Skip to main content

Advertisement

Improved convolution neural network integrating attention based deep sparse auto encoder for network intrusion detection

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Network intrusion detection (NID) is seen as a pivotal technology in the network security which can detect malicious threats occurring in the network and lend stabilized services for expanding the network environments. However, Network-based Intrusion Detection Systems (NIDSs) are not sensitive to infrequent intrusions features and tend to have high misjudgment rate on imbalanced datasets, which lead to obvious defects for detecting minority classes of intrusion. Therefore, a novel neoteric NID methodology predicated upon an optimized convolutional neural network (CNN) integrating Attention based Deep Sparse Auto Encoder (ADSAE) (ADSAE-CNN) is put forward. The data expanding method based on the ADSAE model integrates attention mechanisms with deep stacked autoencoders to expand intrusion records of minority classes in data preprocessing, so as to balance the data distribution of intrusion detection datasets, improve the sensitivity of the detection model to the intrusion of few categories, and enhance the monitoring of the intrusion by the system. Meanwhile, the ADSAE can encode and transform the intrusion data to ameliorate the feature extraction capability of convolutional layers of the proposed ADSAE-CNN for detecting and classifying different intrusions classes. Finally, the ADSAE-CNN methodology is devoted to the network intrusion detection of two experiments on UNSW-NB15 and CSE-CIC-IDS2018 datasets and achieves the total precision of detection 89.1% on UNSW-NB15 and 94.20% on CSE-CIC-IDS2018, which can lead to considerably elevate the detection rate of minority intrusions and means significant effectiveness on multi-class network intrusion detections.

Graphical Abstract

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Data availability

The data that support the findings of this study are available from corresponding authors Mengzhi Wang, Bo Ma and Yongming Han, upon reasonable request.

Abbreviations

DDOS :

Distributed denial of service

NIDS :

Network Intrusion Detection System

CNN :

Convolutional neural network

ADSAE :

Attention based Deep Sparse Auto Encoder

SVM :

Support Vector Machine

ELM :

Extreme Learning Machine

BP-NN :

Back Propagation neural network

LSTM :

Long Short-Term Memory neural network

NID :

Network Intrusion Detection

PSO :

Particle Swarm Optimization

DBN :

Deep Belief Network

CSI :

Channel State Information

SMOTE :

Synthetic Minority Oversampling Technique

GAN :

Generative Adversarial Network

WGAN :

Wasserstein Generative Adversarial Network

AE :

Autoencoder

DAE :

Deep Autoencoder

KL :

Kullback-Leible divergence

RBM :

Restricted Boltzmann Machine

MSE :

Mean Squared Error

MAE :

Mean Absolute Error

CE :

Cross Entropy

Bot :

Botnet

E :

Euclidean distance

Q :

Query vector

K :

Key vector

V :

Value vector

W :

signifies the weights of matrix in code layer.

b :

signifies the vector of biases for the encoder in code layer.

σ :

denotes the activation function.

ρ :

represents the expected average activation level.

ρ ̂:

represents the effective average activation level of neurons within the 

intermediate layer.

λ :

represents the weight of the sparsity constraint.

Q(x) :

represents the Q vector.

K(x) :

represents the K vector.

V(x) :

represents the V vector.

𝑑𝑘 :

represent the dimension of the K vector.

x :

pertains to the actual label vector.

y :

pertains to the predicted label vector.

Ci :

represent the amount of class i.

xi :

depict the data entry in the dataset.

yi :

represents the original data.

zi :

represents the reconstruct data.

n :

represents the amount of data.

References

  1. Tsvetanov T, Slaria S (2021) The effect of the Colonial Pipeline shutdown on gasoline prices. Econ Lett 209:110122

    Article  MATH  Google Scholar 

  2. Ratul C, Sen S, Goswami A, Purkait S, Saha B (2023) An implementation of bi-phase network intrusion detection system by using real-time traffic analysis. Expert Syst Appl 224:119831

    Article  MATH  Google Scholar 

  3. Sayeed MS, Abdulrahim H, Razak SFA, Bukar UA, Yogarayan S (2023) IoT raspberry pi based smart parking system with weighted K-Nearest neighbours Approach. Civil Eng J 9:1991–2011

    Article  Google Scholar 

  4. Yang J, Chen X, Chen S, Jiang X, Tan X (2021) Conditional Variational Auto-Encoder and Extreme Value Theory aided two-stage Learning Approach for Intelligent Fine-Grained Known/Unknown intrusion detection. IEEE Trans Inf Forensics Secur 16:3538–3553

