Deep metric learning based approach for network intrusion detection
Abstract Today, intrusion detection systems are the way to defend network intrusion flows. In this paper, to categorize network traffic data, we proposed a novel method for detecting network intrusions. It builds intrusion detection models using a deep metric learning (DML) strategy that incorporate...
| Published in: | Journal of Physics: Conference Series |
|---|---|
| Main Authors: | , , , , |
| Format: | Article in Journal/Newspaper |
| Language: | unknown |
| Published: |
IOP Publishing
2023
|
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037/pdf |
| id |
crioppubl:10.1088/1742-6596/2504/1/012037 |
|---|---|
| record_format |
openpolar |
| spelling |
crioppubl:10.1088/1742-6596/2504/1/012037 2024-06-02T08:05:49+00:00 Deep metric learning based approach for network intrusion detection Fu, Xingbing Zhang, Xuewen Fu, Jianfeng Wu, Bingjin Zhang, Jianwu 2023 http://dx.doi.org/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037/pdf unknown IOP Publishing http://creativecommons.org/licenses/by/3.0/ https://iopscience.iop.org/info/page/text-and-data-mining Journal of Physics: Conference Series volume 2504, issue 1, page 012037 ISSN 1742-6588 1742-6596 journal-article 2023 crioppubl https://doi.org/10.1088/1742-6596/2504/1/012037 2024-05-07T13:56:49Z Abstract Today, intrusion detection systems are the way to defend network intrusion flows. In this paper, to categorize network traffic data, we proposed a novel method for detecting network intrusions. It builds intrusion detection models using a deep metric learning (DML) strategy that incorporates two multi-scale convolutional neural networks (MSCNN) and a Triplet network. During the phase of training MSCNN networks, the network traffic data are divided into attack network traffic data and normal data, and we train two distinct MSCNN networks on the basis of these two datasets. To determine the distance between the network traffic data, a Triplet network is trained to learn a mapping space which preserves the relationships of attacks and normal network flows. Soft-margin triplet loss is used as a loss function to train the Triplet network. In the prediction stage, each new flow passes through two MSCNN networks, which reconstruct the network flows, and then the Triplet network measures the distance between the network flow and the reconstructed flow. To verify the model’s advantages in intrusion detection, we compare the performance of the MSCNN+Triplet network, the CNN+LSTM, and the shallow neural network. Experimental results reveal the proposed scheme has superior detection performance compared to other intrusion detection schemes. The code will be available at https://gitee.com/wbsk/mscnn_triplet/tree/master/. Article in Journal/Newspaper DML IOP Publishing Journal of Physics: Conference Series 2504 1 012037 |
| institution |
Open Polar |
| collection |
IOP Publishing |
| op_collection_id |
crioppubl |
| language |
unknown |
| description |
Abstract Today, intrusion detection systems are the way to defend network intrusion flows. In this paper, to categorize network traffic data, we proposed a novel method for detecting network intrusions. It builds intrusion detection models using a deep metric learning (DML) strategy that incorporates two multi-scale convolutional neural networks (MSCNN) and a Triplet network. During the phase of training MSCNN networks, the network traffic data are divided into attack network traffic data and normal data, and we train two distinct MSCNN networks on the basis of these two datasets. To determine the distance between the network traffic data, a Triplet network is trained to learn a mapping space which preserves the relationships of attacks and normal network flows. Soft-margin triplet loss is used as a loss function to train the Triplet network. In the prediction stage, each new flow passes through two MSCNN networks, which reconstruct the network flows, and then the Triplet network measures the distance between the network flow and the reconstructed flow. To verify the model’s advantages in intrusion detection, we compare the performance of the MSCNN+Triplet network, the CNN+LSTM, and the shallow neural network. Experimental results reveal the proposed scheme has superior detection performance compared to other intrusion detection schemes. The code will be available at https://gitee.com/wbsk/mscnn_triplet/tree/master/. |
| format |
Article in Journal/Newspaper |
| author |
Fu, Xingbing Zhang, Xuewen Fu, Jianfeng Wu, Bingjin Zhang, Jianwu |
| spellingShingle |
Fu, Xingbing Zhang, Xuewen Fu, Jianfeng Wu, Bingjin Zhang, Jianwu Deep metric learning based approach for network intrusion detection |
| author_facet |
Fu, Xingbing Zhang, Xuewen Fu, Jianfeng Wu, Bingjin Zhang, Jianwu |
| author_sort |
Fu, Xingbing |
| title |
Deep metric learning based approach for network intrusion detection |
| title_short |
Deep metric learning based approach for network intrusion detection |
| title_full |
Deep metric learning based approach for network intrusion detection |
| title_fullStr |
Deep metric learning based approach for network intrusion detection |
| title_full_unstemmed |
Deep metric learning based approach for network intrusion detection |
| title_sort |
deep metric learning based approach for network intrusion detection |
| publisher |
IOP Publishing |
| publishDate |
2023 |
| url |
http://dx.doi.org/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037 https://iopscience.iop.org/article/10.1088/1742-6596/2504/1/012037/pdf |
| genre |
DML |
| genre_facet |
DML |
| op_source |
Journal of Physics: Conference Series volume 2504, issue 1, page 012037 ISSN 1742-6588 1742-6596 |
| op_rights |
http://creativecommons.org/licenses/by/3.0/ https://iopscience.iop.org/info/page/text-and-data-mining |
| op_doi |
https://doi.org/10.1088/1742-6596/2504/1/012037 |
| container_title |
Journal of Physics: Conference Series |
| container_volume |
2504 |
| container_issue |
1 |
| container_start_page |
012037 |
| _version_ |
1800750698423386112 |