A multiscale approach for network intrusion detection based on variance–covariance subspace distance and EQL v2

As an important network defense approach, network intrusion detection is mainly used to identify anomaly traffic behavior. However, dominant network intrusion detection approaches are now struggling to identify the complex and variable means of attack, leading to high false alarm rate. Additionally, the feature redundancy and class imbalance problem in the intrusion detection dataset also constrain the performance of detection methods. This paper proposes a multiscale intrusion detection approach based on variance–covariance subspace distance and Equalization Loss v2 (EQL v2). Firstly, the variance–covariance subspace distance is used for feature selection on the preprocessed dataset to determine a set of representative feature subsets that can effectively approximate the original feature space. Secondly, the loss function, EQL v2, is adopted to balance the positive and negative gradients, addressing the class imbalance problem. Finally, a pyramid depthwise separable convolution model is proposed to capture the multiscale information of the traffic, and the convolutional layer in the depthwise convolution is replaced with self-supervised predictive convolutional attention block to compensate for the performance loss caused by the parameter reduction. Extensive experiments demonstrated that the proposed approach exhibits better performance on the three datasets of NSL-KDD, UNSW_NB15, and CIC-IDS-2017, with accuracy rates of 99.19%, 97.81%, and 99.83%, respectively, effectively improve the intrusion detection performance.