Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning

Abdel‐Khalek, Ahmed M.; Mashaly, Maggie

doi:10.1007/s11227-023-05073-x

Cited by 37 publications

(17 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The writers of [33] also recommended a CNN in order to reach 93.2%. In order to attain an accuracy of 87.25, the authors in [34] recommended use a CNN. This work addresses the issue of class imbalance by presenting a number of deep learning models and a data resampling method based on the tomek links and ADASYN algorithms.…”

mentioning

confidence: 99%

RETRACTED: Enhancing Multi-Class Intrusion Detection through Hybrid Auto Encoder-Deep Neural Network Classifiers: A Comprehensive Analysis of Class Imbalance Mitigation Strategies Using Data Resampling Techniques

Kamal,

Mashaly

2024

Preprint

View full text Add to dashboard Cite

Network and cloud environments must be fortified against a dynamic array of threats, and intrusion detection systems (IDSs) are critical tools for identifying and foiling hostile efforts. Systems for detecting intrusions, classified as anomaly-based or signature-based, have added deep learning models to their repertoire. A significant change has occurred in these systems recently. For the popular anomaly-based intrusion detection system (IDS), which leverages machine learning, attack detection accuracy has shown to be outstanding. We demonstrate with our proposed method that deep learning has enabled unprecedented success in identifying known and unknown threats within cloud systems. However, the intrusion detection benchmark datasets contain more regular traffic samples than attack samples, attempting to replicate real-network traffic. It becomes more challenging for the IDS to recognize specific kinds of attacks as a result, leading to an imbalance in the training data. Our problems thus stem from two factors: unbalanced training data and new, unidentified threats. For an efficient multi-class intrusion detection system, we offer in this paper a hybrid auto encoder-deep neural network (Auto Encoder-DNN) deep learning model that leverages data resampling adaptive synthetic (ADASYN), edited nearest neighbors (ENN) and class weights to get over class imbalance. This advanced technique, Auto Encoder-DNN, focuses on three primary objectives to increase accuracy and performance: 1) lowering the frequencies of false positives and negatives; 2) allowing real-time intrusion detection on fast networks; and 3) detecting zero-day attacks. We evaluate our proposed model Auto Encoder-DNN using the benchmark dataset NSL-KDD, utilizing metrics like as accuracy, precision, recall, and F-score. With an astounding 99.91% accuracy in multi-class classification, the test results show how successful our method is. This proves our IDS's enhanced capacity to defend cloud settings against intrusions by outperforming existing models.

show abstract

mentioning

confidence: 99%

RETRACTED: Enhancing Multi-Class Intrusion Detection through Hybrid Auto Encoder-Deep Neural Network Classifiers: A Comprehensive Analysis of Class Imbalance Mitigation Strategies Using Data Resampling Techniques

Kamal,

Mashaly

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…The investigation proposed in [37] extends the analysis using other techniques such as adaptive synthetic (ADASYN), Tomek-Link (T-Link), and T-Link with ADASYN combined with DL models, such as MLP, CNN, and a combination between a CNN and a particular type of recurrent neural network (RNN), that is, a BiLSTM. Furthermore, the evaluation of sampling techniques is extended, considering the combination between random undersampling (RUS) and random oversampling (ROS).…”

Section: Handle Class Imbalance In Web Phishing Classificationmentioning

confidence: 74%

Unbalanced Web Phishing Classification through Deep Reinforcement Learning

Maci,

Santorsola,

Coscia

et al. 2023

Computers

View full text Add to dashboard Cite

Web phishing is a form of cybercrime aimed at tricking people into visiting malicious URLs to exfiltrate sensitive data. Since the structure of a malicious URL evolves over time, phishing detection mechanisms that can adapt to such variations are paramount. Furthermore, web phishing detection is an unbalanced classification task, as legitimate URLs outnumber malicious ones in real-life cases. Deep learning (DL) has emerged as a promising technique to minimize concept drift to enhance web phishing detection. Deep reinforcement learning (DRL) combines DL with reinforcement learning (RL); that is, a sequential decision-making paradigm in which the problem to be addressed is expressed as a Markov decision process (MDP). Recent studies have proposed an ad hoc MDP formulation to tackle unbalanced classification tasks called the imbalanced classification Markov decision process (ICMDP). In this paper, we exploit the ICMDP to present a double deep Q-Network (DDQN)-based classifier to address the unbalanced web phishing classification problem. The proposed algorithm is evaluated on a Mendeley web phishing dataset, from which three different data imbalance scenarios are generated. Despite a significant training time, it results in better geometric mean, index of balanced accuracy, F1 score, and area under the ROC curve than other DL-based classifiers combined with data-level sampling techniques in all test cases.

