As internet usage continues to surge, the sophistication and complexity of cyber-attacks are on the rise. Consequently, it becomes imperative to employ a Network Intrusion Detection System (NIDS) to thwart unauthorized access attempts. Recent advancements have witnessed an increasing integration of deep learning techniques into NIDS, demonstrating substantial potential in enhancing cyber-attack detection capabilities.

In particular, spatial-based neural networks like Convolutional Neural Networks (CNN) and Vision Transformers (ViT) have exhibited remarkable effectiveness in this context. However, the integration of spatial-based deep learning into NIDS confronts certain limitations. One significant drawback arises from the typical tabular structure of NIDS datasets, which is less suitable for accommodating spatial-based neural networks. Consequently, the untapped potential of spatial deep learning models, renowned for their rich representation capabilities, remains a concern.

Hence, we present an enhanced approach aimed at bolstering cyber-attack detection by employing spatial deep learning models within NIDS, specifically our two-dimensional deep spatial-based NIDS (TDDS-NIDS). This approach involves the transformation of NIDS features into two-dimensional images, facilitating the representation of spatial relationships among these features. Our proposed model is trained on both a Convolutional Neural Network and a Vision Transformer, utilizing two benchmark NIDS datasets: UNSW-NB15 and CICIDS-2017.

REFERENCES

[1] E. Balamurugan, A. Mehbodniya, E. Kariri, K. Yadav, A. Kumar, and M. Anul Haq, “Network optimization using defender system in cloud computing security based intrusion detection system withgame theory deep neural network (IDSGT-DNN),” Pattern Recognit. Lett., vol. 156, pp. 142–151, 2022, doi: 10.1016/j.patrec.2022.02.013.
[2] G. C. Amaizu, C. I. Nwakanma, J. M. Lee, and D. S. Kim, “Investigating Network Intrusion Detection Datasets Using Machine Learning,” Int. Conf. ICT Converg., vol. 2020-Octob, pp. 1325–1328, 2020, doi: 10.1109/ICTC49870.2020.9289329.
[3] Y. Yin et al., “IGRF-RFE: A Hybrid Feature Selection Method for MLP-based Network Intrusion Detection on UNSW-NB15 Dataset,” J. Big Data, 2022, doi: 10.1186/s40537-023-00694-8.
[4] O. M. A. Alsyaibani, E. Utami, and A. D. Hartanto, “An Intrusion Detection System Model Based on Bidirectional LSTM,” 3rd Int. Conf. Cybern. Intell. Syst. ICORIS 2021, 2021, doi: 10.1109/ICORIS52787.2021.9649612.
[5] H. C. Altunay and Z. Albayrak, “A hybrid CNN + LSTMbased intrusion detection system for industrial IoT networks,” Eng. Sci. Technol. an Int. J., vol. 38, p. 101322, 2023, doi: 10.1016/j.jestch.2022.101322.
[6] Y. Yang, K. Zheng, B. Wu, Y. Yang, and X. Wang, “Network Intrusion Detection Based on Supervised Adversarial Variational Auto-Encoder with Regularization,” IEEE Access, vol. 8, pp. 42169–42184, 2020, doi: 10.1109/ACCESS.2020.2977007.
[7] S. Yeom, C. Choi, and K. Kim, “AutoEncoder based feature extraction for multi-malicious traffic classification,” ACM Int. Conf. Proceeding Ser., pp. 285–287, 2020, doi: 10.1145/3426020.3426093.
[8] E. U. H. Qazi, A. Almorjan, and T. Zia, “A One-Dimensional Convolutional Neural Network (1D-CNN) Based Deep Learning System for Network Intrusion Detection,” Appl. Sci., vol. 12, no. 16, pp. 4–17, 2022, doi: 10.3390/app12167986.
[9] L. Ashiku and C. Dagli, “Network Intrusion Detection System using Deep Learning,” Procedia Comput. Sci., vol. 185, no. June, pp. 239–247, 2021, doi: 10.1016/j.procs.2021.05.025.