    Article  MATH  Google Scholar 

  5. Nguyen H, Kashef R (2023) TS-IDS: traffic-aware self-supervised learning for IoT Network Intrusion Detection. Knowl Based Syst 279:110966

    Article  MATH  Google Scholar 

  6. Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IoT intrusion detection. Knowl Based Syst 279:110941

    Article  MATH  Google Scholar 

  7. Thaseen S, Cherukuri AK (2017) Intrusion detection model using fusion of chi-square feature selection and multi class SVM. J King Saud Univ - Comput Inform Sci 29:462–472

    MATH  Google Scholar 

  8. Song Y, Wang X (2022) Network Intrusion Detection Scheme Based on IPSO-SVM Algorithm. 2022 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC): 1011–1014

  9. Binbusayyis A, Vaiyapuri T (2021) Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and one-class SVM. Appl Intell 51:7094–7108

    Article  MATH  Google Scholar 

  10. Zhang J, Chen R, Zhang Y, Han W, Gu Z, Yang S, Fu Y (2024) MF2POSE: multi-task feature Fusion Pseudo-siamese Network for intrusion detection using category-distance Promotion loss. Knowl Based Syst 283:111110

    Article  Google Scholar 

  11. Shams EA, Rizaner A, Ulusoy AH (2021) A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems. Neural Comput Appl 33:13647–13665

    Article  MATH  Google Scholar 

  12. Raman MRG, Somu N, Kirthivasan K, Sriram VSS (2017) A hypergraph and arithmetic residue-based Probabilistic Neural Network for classification in Intrusion Detection systems. Neural Netw 92:89–97

    Article  MATH  Google Scholar 

  13. Liang D, Pan P (2019) Research on Intrusion Detection Based on Improved DBN-ELM. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE), pp 495–499

  14. Chen H, Liu Y, Zhao J, Liu X (2021) Research on intrusion detection based on BP neural network. 2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE), pp 79–82

  15. Liu T, Yao J, Sun Q (2020) Intrusion detection algorithm of EPSO combined with BP neural network. 2020 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp 893–896

  16. Diaba SY, Anafo T, Tetteh LA, Oyibo MA, Alola AA, Miadreza S, Elmusrati M (2023) SCADA securing system using deep learning to prevent cyber infiltration. Neural Netw 165:321–332

    Article  Google Scholar 

  17. Yang A, Zhuansun Y, Liu C, Li J, Zhang C (2019) Design of intrusion detection system for internet of things based on improved BP neural network. IEEE Access 7:106043–106052

    Article  MATH  Google Scholar 

  18. Althobaiti MM, Kumar KPM, Gupta D, Kumar S, Mansour RF (2021) An intelligent cognitive computing based intrusion detection for industrial cyber-physical systems. Measurement 186:110145

    Article  MATH  Google Scholar 

  19. Chen S, Li W, Liu J, Jin H, Yin X (2021) Network intrusion detection based on subspace clustering and bp neural network. 2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), pp 65–70

  20. Subhash VP, Sutar SR (2022) Remora whale optimization-based hybrid deep learning for network intrusion detection using CNN features. Expert Syst Appl 210:118476

    Article  MATH  Google Scholar 

  21. Lin X, Tang Y, Tianfield H, Qian F, Zhong W (2019) A novel approach to reconstruction based saliency detection via convolutional neural network stacked with auto-encoder. Neurocomputing 349:145–155

    Article  Google Scholar 

  22. Wang H, Cao Z, Hong B (2020) A network intrusion detection system based on convolutional neural network. J Int Fuzzy Syst 38:7623–7637

    MATH  Google Scholar 

  23. Ahmad W, Almaiah MA, Ali A, Mohmood AAS (2024) Deep learning based network intrusion detection for unmanned aerial vehicle (UAV). 2024 7th World Conference on Computing and Communication Technologies (WCCCT), pp 31–36

  24. Ma T, Hu F, Ma M (2021) A LSTM-based channel fingerprinting method for intrusion detection. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp 113–116

  25. Hao W, Yang T, Yang Q (2023) Hybrid statistical-machine learning for real-time anomaly detection in Industrial Cyber–Physical systems. IEEE Trans Autom Sci Eng 20:32–46

    Article  MATH  Google Scholar 

  26. Huang H, Zhao G, Bo Y, Yu J, Liang L, Yang Y, Ou K (2023) Railway intrusion detection based on refined spatial and temporal features for UAV surveillance scene. Measurement 211:112602

    Article  Google Scholar 

  27. Xu Z, Li C, Yang Y (2021) Fault diagnosis of rolling bearings using an improved multi-scale convolutional neural network with feature attention mechanism. ISA Trans 110:379–393

