ILIDViz: An Incremental Learning-Based Visual Analysis System for Network Anomaly Detection

Q1 Computer Science Virtual Reality Intelligent Hardware Pub Date : 2023-12-01 DOI:10.1016/j.vrih.2023.06.009

Xuefei Tian, Zhiyuan Wu, JunXiang Cao, Shengtao Chen, Xiaoju Dong

{"title":"ILIDViz: An Incremental Learning-Based Visual Analysis System for Network Anomaly Detection","authors":"Xuefei Tian, Zhiyuan Wu, JunXiang Cao, Shengtao Chen, Xiaoju Dong","doi":"10.1016/j.vrih.2023.06.009","DOIUrl":null,"url":null,"abstract":"<div><h3>Background</h3><p>With the development of information technology, network traffic logs mixed with various kinds of cyber-attacks have grown explosively. Traditional intrusion detection systems (IDS) have limited ability to discover new inconstant patterns and identify malicious traffic traces in real-time. It is urgent to implement more effective intrusion detection technologies to protect computer security.</p></div><div><h3>Methods</h3><p>In this paper, we design a hybrid IDS, combining our incremental learning model (KAN-SOINN) and active learning, to learn new log patterns and detect various network anomalies in real-time.</p></div><div><h3>Results & Conclusions</h3><p>The experimental results on the NSLKDD dataset show that the KAN-SOINN can be improved continuously and detect malicious logs more effectively. Meanwhile, the comparative experiments prove that using a hybrid query strategy in active learning can improve the model learning efficiency.</p></div>","PeriodicalId":33538,"journal":{"name":"Virtual Reality Intelligent Hardware","volume":"5 6","pages":"Pages 471-489"},"PeriodicalIF":0.0000,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2096579623000372/pdf?md5=4b6332c477d34f662bbd8d1f6d5110ea&pid=1-s2.0-S2096579623000372-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Virtual Reality Intelligent Hardware","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2096579623000372","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

Background

With the development of information technology, network traffic logs mixed with various kinds of cyber-attacks have grown explosively. Traditional intrusion detection systems (IDS) have limited ability to discover new inconstant patterns and identify malicious traffic traces in real-time. It is urgent to implement more effective intrusion detection technologies to protect computer security.

Methods

In this paper, we design a hybrid IDS, combining our incremental learning model (KAN-SOINN) and active learning, to learn new log patterns and detect various network anomalies in real-time.

Results & Conclusions

The experimental results on the NSLKDD dataset show that the KAN-SOINN can be improved continuously and detect malicious logs more effectively. Meanwhile, the comparative experiments prove that using a hybrid query strategy in active learning can improve the model learning efficiency.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ILIDViz：基于增量学习的网络异常检测可视分析系统

背景随着信息技术的发展，混杂着各种网络攻击的网络流量日志呈爆炸式增长。传统的入侵检测系统（IDS）发现新的不稳定模式和实时识别恶意流量痕迹的能力有限。方法本文设计了一种混合 IDS，将增量学习模型（KAN-SOINN）和主动学习相结合，学习新的日志模式，实时检测各种网络异常情况。结果& 结论在 NSLKDD 数据集上的实验结果表明，KAN-SOINN 可以不断改进，更有效地检测恶意日志。同时，对比实验证明，在主动学习中使用混合查询策略可以提高模型学习效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