[10] G. Andresini, A. Appice, N. Di Mauro, C. Loglisci, and D. Malerba, “Multi-Channel Deep Feature Learning for Intrusion Detection,” IEEE Access, vol. 8, pp. 53346–53359, 2020, doi: 10.1109/ACCESS.2020.2980937.
[11] M. M. Hassan, A. Gumaei, A. Alsanad, M. Alrubaian, and G. Fortino, “A hybrid deep learning model for efficient intrusion detection in big data environment,” Inf. Sci. (Ny)., vol. 513, pp. 386–396, 2020, doi: 10.1016/j.ins.2019.10.069.
[12] Z. Wu, H. Zhang, P. Wang, and Z. Sun, “RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System,” IEEE Access, vol. 10, pp. 64375–64387, 2022, doi: 10.1109/ACCESS.2022.3182333.
[13] Y. Yang, C. Yao, J. Yang, and K. Yin, “A Network Security Situation Element Extraction Method Based on Conditional Generative Adversarial Network and Transformer,” IEEE Access, vol. 10, no. September, pp. 107416–107430, 2022, doi: 10.1109/ACCESS.2022.3212751.
[14] J. Yu, X. Ye, and H. Li, “A high precision intrusion detection system for network security communication based on multi-scale convolutional neural network,” Futur. Gener. Comput. Syst., vol. 129, pp. 399–406, 2022, doi: https://doi.org/10.1016/j.future.2021.10.018.
[15] M. Mulyanto, M. Faisal, S. W. Prakosa, and J. Leu, “Effectiveness of Focal Loss for Minority Classification in Network Intrusion Detection Systems,” Symmetry (Basel)., no. 18, 2021.
[16] N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, “SMOTE: Synthetic Minority Over-sampling Technique,” J. Artif. Intell. Res., vol. 16, no. January, pp. 321–357, 2002, doi: 10.1613/jair.953.
[17] M. Mulyanto, S. W. Prakosa, M. Faisal, and J.-S. Leu, “Using Optimized Focal Loss for Imbalanced Dataset on Network Intrusion Detection System,” in IEEE Vehicular Technology Conference, 2022, vol. 2022-June. doi: 10.1109/VTC2022-Spring54318.2022.9861034.
[18] T. Y. Lin, P. Goyal, R. Girshick, K. He, and P. Dollar, “Focal Loss for Dense Object Detection,” Proc. IEEE Int. Conf. Comput. Vis., vol. 2017-Octob, pp. 2999–3007, 2017, doi: 10.1109/ICCV.2017.324.
[19] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” J. Inf. Secur. Appl., vol. 50, p. 102419, 2020, doi: 10.1016/j.jisa.2019.102419.
[20] Y. Bengio, A. Courville, and P. Vincent, “Representation learning: A review and new perspectives,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 35, no. 8, pp. 1798–1828, 2013, doi: 10.1109/TPAMI.2013.50.
[21] M. Mulyanto, J.-S. Leu, M. Faisal, and W. Yunanto, “Weight embedding autoencoder as feature representation learning in an intrusion detection systems,” Comput. Electr. Eng., vol. 111, p. 108949, 2023, doi: https://doi.org/10.1016/j.compeleceng.2023.108949.
[22] I. Al-Turaiki and N. Altwaijry, “A Convolutional Neural Network for Improved Anomaly-Based Network Intrusion Detection,” Big Data, vol. 9, no. 3, pp. 233–252, 2021, doi: 10.1089/big.2020.0263.
[23] J. Kim, J. Kim, H. Kim, M. Shim, and E. Choi, “CNN-based network intrusion detection against denial-of-service attacks,” Electron., vol. 9, no. 6, pp. 1–21, 2020, doi: 10.3390/electronics9060916.
[24] C. M. K. Ho, K. C. Yow, Z. Zhu, and S. Aravamuthan, “Network Intrusion Detection via Flow-to-Image Conversion and Vision Transformer Classification,” IEEE Access, vol. 10, no. September, pp. 97780–97793, 2022, doi: 10.1109/ACCESS.2022.3200034.
