SEDAT: A Stacked Ensemble Learning-Based Detection Model for Multiscale Network Attacks-Reference-Cited by-同舟云学术

SEDAT: A Stacked Ensemble Learning-Based Detection Model for Multiscale Network Attacks

Published:2024-07-26 Issue:15 Volume:13 Page:2953
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Feng Yan¹²^ORCID,Yang Zhihai¹²³^ORCID,Sun Qindong²³⁴^ORCID,Liu Yanxiao²³⁵^ORCID

Affiliation:

1. School of Data Science and Artificial Intelligence, Chang’an University, Xi’an 710061, China

2. School of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048, China

3. Sichuan Digital Economy Industry Development Research Institute, Chengdu 610036, China

4. School of Cyber Science and Engineering, Xi’an Jiaotong University, Xi’an 710049, China

5. Guangxi Key Laboratory of Trusted Software, Guilin 541004, China

Abstract

Anomaly detection for network traffic aims to analyze the characteristics of network traffic in order to discover unknown attacks. Currently, existing detection methods have achieved promising results against high-intensity attacks that aim to interrupt the operation of the target system. In reality, attack behaviors that are commonly exhibited are highly concealed and disruptive. In addition, the attack scales are flexible and variable. In this paper, we construct a multiscale network intrusion behavior dataset, which includes three attack scales and two multiscale attack patterns based on probability distribution. Specifically, we propose a stacked ensemble learning-based detection model for anomalous traffic (or SEDAT for short) to defend against highly concealed multiscale attacks. The model employs a random forest (RF)-based method to select features and introduces multiple base learning autoencoders (AEs) to enhance the representation of multiscale attack behaviors. In addressing the challenge of a single model’s inability to capture the regularities of multiscale attack behaviors, SEDAT is capable of adapting to the complex multiscale characteristics in network traffic, enabling the prediction of network access behavior. Comparative experiments demonstrate that SEDAT exhibits superior detection capabilities in multiscale network attacks. In particular, SEDAT achieves an improvement of at least 5% accuracy over baseline methods for detecting multiscale attacks.

Funder

National Natural Science Foundation of China

Natural Science Founds of Shaanxi

Natural Science Foundation of Sichuan Province

Youth Innovation Team Construction of Shaanxi Provincial Department of Education

Xi’an Science and Technology Plan

Project of Xi’an Science and Technology Bureau

Youth Innovation Team of Shaanxi Universities

Guangxi Key Laboratory of Trusted Software

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/15/2953/pdf

Reference63 articles.

1. A survey on artificial intelligence in malware as next-generation threats;Thanh;Mendel,2019

2. (2024, July 22). BBG Cyber Report: DDOS Attack Disrupts Cambridge University, Exposing UK Education Sector Vulnerabilities. Available online: https://www.bbg-mn.com/1484/16/14/.

3. (2024, July 22). Critical Incident over London Hospitals’ Cyber-Attack. Available online: https://www.bbc.com/news/articles/c288n8rkpvno.

4. Wu, X., Tang, D., Liu, T., Man, J., Zhan, S., and Liu, Q. (2018, January 8–12). A low-rate dos attack detection method based on hilbert spectrum and correlation. Proceedings of the 2018 IEEE Smart World, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (Smart-World/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Guangzhou, China.

5. A new intrusion detection system based on SVM–GWO algorithms for Internet of Things;Ghasemi;Wirel. Netw.,2024