Deep metric learning based approach for network intrusion detection
Abstract Today, intrusion detection systems are the way to defend network intrusion flows. In this paper, to categorize network traffic data, we proposed a novel method for detecting network intrusions. It builds intrusion detection models using a deep metric learning (DML) strategy that incorporate...
| Published in: | Journal of Physics: Conference Series |
|---|---|
| Main Authors: | , , , , |
| Format: | Article in Journal/Newspaper |
| Language: | unknown |
| Published: |
IOP Publishing
2023
|
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037/pdf |
| Summary: | Abstract Today, intrusion detection systems are the way to defend network intrusion flows. In this paper, to categorize network traffic data, we proposed a novel method for detecting network intrusions. It builds intrusion detection models using a deep metric learning (DML) strategy that incorporates two multi-scale convolutional neural networks (MSCNN) and a Triplet network. During the phase of training MSCNN networks, the network traffic data are divided into attack network traffic data and normal data, and we train two distinct MSCNN networks on the basis of these two datasets. To determine the distance between the network traffic data, a Triplet network is trained to learn a mapping space which preserves the relationships of attacks and normal network flows. Soft-margin triplet loss is used as a loss function to train the Triplet network. In the prediction stage, each new flow passes through two MSCNN networks, which reconstruct the network flows, and then the Triplet network measures the distance between the network flow and the reconstructed flow. To verify the model’s advantages in intrusion detection, we compare the performance of the MSCNN+Triplet network, the CNN+LSTM, and the shallow neural network. Experimental results reveal the proposed scheme has superior detection performance compared to other intrusion detection schemes. The code will be available at https://gitee.com/wbsk/mscnn_triplet/tree/master/. |
|---|