    Article  MATH  Google Scholar 

  28. Jiang F, Fu Y, Gupta BB, Liang Y, Rho S, Lou F, Meng F, Tian Z (2020) Deep learning based multi-channel intelligent attack detection for data security. IEEE Trans Sustain Comput 5:204–212

    Article  Google Scholar 

  29. Xiao B, Xu W, Guo J, Lam HK, Jia G, Hong W, Ren H (2020) Depth estimation of hard inclusions in soft tissue by Autonomous Robotic Palpation using deep recurrent neural network. IEEE Trans Autom Sci Eng 17:1791–1799

    Article  Google Scholar 

  30. Lee J, Pak J, Lee M (2020) Network Intrusion detection system using feature extraction based on deep sparse autoencoder. 2020 International Conference on Information and Communication Technology Convergence (ICTC), pp 1282–1287

  31. Wang D, Wang X, Fei J (2024) IDS-GAN: adversarial attack against intrusion detection based on generative adversarial networks. 2024 5th International Conference on Computer Vision, Image and Deep Learning (CVIDL), pp 1130–1134

  32. Soleymanzadeh R, Kashef R (2023) Efficient intrusion detection using multi-player generative adversarial networks (GANs): an ensemble-based deep learning architecture. Neural Comput Applic 35:12545–12563

    Article  MATH  Google Scholar 

  33. Man J, Dong H, Gao J, Zhang J, Jia L, Qin Y (2022) GA-GRGAT: a novel deep learning model for high-speed train axle temperature long term forecasting. Expert Syst Appl 202:117033

    Article  Google Scholar 

  34. Han Y, Wang L, Wang Y, Geng Z (2024) Intelligent Small Sample defect detection of concrete surface using Novel Deep Learning integrating improved YOLOv5. IEEE/CAA J Automatica Sinica 11:545–547

    Article  MATH  Google Scholar 

  35. Huang Z, Xiang Y (2024) Conditional generative adversarial network for intrusion detection system based on deep learning. 2024 16th International Conference on Computer and Automation Engineering (ICCAE), pp 237–241

  36. Ma W, Liu R, Guo J (2023) LDoS attack traffic detection based on feature optimization extraction and DPSA-WGAN. Appl Intell 53:13924–13955

    Article  Google Scholar 

  37. Saputra D, Gaol F, Abdurachman E, Sensuse DI, Matsuo T (2023) Architectural model and modified long range wide area network (LoRaWAN) for boat traffic monitoring and transport detection systems in shallow waters. Emerg Sci J 7:1188–1205

    Article  Google Scholar 

  38. Zhang X, Shi S, Sun H, Chen D, Wang G, Wu K (2024) ACVAE: a novel self-adversarial variational auto-encoder combined with contrast learning for time series anomaly detection. Neural Netw 171:383–395

    Article  Google Scholar 

  39. Han Y, Wang Y, Chen Z, Lu Y, Hu X, Chen L, Geng Z (2024) Multiscale variational autoencoder regressor for production prediction and energy saving of industrial processes. Chem Eng Sci 284:119529

    Article  MATH  Google Scholar 

  40. Ullah W, Hussain T, Ullah FUM, Lee MY, Baik SW (2023) TransCNN: Hybrid CNN and transformer mechanism for surveillance anomaly detection. Eng Appl Artif Intell 123:106173

    Article  MATH  Google Scholar 

  41. Sapre S, Islam K, Ahmadi P (2021) A comprehensive data sampling analysis applied to the classification of rare IoT network intrusion types. 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), pp 1–2

Download references

Acknowledgements

This research is supported by the National Natural Science Foundation of China in China (62273025 and 62373035), and the Opening Fund of the State Key Laboratory of Public Big Data jointly built by the Province and Ministry, China (Guizhou Branch [2022]416).

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Bo Ma or Yongming Han.

Ethics declarations

Ethical and informed consent for data used

The study was conducted in accordance with ethical standards and all individuals involved in the study had obtained informed consent to participate voluntarily in the study. All individuals involved in the study were clear about the purpose for which the data were collected, used and processed, and the data were used in accordance with all relevant ethical guidelines and regulations.

Competing interests

The authors have no competing interests to declare that are relevant to the content of this article.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Geng, Z., Li, X., Ma, B. et al. Improved convolution neural network integrating attention based deep sparse auto encoder for network intrusion detection. Appl Intell 55, 141 (2025). https://doi.org/10.1007/s10489-024-05872-6

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10489-024-05872-6

Keywords