As the range of security attacks increases across diverse network applications, intrusion detection systems are of central interest. Such detection systems are more crucial for the Internet of Things (IoT) due to the voluminous and sensitive data it produces. However, the real-world network produces imbalanced traffic including different and unknown attack types. Due to this imbalanced nature of network traffic, the traditional learning-based detection techniques suffer from lower overall detection performance, higher false-positive rate, and lower minority-class attack detection rates. To address the issue, we propose a novel deep generative-based model called Class-wise Focal Loss Variational AutoEncoder (CFLVAE) which overcomes the data imbalance problem by generating new samples for minority attack classes. Furthermore, we design an effective and cost-sensitive objective function called Class-wise Focal Loss (CFL) to train the traditional Variational AutoEncoder (VAE). The CFL objective function focuses on different minority class samples and scrutinizes high-level feature representation of observed data. This leads the VAE to generate more realistic, diverse, and quality intrusion data to create a well-balanced intrusion dataset. The balanced dataset results in improving the intrusion detection accuracy of learning-based classifiers. Therefore, a Deep Neural Network (DNN) classifier with a unique architecture is then trained using the balanced intrusion dataset to enhance the detection performance. Moreover, we utilize a challenging and highly imbalanced intrusion dataset called NSL-KDD to conduct an extensive experiment with the proposed model. The results demonstrate that the proposed CFLVAE with DNN (CFLVAE-DNN) model obtains promising performance in generating realistic new intrusion data samples and achieves superior intrusion detection performance. Additionally, the proposed CFLVAE-DNN model outperforms several state-of-the-art data generation and traditional intrusion detection methods. Specifically, the CFLVAE-DNN achieves 88.08% overall intrusion detection accuracy and 3.77% false positive rate. More significantly, it obtains the highest low-frequency attack detection rates for U2R (79.25%) and R2L (67.5%) against all the state-of-the-art algorithms.
Intrusion handling in wireless mesh networks (WMNs) is a relatively less addressed topic. The difficulty may lie in the fact that there are other wireless networks for which some intrusion detection or prevention schemes are proposed that could also be applied in some way in a WMN setting. As those schemes are contributing, researchers may not find it necessary to specifically focus on this field. Another critical reason may be the difficulty in developing an effective scheme for WMNs. In fact, the structural differences among various wireless ad hoc networking technologies make it imperative to devise the mechanisms in subtle but critically different ways. For WMNs, there is a proper network backbone that is called mesh backbone (which is not present in many other wireless network counterparts), which supports the fringe part or the mesh clients. Hence, it is often possible to install the intrusion handling mechanisms or agents in the stable part and allowing some flexibility in the client or fringe parts. Nonetheless, instead of thinking in this pattern, we take a different approach of tackling intrusion by allowing an intruder to stay in the network as long as it proves to be worthy of staying in the network by supporting the network’s regular activities. The idea is that by not always directly purging rogue entities, one could exploit the intruder’s resources, thereby benefiting the network. We call our approach an intrusion-tackling mechanism and term it a Pay-and-Stay model. Alongside presenting the details and analysis of our model, in this paper, we also present the basics of various forms of intrusion handling in such types of networks. Using our evaluation results, we found that the model could be very effective in handling intruders and defending the network against a broad range of security attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.