show abstract

“…D. Musleh et al [18] innovatively applied feature extraction techniques using VGG-16 and DenseNet on intrusion datasets and, through the employment of ML models such as Random Forest, K-Nearest Neighbors, and Support Vector Machine (SVM), achieved an accuracy of 92.40%. Other notable IDSs, including those developed by G. Logeswari et al [19], J. O. Mebawondu et al [20], and A. Abdelkhalek et al [21], have reported accuracies of 82.20%, 76.96%, and 83.50%, respectively. Moreover, the Secured Automatic Two-level Intrusion Detection System (SATIDS) introduced by A. R. Elsayed et al [22] showcases a remarkable accuracy of 96.56%.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Notably, G. Logeswari et al[19], and J. O. Mebawondu et al[20] presented systems with significantly lower overall performance metrics, highlighting the advanced capabilities of Deep-IDS in handling various intrusion types effectively. A. R. Elsayed et al[21] and P. Kumar et al[23] also proposed systems with high accuracy rates of 96.56% and 97.45%, respectively, but neither matched the balanced performance across all metrics achieved by Deep-IDS. This comparison underscores the robustness and efficiency of Deep-IDS in…”

mentioning

confidence: 99%

Deep-IDS: A Real-Time Intrusion Detector for IoT Nodes Using Deep Learning

Racherla,

Sripathi,

Faruqui

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The Internet of Things (IoT) represents a swiftly expanding sector that is pivotal in driving the innovation of today's smart services. However, the inherent resource-constrained nature of IoT nodes poses significant challenges in embedding advanced algorithms for cybersecurity, leading to an escalation in cyberattacks against these nodes. Contemporary research in Intrusion Detection Systems (IDS) predominantly focuses on enhancing IDS performance through sophisticated algorithms, often overlooking their practical applicability. This paper introduces Deep-IDS, an innovative and practically deployable Deep Learning (DL)-based IDS. It employs a Long-Short-Term-Memory (LSTM) network comprising 64 LSTM units and is trained on the CIC-IDS2017 dataset. Its streamlined architecture renders Deep-IDS an ideal candidate for edge-server deployment, acting as a guardian between IoT nodes and the Internet against Denial of Service (DoS), Distributed Denial of Service (DDoS), Brute Force (BRF), Man-in-the-Middle (MITM), and Replay (RP) Attacks. A distinctive aspect of this research is the trade-off analysis between the intrusion detection rate and the false alarm rate, facilitating the real-time performance of the Deep-IDS. The system demonstrates an exemplary detection rate of 96.8% and an overall classification accuracy of 97.67%. Furthermore, Deep-IDS achieves precision, recall, and F1-scores of 97.67%, 98.17%, and 97.91%, respectively. On average, Deep-IDS requires 1.49 seconds to identify and mitigate intrusion attempts, effectively blocking malicious traffic sources. The remarkable efficacy, swift response time, innovative design, and novel defense strategy of Deep-IDS not only secure IoT nodes but also their interconnected subnetworks, thereby positioning Deep-IDS as a leading intrusion detection system for IoT-enhanced computer networks.

show abstract

Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning

Cited by 37 publications

References 50 publications

RETRACTED: Enhancing Multi-Class Intrusion Detection through Hybrid Auto Encoder-Deep Neural Network Classifiers: A Comprehensive Analysis of Class Imbalance Mitigation Strategies Using Data Resampling Techniques

RETRACTED: Enhancing Multi-Class Intrusion Detection through Hybrid Auto Encoder-Deep Neural Network Classifiers: A Comprehensive Analysis of Class Imbalance Mitigation Strategies Using Data Resampling Techniques

Unbalanced Web Phishing Classification through Deep Reinforcement Learning

Deep-IDS: A Real-Time Intrusion Detector for IoT Nodes Using Deep Learning

Contact Info

Product

Resources

About