HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data

Weidong Zhou; Tianbo Wang; Guotao Huang; Xiaopeng Liang; Chunhe Xia; Xiaojian Li

doi:10.1109/TrustCom60117.2023.00211

HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data

Weidong Zhou
, Tianbo Wang^*
, Guotao Huang
, Xiaopeng Liang
, Chunhe Xia
, Xiaojian Li

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The data-driven deep learning methods have brought significant progress and potential to intrusion detection. However, there are two thorny problems caused by the characteristics of intrusion data: "multi-type features"and "data imbalance". The former means that forcefully and improperly transforming intrusion features from distinct metric spaces can result in semantic loss and noise. The latter indicates that the intrusion data is imbalanced in quantity and quality due to its complex spatial distribution. We propose a Hybrid Framework for Multi-type and Imbalance Data (HF-Mid) to address the above two problems. Firstly, we divide the intrusion features into equivalent and non-equivalent groups, and then embed them sequentially using Supervised Paragraph Vector-Distributed Memory (SPV-DM), which excels at modeling co-occurrence relationships, and Deep Neural Network (DNN), which is suitable for modeling non-linear relationships, thereby solving the "multitype features"problem. Secondly, we adopt a low-noise collective matrix factorization (CMF) model to fuse the two obtained features for dimensionality reduction. Finally, we employ a multiple classifier to detect intrusion. During the classifier training stage, we design a genetic algorithm-based proportional sampling method to select high-quality samples in each training batch. thus addressing the "data imbalance"problem. The experimental results demonstrate the proposed framework exhibits an overall improvement of 5.9% and 1.5% in terms of accuracy and false positive rate on average, respectively.

Original language	English
Title of host publication	Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
Editors	Jia Hu, Geyong Min, Guojun Wang
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1546-1553
Number of pages	8
ISBN (Electronic)	9798350381993
DOIs	https://doi.org/10.1109/TrustCom60117.2023.00211
State	Published - 2023
Event	22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023 - Exeter, United Kingdom Duration: 1 Nov 2023 → 3 Nov 2023

Publication series

Name	Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023

Conference

Conference	22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023
Country/Territory	United Kingdom
City	Exeter
Period	1/11/23 → 3/11/23

Keywords

Data imbalance
Feature fusing
Intrusion detection
Multi-type features
Proportional sampling

Access to Document

10.1109/TrustCom60117.2023.00211

Cite this

Zhou, W., Wang, T., Huang, G., Liang, X., Xia, C., & Li, X. (2023). HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data. In J. Hu, G. Min, & G. Wang (Eds.), Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023 (pp. 1546-1553). (Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TrustCom60117.2023.00211

Zhou, Weidong ; Wang, Tianbo ; Huang, Guotao et al. / HF-Mid : A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data. Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023. editor / Jia Hu ; Geyong Min ; Guojun Wang. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 1546-1553 (Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023).

@inproceedings{18d642be90904fc8ad487189b94aa767,

title = "HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data",

abstract = "The data-driven deep learning methods have brought significant progress and potential to intrusion detection. However, there are two thorny problems caused by the characteristics of intrusion data: {"}multi-type features{"}and {"}data imbalance{"}. The former means that forcefully and improperly transforming intrusion features from distinct metric spaces can result in semantic loss and noise. The latter indicates that the intrusion data is imbalanced in quantity and quality due to its complex spatial distribution. We propose a Hybrid Framework for Multi-type and Imbalance Data (HF-Mid) to address the above two problems. Firstly, we divide the intrusion features into equivalent and non-equivalent groups, and then embed them sequentially using Supervised Paragraph Vector-Distributed Memory (SPV-DM), which excels at modeling co-occurrence relationships, and Deep Neural Network (DNN), which is suitable for modeling non-linear relationships, thereby solving the {"}multitype features{"}problem. Secondly, we adopt a low-noise collective matrix factorization (CMF) model to fuse the two obtained features for dimensionality reduction. Finally, we employ a multiple classifier to detect intrusion. During the classifier training stage, we design a genetic algorithm-based proportional sampling method to select high-quality samples in each training batch. thus addressing the {"}data imbalance{"}problem. The experimental results demonstrate the proposed framework exhibits an overall improvement of 5.9\% and 1.5\% in terms of accuracy and false positive rate on average, respectively.",

keywords = "Data imbalance, Feature fusing, Intrusion detection, Multi-type features, Proportional sampling",

author = "Weidong Zhou and Tianbo Wang and Guotao Huang and Xiaopeng Liang and Chunhe Xia and Xiaojian Li",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023 ; Conference date: 01-11-2023 Through 03-11-2023",

year = "2023",

doi = "10.1109/TrustCom60117.2023.00211",

language = "英语",

series = "Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1546--1553",

editor = "Jia Hu and Geyong Min and Guojun Wang",

booktitle = "Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023",

address = "美国",

}

Zhou, W, Wang, T, Huang, G, Liang, X, Xia, C & Li, X 2023, HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data. in J Hu, G Min & G Wang (eds), Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023. Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023, Institute of Electrical and Electronics Engineers Inc., pp. 1546-1553, 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023, Exeter, United Kingdom, 1/11/23. https://doi.org/10.1109/TrustCom60117.2023.00211

HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data. / Zhou, Weidong; Wang, Tianbo; Huang, Guotao et al.
Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023. ed. / Jia Hu; Geyong Min; Guojun Wang. Institute of Electrical and Electronics Engineers Inc., 2023. p. 1546-1553 (Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - HF-Mid

T2 - 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023

AU - Zhou, Weidong

AU - Wang, Tianbo

AU - Huang, Guotao

AU - Liang, Xiaopeng

AU - Xia, Chunhe

AU - Li, Xiaojian

PY - 2023

Y1 - 2023

N2 - The data-driven deep learning methods have brought significant progress and potential to intrusion detection. However, there are two thorny problems caused by the characteristics of intrusion data: "multi-type features"and "data imbalance". The former means that forcefully and improperly transforming intrusion features from distinct metric spaces can result in semantic loss and noise. The latter indicates that the intrusion data is imbalanced in quantity and quality due to its complex spatial distribution. We propose a Hybrid Framework for Multi-type and Imbalance Data (HF-Mid) to address the above two problems. Firstly, we divide the intrusion features into equivalent and non-equivalent groups, and then embed them sequentially using Supervised Paragraph Vector-Distributed Memory (SPV-DM), which excels at modeling co-occurrence relationships, and Deep Neural Network (DNN), which is suitable for modeling non-linear relationships, thereby solving the "multitype features"problem. Secondly, we adopt a low-noise collective matrix factorization (CMF) model to fuse the two obtained features for dimensionality reduction. Finally, we employ a multiple classifier to detect intrusion. During the classifier training stage, we design a genetic algorithm-based proportional sampling method to select high-quality samples in each training batch. thus addressing the "data imbalance"problem. The experimental results demonstrate the proposed framework exhibits an overall improvement of 5.9% and 1.5% in terms of accuracy and false positive rate on average, respectively.

AB - The data-driven deep learning methods have brought significant progress and potential to intrusion detection. However, there are two thorny problems caused by the characteristics of intrusion data: "multi-type features"and "data imbalance". The former means that forcefully and improperly transforming intrusion features from distinct metric spaces can result in semantic loss and noise. The latter indicates that the intrusion data is imbalanced in quantity and quality due to its complex spatial distribution. We propose a Hybrid Framework for Multi-type and Imbalance Data (HF-Mid) to address the above two problems. Firstly, we divide the intrusion features into equivalent and non-equivalent groups, and then embed them sequentially using Supervised Paragraph Vector-Distributed Memory (SPV-DM), which excels at modeling co-occurrence relationships, and Deep Neural Network (DNN), which is suitable for modeling non-linear relationships, thereby solving the "multitype features"problem. Secondly, we adopt a low-noise collective matrix factorization (CMF) model to fuse the two obtained features for dimensionality reduction. Finally, we employ a multiple classifier to detect intrusion. During the classifier training stage, we design a genetic algorithm-based proportional sampling method to select high-quality samples in each training batch. thus addressing the "data imbalance"problem. The experimental results demonstrate the proposed framework exhibits an overall improvement of 5.9% and 1.5% in terms of accuracy and false positive rate on average, respectively.

KW - Data imbalance

KW - Feature fusing

KW - Intrusion detection

KW - Multi-type features

KW - Proportional sampling

UR - https://www.scopus.com/pages/publications/85195460040

U2 - 10.1109/TrustCom60117.2023.00211

DO - 10.1109/TrustCom60117.2023.00211

M3 - 会议稿件

AN - SCOPUS:85195460040

T3 - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023

SP - 1546

EP - 1553

BT - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023

A2 - Hu, Jia

A2 - Min, Geyong

A2 - Wang, Guojun

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 1 November 2023 through 3 November 2023

ER -

Zhou W, Wang T, Huang G, Liang X, Xia C, Li X. HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data. In Hu J, Min G, Wang G, editors, Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 1546-1553. (Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023). doi: 10.1109/TrustCom60117.2023.00211

HF-Mid: A Hybrid Framework of Network Intrusion Detection for Multi-type and Imbalanced Data

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this