Abstract
Network intrusion detection (NID) is seen as a pivotal technology in the network security which can detect malicious threats occurring in the network and lend stabilized services for expanding the network environments. However, Network-based Intrusion Detection Systems (NIDSs) are not sensitive to infrequent intrusions features and tend to have high misjudgment rate on imbalanced datasets, which lead to obvious defects for detecting minority classes of intrusion. Therefore, a novel neoteric NID methodology predicated upon an optimized convolutional neural network (CNN) integrating Attention based Deep Sparse Auto Encoder (ADSAE) (ADSAE-CNN) is put forward. The data expanding method based on the ADSAE model integrates attention mechanisms with deep stacked autoencoders to expand intrusion records of minority classes in data preprocessing, so as to balance the data distribution of intrusion detection datasets, improve the sensitivity of the detection model to the intrusion of few categories, and enhance the monitoring of the intrusion by the system. Meanwhile, the ADSAE can encode and transform the intrusion data to ameliorate the feature extraction capability of convolutional layers of the proposed ADSAE-CNN for detecting and classifying different intrusions classes. Finally, the ADSAE-CNN methodology is devoted to the network intrusion detection of two experiments on UNSW-NB15 and CSE-CIC-IDS2018 datasets and achieves the total precision of detection 89.1% on UNSW-NB15 and 94.20% on CSE-CIC-IDS2018, which can lead to considerably elevate the detection rate of minority intrusions and means significant effectiveness on multi-class network intrusion detections.
Graphical Abstract
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Data availability
The data that support the findings of this study are available from corresponding authors Mengzhi Wang, Bo Ma and Yongming Han, upon reasonable request.
Abbreviations
- DDOS :
-
Distributed denial of service
- NIDS :
-
Network Intrusion Detection System
- CNN :
-
Convolutional neural network
- ADSAE :
-
Attention based Deep Sparse Auto Encoder
- SVM :
-
Support Vector Machine
- ELM :
-
Extreme Learning Machine
- BP-NN :
-
Back Propagation neural network
- LSTM :
-
Long Short-Term Memory neural network
- NID :
-
Network Intrusion Detection
- PSO :
-
Particle Swarm Optimization
- DBN :
-
Deep Belief Network
- CSI :
-
Channel State Information
- SMOTE :
-
Synthetic Minority Oversampling Technique
- GAN :
-
Generative Adversarial Network
- WGAN :
-
Wasserstein Generative Adversarial Network
- AE :
-
Autoencoder
- DAE :
-
Deep Autoencoder
- KL :
-
Kullback-Leible divergence
- RBM :
-
Restricted Boltzmann Machine
- MSE :
-
Mean Squared Error
- MAE :
-
Mean Absolute Error
- CE :
-
Cross Entropy
- Bot :
-
Botnet
- E :
-
Euclidean distance
- Q :
-
Query vector
- K :
-
Key vector
- V :
-
Value vector
- W :
-
signifies the weights of matrix in code layer.
- b :
-
signifies the vector of biases for the encoder in code layer.
- σ :
-
denotes the activation function.
- ρ :
-
represents the expected average activation level.
- ρ ̂:
-
represents the effective average activation level of neurons within the
intermediate layer.
- λ :
-
represents the weight of the sparsity constraint.
- Q(x) :
-
represents the Q vector.
- K(x) :
-
represents the K vector.
- V(x) :
-
represents the V vector.
- 𝑑𝑘 :
-
represent the dimension of the K vector.
- x :
-
pertains to the actual label vector.
- y :
-
pertains to the predicted label vector.
- Ci :
-
represent the amount of class i.
- xi :
-
depict the data entry in the dataset.
- yi :
-
represents the original data.
- zi :
-
represents the reconstruct data.
- n :
-
represents the amount of data.
