DDP-DAR: Network intrusion detection based on denoising diffusion probabilistic model and dual-attention residual network.

Journal: Neural networks : the official journal of the International Neural Network Society
Published Date: Dec 18, 2024

Abstract

Network intrusion detection (NID) is an effective manner to guarantee the security of cyberspace. However, the scale of normal network traffic is much larger than intrusion traffic (i.e., appearing data imbalance problem), which leads to the training of NID model to be more towards the majority classes, thus affecting the detection effect. Although scholars have solved this problem by reducing normal network traffic or increasing intrusion traffic, while increasing the number of intrusion traffic can effectively expand the scale of datasets in the model training process, which is benefit for training a better NID model. In this paper, we propose a network intrusion detection based on denoising diffusion probabilistic model and dual-attention residual network (DDP-DAR) through feature representation, data augmentation and intrusion detection, respectively. In the feature representation phase, we propose a novel feature representation method to better represent network traffic in the format of RGB images by storing global features and local features. In the data augmentation phase, we utilize the denoising diffusion probabilistic model instead of traditional data augmentation models (e.g., VAE, GAN), and then introduce the cosine noise addition and learnable variance parameter strategies to improve the denoising diffusion model for generating RGB images with high quality. In the intrusion detection phase, we propose the detection method based on dual-attention residual network, which performs feature extraction through multilayer network structure and dual-attention mechanism to get the higher level and more important information, thereby detecting intrusion traffic more accurately. Compared with the state-of-the-art data augmentation-based NID methods, a large number of experimental results show that DDP-DAR performs better in four metrics of Accuracy, F1-measure, FPR and ROC-AUC; Meanwhile, the detection results of DDP-DAR are more stable.

Authors

  • Saihua Cai
    School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, Jiangsu, China; Jiangsu Key Laboratory of Security Technology for Industrial Cyberspace, Jiangsu University, Zhenjiang, 212013, Jiangsu, China. Electronic address: caisaih@ujs.edu.cn.
  • Yingwei Zhao
    School of Information Science and Technology, Northeast Normal University, Jilin, China.
  • Jiaao Lyu
    School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, Jiangsu, China.
  • Shengran Wang
    School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, Jiangsu, China; Jiangsu Key Laboratory of Security Technology for Industrial Cyberspace, Jiangsu University, Zhenjiang, 212013, Jiangsu, China.
  • Yikai Hu
    School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, Jiangsu, China.
  • Mengya Cheng
    School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang, 212013, Jiangsu, China.
  • Guofeng Zhang
    School of Information Science and Technology, Taishan University, Taian, 271000, Shandong, China.

Keywords

External Resources

Popular Topics
Recent Journals