Go to DBLP homepageAn Autoencoder-Based Hybrid Detection Model for Intrusion Detection With Small-Sample Problem
Abstract: Cyber-attacks have become more frequent, targeted, and complex as the exponential growth in computer networks and the development of Internet of Things (IoT). Network intrusion detection system (NIDS) is an important and essential tool to protect network environments. However, the low performance of a NIDS against small malicious samples has seriously threatened the security of networks, thus directly leading to the loss of personal property and national interests. Given this, we propose an auto encoder-based hybrid detection model, abbreviated as AHDM, for the intrusion detection with small-sample problem. AHDM has a dual classifier framework. It trains first neural network based on the encoding features obtained from the autoencoder feature enhancement algorithm to detect small-sample malicious traffic. It trains second neural network using the original features to detect normal traffic and large-sample malicious traffic. The final detection result of malicious traffic is obtained by combining the detection results of the two neural networks. In experiments, we use three classic datasets (KDD CUP 99, CIC-IDS-2017, and IOT-23) and simulate the malicious traffic detection targeting extremely small-sample malicious traffic. The results show that AHDM has a higher detection rate for small-sample malicious traffic compared to the advanced detection models (DNN and ACID). In the IOT-23 dataset, the AHDM model shows an absolute advantage in detecting DDoS type of malicious traffic, with a detection rate of 0.71, which is much higher than the DNN (0.14) and ACID (0.14) models.
External IDs:dblp:journals/tnsm/WeiYTRYSL24
Loading