{"title":"Dynamic multi-scale topological representation for enhancing network intrusion detection","authors":"Meihui Zhong, Mingwei Lin, Zhu He","doi":"10.1016/j.cose.2023.103516","DOIUrl":null,"url":null,"abstract":"<div><p>Network intrusion detection systems<span> (NIDS) play a crucial role in maintaining network security<span><span>. However, current NIDS techniques tend to neglect the topological structures<span> of network traffic to varying degrees. This fundamental oversight leads to challenges in handling class-imbalanced and highly dynamic network traffic. In this paper, we propose a novel dynamic multi-scale topological representation (DMTR) method for improving network intrusion detection performance. Our DMTR method achieves the perception of multi-scale topology and exhibits strong robustness. It provides accurate and stable representations even in the presence of data distribution shifts and </span></span>class imbalance problems. The multi-scale topology is obtained through multiple topology lenses, which reveal topological structures from different dimensional aspects. Furthermore, to address the limitations of existing detection models based on static network traffic, the DMTR method also achieves dynamic topological representation through our proposed group shuffle operation (GSO) strategy. When new traffic data arrives, the topological representation is updated by preserving a portion of the original information without reprocessing all data. Experiments on four publicly available network traffic datasets demonstrate the feasibility and effectiveness of the proposed DMTR method in handling class imbalanced and highly dynamic network traffic.</span></span></p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"135 ","pages":"Article 103516"},"PeriodicalIF":4.8000,"publicationDate":"2023-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404823004261","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Network intrusion detection systems (NIDS) play a crucial role in maintaining network security. However, current NIDS techniques tend to neglect the topological structures of network traffic to varying degrees. This fundamental oversight leads to challenges in handling class-imbalanced and highly dynamic network traffic. In this paper, we propose a novel dynamic multi-scale topological representation (DMTR) method for improving network intrusion detection performance. Our DMTR method achieves the perception of multi-scale topology and exhibits strong robustness. It provides accurate and stable representations even in the presence of data distribution shifts and class imbalance problems. The multi-scale topology is obtained through multiple topology lenses, which reveal topological structures from different dimensional aspects. Furthermore, to address the limitations of existing detection models based on static network traffic, the DMTR method also achieves dynamic topological representation through our proposed group shuffle operation (GSO) strategy. When new traffic data arrives, the topological representation is updated by preserving a portion of the original information without reprocessing all data. Experiments on four publicly available network traffic datasets demonstrate the feasibility and effectiveness of the proposed DMTR method in handling class imbalanced and highly dynamic network traffic.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.