[25] T. Kim, S. C. Suh, H. Kim, J. Kim, and J. Kim, “An Encoding Technique for CNN-based Network Anomaly Detection,” Proc. - 2018 IEEE Int. Conf. Big Data, Big Data 2018, pp. 2960–2965, 2019, doi: 10.1109/BigData.2018.8622568.
[26] G. Andresini, A. Appice, and D. Malerba, “Nearest cluster-based intrusion detection through convolutional neural networks,” Knowledge-Based Syst., vol. 216, p. 106798, 2021, doi: 10.1016/j.knosys.2021.106798.
[27] L. v. d Maaten and G. Hinton, “Visualizing Data using t-SNE,” J. Mach. Learn. Res., vol. 219, no. 1, pp. 1–48, 2008, doi: 10.1007/s10479-011-0841-3.
[28] J. Sklansky, “Finding the Convex Hull of a Simple Polygon,” Pattern Recogn. Lett., vol. 1, pp. 79–83, 1982, [Online]. Available: https://doi.org/10.1016/0167-8655(82)90016-2
[29] C. B. Barber, D. P. Dobkin, and H. Huhdanpaa, “The Quickhull Algorithm for Convex Hulls,” ACM Trans. Math. Softw., vol. 22, no. 4, pp. 469–483, Dec. 1996, doi: 10.1145/235815.235821.
[30] Z. Chen, C. K. Yeo, B. S. Lee, and C. T. Lau, “Autoencoder-based network anomaly detection,” Wirel. Telecommun. Symp., vol. 2018-April, pp. 1–5, 2018, doi: 10.1109/WTS.2018.8363930.
[31] A. Krizhevsky, I. Sutskever, and G. E. Hinton, “ImageNet Classification with Deep Convolutional Neural Networks,” in Advances in Neural Information Processing Systems, 2012, vol. 25. [Online]. Available: https://proceedings.neurips.cc/paper_files/paper/2012/file/c399862d3b9d6b76c8436e924a68c45b-Paper.pdf
[32] A. Dosovitskiy et al., “An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale,” Int. Conf. Learn. Represent., 2021, [Online]. Available: http://arxiv.org/abs/2010.11929
[33] A. Vaswani et al., “Attention is All you Need,” in Advances in Neural Information Processing Systems, 2017, vol. 30. [Online]. Available: https://proceedings.neurips.cc/paper_files/paper/2017/file/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf
[34] A. Sharma, E. Vans, D. Shigemizu, K. A. Boroevich, and T. Tsunoda, “DeepInsight: A methodology to transform a non-image data to an image for convolution neural network architecture,” Sci. Rep., vol. 9, no. 1, pp. 1–7, 2019, doi: 10.1038/s41598-019-47765-6.
[35] B. Yan and G. Han, “Effective Feature Extraction via Stacked Sparse Autoencoder to Improve Intrusion Detection System,” IEEE Access, vol. 6, pp. 41238–41248, 2018, doi: 10.1109/ACCESS.2018.2858277.
[36] N. Moustafa and J. Slay, “UNSW-NB15: A Comprehensive Data set for Network Intrusion Detection systems (UNSW-NB15 Network Data Set),” Mil. Commun. Inf. Syst. Conf., pp. 1–6, 2015, doi: 10.35940/ijrte.B1540.0982S1119.
[37] H. Kaur, H. S. Pannu, and A. K. Malhi, “A Systematic Review on Imbalanced Data Challenges in Machine Learning: Applications and Solutions,” ACM Comput. Surv., vol. 52, no. 4, Aug. 2019, doi: 10.1145/3343440.
[38] P. Choobdar, M. Naderan, and M. Naderan, “Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset,” Wireless Personal Communications, vol. 123, no. 1. pp. 437–471, 2022. doi: 10.1007/s11277-021-09139-y.
[39] P. Sun et al., “DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system,” Secur. Commun. Networks, vol. 2020, 2020, doi: 10.1155/2020/8890306.