Network Intrusion Detection Model Based on Improved BYOL Self-Supervised Learning

Wang, Zhendong; Li, Zeyu; Wang, Junling; Li, Dahai

doi:10.1155/2021/9486949

Cited by 20 publications

(13 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the model has a limited data mining ability and a poor detection effect on small datasets. Wang et al 23 proposed a new data augmentation strategy for intrusion detection data and an intrusion detection model based on label‐free self‐supervised learning, respectively. The disadvantage of this model is that it is less accurate than the supervised model and requires extensive analysis of the unsupervised processing results.…”

Section: Related Workmentioning

confidence: 99%

Intrusion detection: A model based on the improved vision transformer

Yang

Gao

et al. 2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

We propose an intrusion detection model based on an improved vision transformer (ViT). More specifically, the model uses an attention mechanism to process data, which overcomes the flaw of the short-term memory in recurrent neural network (RNN) and the difficulty of learning remote dependency in convolutional neural network. It supports parallelization and has a faster computing speed than RNN. A sliding window mechanism is presented to improve the capability of modeling local features for ViT. The hierarchical focal loss function is used to improve the classification effect, and solve the issue of the data imbalance. The public intrusion detection dataset NSL-KDD is used for experimental simulations. By experimental simulations, the accuracy is up to 99.68%, the false-positive rate is 0.22%, and the recall rate is 99.57%, which show that the improved ViT has better accuracy, false positive rate, and recall rate than existing intrusion detection models.

show abstract

Section: Related Workmentioning

confidence: 99%

Intrusion detection: A model based on the improved vision transformer

Yang

Gao

et al. 2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…Computer vision technology involves a relatively large number of disciplines and technologies and usually requires the study of the technology from multiple perspectives to achieve the development of computer vision technology. The goal of computer vision technology is to achieve human-like recognition and processing of images to obtain intelligent data, but the current technology is not able to achieve such an image acquisition effect, which requires continuous research from multiple perspectives [14]. First, the main purpose of vision technology is to achieve the recognition and processing of images, so the first task is to achieve a technological breakthrough in the image equipment.…”

Section: Related Workmentioning

confidence: 99%

Deep Learning Distributed Architecture Design Implementation for Computer Vision

Zhang

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

In the era of big data, to achieve an efficient deep learning and computer vision system for big data, developers need to build a computerized deep learning and computer vision system, and the system can simultaneously complete the tasks of deep learning and computer vision and large-scale data processing. The existing training dataset is reused, and the scene information is small, which cannot meet the needs of large-scale machine training, so it is necessary to include large-scale data, distributed computer system to complete the training. How to meet the training accuracy requirements of deep learning models and minimize the resource cost within the constrained time is a major challenge for distributed deep learning systems. Resource and batch size hyperparameter allocation are the main approaches to optimize the training accuracy and resource cost of models. Existing works have independently configured resources and batch size hyperparameters in terms of computational efficiency and training accuracy, respectively. However, the impact of the two types of configurations on model training accuracy and resource cost has complex dependencies, and it is difficult to achieve the goals of satisfying the model training accuracy requirements and minimizing the resource cost simultaneously by the existing independent configuration methods. To address these problems, this paper proposes a collaborative resource-batch size optimization configuration method for distributed deep learning systems. This method was firstly based on the monotonic function relationship between resource allocation and batch size hyperparameter allocation and model training time and training accuracy, and we select the order-preserving regression theoretical tool to build a model prediction model for single-round complete training time and final training accuracy for computer vision target classification and recognition, respectively; then, we use the abovementioned models together to solve the resource and batch size optimal allocation solutions to meet the model training accuracy requirements with the goal of minimizing resource cost. The optimal allocation of resources and batch size to meet the training accuracy requirements of the model is solved. In this paper, we evaluate the performance of the proposed method for computer vision target recognition based on the proposed distributed deep learning system.

show abstract

“…Other scholars use reinforcement learning to sample the training data set and motivate the detection results [30], use generative adversarial networks (GAN) to generate few-class attacks [24], and use Transformer to build a more complex classification model [23]. Unsupervised learning is mainly self-supervised Learning (SSL), which creates supervised information through data augmentation, pre-trains large-scale unlabeled network flow, which obtains the features of different network traffic [46].…”

Section: Intrusion Detection Systemmentioning

confidence: 99%

“…Some scholars have also introduced contrastive learning to improve model performance in intrusion detection. Wang et al [46] proposed a new data augmentation strategy for intrusion detection data and an intrusion detection model based on unlabeled self-supervised learning, using the new data augmentation strategy to introduce a perturbation augmentation model to learn invariant feature representation capabilities and improve BYOL selfsupervision. The learning method is trained on the unlabeled UNSW-NB15 intrusion detection dataset to extract network traffic feature representations.…”

Section: Contrastive Learningmentioning

confidence: 99%

ConFlow: Contrast Network Flow Improving Class-Imbalanced Learning in Network Intrusion Detection

Liu

Wang

Ruan

et al. 2022

Preprint

View full text Add to dashboard Cite

In today's cyberspace, network traffic is more massive, complex, and multi-dimensional than ever before. In order to capture malicious network attacks, a machine learning-based network intrusion detection system (NIDS) has become the mainstream method. However, there are still high false-positive and false-negative rates, which cannot guarantee detection accuracy. On the one hand, normal behaviour dominates the Internet, and network traffic presents uneven distribution. On the other hand, the goal of machine learning algorithms is usually to obtain the highest overall accuracy without considering class-imbalanced. It is difficult for the model to learn good performance from a few attack examples. Training the model with an imbalanced data distribution often leads to severe overfitting and severely damages the model's generalization ability. To improve class-imbalanced learning in network intrusion detection, it is necessary to capture the similarities between samples in different classes and compare them with samples in other classes. Based on this, we propose ConFlow, a supervised contrastive learning method for network intrusion detection. First, we design a feature extraction encoder for bidirectional network flow, and add GELU, LayerNorm, and Skip-connection units to the MLP framework, which can enhance the representation ability of the neural network. Then, we use the dropout layer's randomness in the encoder for data augmentation, and different vector representations can be obtained by feeding the same network flow into the encoder twice. Lastly, through the weighted supervised contrastive loss and cross-entropy loss in the training phase. The ConFlow method can improve class-imbalanced learning and does not need the two stages of pre-training and fine-tuning, which can further mine maliciously attacks hidden under normal traffic. The experimental results on the ISCX-IDS2012 and CSE-CIC-IDS2017 datasets show that the ConFlow outperforms other works, and the performance improvement on few-shot learning and robustness test is more significant. The reference PyTorch code is released at https://github.com/AshinWang/ConFlow.

show abstract

Network Intrusion Detection Model Based on Improved BYOL Self-Supervised Learning

Cited by 20 publications

References 45 publications

Intrusion detection: A model based on the improved vision transformer

Intrusion detection: A model based on the improved vision transformer

Deep Learning Distributed Architecture Design Implementation for Computer Vision

ConFlow: Contrast Network Flow Improving Class-Imbalanced Learning in Network Intrusion Detection

Contact Info

Product

Resources

About