An intrusion detection system (IDS) is a network security device that performs real-time monitoring of network transmissions and sends out alarms or takes active response measures when suspicious transmissions are found. In this regard, many researches have combined traditional machine learning models with other optimization algorithms to improve intrusion detection performance. However, although the existing intrusion detection model can effectively improve the performance of the model, there are still problems such as unsatisfactory detection accuracy and data preprocessing operations that may lead to a decrease in accuracy. To solve this problem, in this paper, we have proposed a novel intrusion detection system model based on logarithmic autoencoder (LogAE) and eXtreme Gradient Boosting (XGBoost). First, we build LogAE to learn the hidden features of the input data to reconstruct new data similar to the training samples, with the purpose of highlighting important features. It is worth mentioning that LogAE is not necessary to normalize the training data. This is because we add a logarithmic layer to learn this mapping. Then, XGBoost is used as a classifier to identify the data set that combines the original data set with the generated data set. In the experiment, our proposed model is evaluated on the UNSW-NB15 data set and CICIDS2017 data set. Additionally, we use accuracy, recall, precision, F1-score, and runtime as evaluation metrics. For detection performance, the detection accuracy of our proposed model is 95.11% for UNSW-NB15 and 99.92% for CICIDS2017, which is better than most state-of-the-art intrusion detection methods. Meantime, the runtime of our proposed model is the lowest for UNSW-NB15.
Intrusion detection system (IDS), the second security gate behind the firewall, can monitor the network without affecting the network performance and ensure the system security from the internal maximum. Many researches have applied traditional machine learning models, deep learning models, or hybrid models to IDS to improve detection effect. However, according to Predicted accuracy, Descriptive accuracy, and Relevancy (PDR) framework, most of detection models based on model-based interpretability lack good detection performance. To solve the problem, in this paper, we have proposed a novel intrusion detection system model based on model-based interpretability, called Interpretable Intrusion Detection System (I2DS). We firstly combine normal and attack samples reconstructed by AutoEncoder (AE) with training samples to highlight the normal and attack features, so that the classifier has a gorgeous effect. Then, Additive Tree (AddTree) is used as a binary classifier, which can provide excellent predictive performance in the combined dataset while maintaining good model-based interpretability. In the experiment, UNSW-NB15 dataset is used to evaluate our proposed model. For detection performance, I2DS achieves a detection accuracy of 99.95%, which is better than most of state-of-the-art intrusion detection methods. Moreover, I2DS maintains higher simulatability and captures the decision rules easily.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.