References
Tsvetanov T, Slaria S (2021) The effect of the Colonial Pipeline shutdown on gasoline prices. Econ Lett 209:110122
Ratul C, Sen S, Goswami A, Purkait S, Saha B (2023) An implementation of bi-phase network intrusion detection system by using real-time traffic analysis. Expert Syst Appl 224:119831
Sayeed MS, Abdulrahim H, Razak SFA, Bukar UA, Yogarayan S (2023) IoT raspberry pi based smart parking system with weighted K-Nearest neighbours Approach. Civil Eng J 9:1991–2011
Yang J, Chen X, Chen S, Jiang X, Tan X (2021) Conditional Variational Auto-Encoder and Extreme Value Theory aided two-stage Learning Approach for Intelligent Fine-Grained Known/Unknown intrusion detection. IEEE Trans Inf Forensics Secur 16:3538–3553
Nguyen H, Kashef R (2023) TS-IDS: traffic-aware self-supervised learning for IoT Network Intrusion Detection. Knowl Based Syst 279:110966
Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IoT intrusion detection. Knowl Based Syst 279:110941
Thaseen S, Cherukuri AK (2017) Intrusion detection model using fusion of chi-square feature selection and multi class SVM. J King Saud Univ - Comput Inform Sci 29:462–472
Song Y, Wang X (2022) Network Intrusion Detection Scheme Based on IPSO-SVM Algorithm. 2022 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC): 1011–1014
Binbusayyis A, Vaiyapuri T (2021) Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and one-class SVM. Appl Intell 51:7094–7108
Zhang J, Chen R, Zhang Y, Han W, Gu Z, Yang S, Fu Y (2024) MF2POSE: multi-task feature Fusion Pseudo-siamese Network for intrusion detection using category-distance Promotion loss. Knowl Based Syst 283:111110
Shams EA, Rizaner A, Ulusoy AH (2021) A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems. Neural Comput Appl 33:13647–13665
Raman MRG, Somu N, Kirthivasan K, Sriram VSS (2017) A hypergraph and arithmetic residue-based Probabilistic Neural Network for classification in Intrusion Detection systems. Neural Netw 92:89–97
Liang D, Pan P (2019) Research on Intrusion Detection Based on Improved DBN-ELM. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE), pp 495–499
Chen H, Liu Y, Zhao J, Liu X (2021) Research on intrusion detection based on BP neural network. 2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE), pp 79–82
Liu T, Yao J, Sun Q (2020) Intrusion detection algorithm of EPSO combined with BP neural network. 2020 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp 893–896
Diaba SY, Anafo T, Tetteh LA, Oyibo MA, Alola AA, Miadreza S, Elmusrati M (2023) SCADA securing system using deep learning to prevent cyber infiltration. Neural Netw 165:321–332
Yang A, Zhuansun Y, Liu C, Li J, Zhang C (2019) Design of intrusion detection system for internet of things based on improved BP neural network. IEEE Access 7:106043–106052
Althobaiti MM, Kumar KPM, Gupta D, Kumar S, Mansour RF (2021) An intelligent cognitive computing based intrusion detection for industrial cyber-physical systems. Measurement 186:110145
Chen S, Li W, Liu J, Jin H, Yin X (2021) Network intrusion detection based on subspace clustering and bp neural network. 2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), pp 65–70
Subhash VP, Sutar SR (2022) Remora whale optimization-based hybrid deep learning for network intrusion detection using CNN features. Expert Syst Appl 210:118476
Lin X, Tang Y, Tianfield H, Qian F, Zhong W (2019) A novel approach to reconstruction based saliency detection via convolutional neural network stacked with auto-encoder. Neurocomputing 349:145–155
Wang H, Cao Z, Hong B (2020) A network intrusion detection system based on convolutional neural network. J Int Fuzzy Syst 38:7623–7637
Ahmad W, Almaiah MA, Ali A, Mohmood AAS (2024) Deep learning based network intrusion detection for unmanned aerial vehicle (UAV). 2024 7th World Conference on Computing and Communication Technologies (WCCCT), pp 31–36
Ma T, Hu F, Ma M (2021) A LSTM-based channel fingerprinting method for intrusion detection. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp 113–116
Hao W, Yang T, Yang Q (2023) Hybrid statistical-machine learning for real-time anomaly detection in Industrial Cyber–Physical systems. IEEE Trans Autom Sci Eng 20:32–46
