN) with our model, we conducted experiments on KDD CUP99, NSL-KDD, CIC IDS2017, and CIDDS_001, so that we can verify the feasibility of using the feature representations extracted by our model to discriminate network traffic
Summary
With the advent of the information age and the popularity of the Internet, all aspects of our lives have changed greatly. While the Internet has given us significant convenience, it has brought about a variety of network security issues. How to avoid these security problems has become the focus of the industry. E earliest intrusion detection model was proposed by Denning and Neumann [2], which focuses on generating a number of profiles about the system based on the audit log data of the host system and monitoring the variance of the profiles to detect intrusions in the system. NIDS observes and analyses real-time network traffic and monitors multiple hosts, aiming to detect intrusions in the network by collecting packet information and viewing its contents [5]. The interpretability of the samples is not as strong as that of the original samples
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.