As the application of networks permeates various aspects of daily life, maintaining network security has become a crucial challenge. A network intrusion detection system (NIDS) functions as a critical technique for securing cyberspace and has gained considerable attention. Although researchers have made significant progress in developing NIDSs, challenges still exist in high-speed networks with overwhelming network traffic. Existing methods largely focus on improving model detection accuracy and often overlook speed and computational efficiency. This oversight renders most current methods impractical for real-world high-speed network scenarios. To address this issue, we propose an innovative and efficient network intrusion detection algorithm, namely, the Bayesian gamma mixture model (GaMM) classifier. With the recently proposed extended stochastic variational inference (ESVI) framework, we introduce lower-bound approximations to the evidence lower bound (ELBO), namely, the original variational object function. An analytically tractable Bayesian estimation algorithm for a GaMM is derived through stochastic optimization of the obtained lower bound and we validate its performance and computational efficiency on three publicly available datasets (CICMalmem2022, OPCUA, and CICIDS2018). The experimental results indicate that the proposed classifier not only achieves a detection performance comparable to that of other benchmark models but also significantly reduces both the training and detection times.
Read full abstract