Huang H, Zhao G, Bo Y, Yu J, Liang L, Yang Y, Ou K (2023) Railway intrusion detection based on refined spatial and temporal features for UAV surveillance scene. Measurement 211:112602
Xu Z, Li C, Yang Y (2021) Fault diagnosis of rolling bearings using an improved multi-scale convolutional neural network with feature attention mechanism. ISA Trans 110:379–393
Jiang F, Fu Y, Gupta BB, Liang Y, Rho S, Lou F, Meng F, Tian Z (2020) Deep learning based multi-channel intelligent attack detection for data security. IEEE Trans Sustain Comput 5:204–212
Xiao B, Xu W, Guo J, Lam HK, Jia G, Hong W, Ren H (2020) Depth estimation of hard inclusions in soft tissue by Autonomous Robotic Palpation using deep recurrent neural network. IEEE Trans Autom Sci Eng 17:1791–1799
Lee J, Pak J, Lee M (2020) Network Intrusion detection system using feature extraction based on deep sparse autoencoder. 2020 International Conference on Information and Communication Technology Convergence (ICTC), pp 1282–1287
Wang D, Wang X, Fei J (2024) IDS-GAN: adversarial attack against intrusion detection based on generative adversarial networks. 2024 5th International Conference on Computer Vision, Image and Deep Learning (CVIDL), pp 1130–1134
Soleymanzadeh R, Kashef R (2023) Efficient intrusion detection using multi-player generative adversarial networks (GANs): an ensemble-based deep learning architecture. Neural Comput Applic 35:12545–12563
Man J, Dong H, Gao J, Zhang J, Jia L, Qin Y (2022) GA-GRGAT: a novel deep learning model for high-speed train axle temperature long term forecasting. Expert Syst Appl 202:117033
Han Y, Wang L, Wang Y, Geng Z (2024) Intelligent Small Sample defect detection of concrete surface using Novel Deep Learning integrating improved YOLOv5. IEEE/CAA J Automatica Sinica 11:545–547
Huang Z, Xiang Y (2024) Conditional generative adversarial network for intrusion detection system based on deep learning. 2024 16th International Conference on Computer and Automation Engineering (ICCAE), pp 237–241
Ma W, Liu R, Guo J (2023) LDoS attack traffic detection based on feature optimization extraction and DPSA-WGAN. Appl Intell 53:13924–13955
Saputra D, Gaol F, Abdurachman E, Sensuse DI, Matsuo T (2023) Architectural model and modified long range wide area network (LoRaWAN) for boat traffic monitoring and transport detection systems in shallow waters. Emerg Sci J 7:1188–1205
Zhang X, Shi S, Sun H, Chen D, Wang G, Wu K (2024) ACVAE: a novel self-adversarial variational auto-encoder combined with contrast learning for time series anomaly detection. Neural Netw 171:383–395
Han Y, Wang Y, Chen Z, Lu Y, Hu X, Chen L, Geng Z (2024) Multiscale variational autoencoder regressor for production prediction and energy saving of industrial processes. Chem Eng Sci 284:119529
Ullah W, Hussain T, Ullah FUM, Lee MY, Baik SW (2023) TransCNN: Hybrid CNN and transformer mechanism for surveillance anomaly detection. Eng Appl Artif Intell 123:106173
Sapre S, Islam K, Ahmadi P (2021) A comprehensive data sampling analysis applied to the classification of rare IoT network intrusion types. 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), pp 1–2
Acknowledgements
This research is supported by the National Natural Science Foundation of China in China (62273025 and 62373035), and the Opening Fund of the State Key Laboratory of Public Big Data jointly built by the Province and Ministry, China (Guizhou Branch [2022]416).
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
Ethical and informed consent for data used
The study was conducted in accordance with ethical standards and all individuals involved in the study had obtained informed consent to participate voluntarily in the study. All individuals involved in the study were clear about the purpose for which the data were collected, used and processed, and the data were used in accordance with all relevant ethical guidelines and regulations.
Competing interests
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Geng, Z., Li, X., Ma, B. et al. Improved convolution neural network integrating attention based deep sparse auto encoder for network intrusion detection. Appl Intell 55, 141 (2025). https://doi.org/10.1007/s10489-024-05872-6
Accepted:
Published:
DOI: https://doi.org/10.1007/s10489-024-05872-6