Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment

Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment

While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalie...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2023-06, Vol.22 (3), p.679-689
Hauptverfasser: Chen, Yingchun, Li, Jinguo, Guo, Naiwang
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Back propagation
Behavior
Big Data
Coding and Information Theory
Communications Engineering
Communications traffic
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Decision making
Deep learning
Dimensional analysis
Electric power
Intrusion detection systems
Management of Computing and Information Systems
Methods
Networks
Neural networks
Operating Systems
Recurrent neural networks
Regular Contribution
Visualization
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 689
container_issue 3
container_start_page 679
container_title International journal of information security
container_volume 22
creator Chen, Yingchun
Li, Jinguo
Guo, Naiwang
description While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalies is of extraordinary importance for the stability of the network. Previous works designed based on deep learning have faced difficulties in their adoption in practice due to the lack of interpretability. Recently, Recurrent Neural Networks perform a superior ability to analyze high-dimensional complex network flow. However, these methods have the problems of limited parallelizability and time-consuming training, so they cannot meet the particular requirements of intrusion detection. To solve the above issues, we propose an efficient and interpretable intrusion detection scheme based on simple recurrent networks (Tab-AttSRU) to identify abnormal network traffic patterns accurately. Concretely, to obtain high-quality interpretation, we utilize model-specific feature importance and a learnable mask of TabNet for soft selection. The sequential attention mechanism is used to select the decision-making features for necessary interpretability. To realize efficient parallel computing, we combine SRU with attention mechanism to capture latent connections between traffic at different times and implement it on Spark. The performance of proposed method is assessed on the benchmark UNSW-NB15 and a real-world dataset UKM-IDS20. Experimental results have demonstrated the efficiency and interpretability of proposed method.
doi_str_mv 10.1007/s10207-022-00656-w
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2819139367</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2819139367</sourcerecordid><originalsourceid>FETCH-LOGICAL-c270t-b8c8f7df4ae31ca5e1e5801491440bff0be4dd8fe27a371a2713a4b0779ac6633</originalsourceid><addsrcrecordid>eNp9kEtPwzAQhCMEEqXwBzhZ4hxYOw8nR1SVh1SBBO3Zsp1169I6wXaJ-PekFMGN085hvpnVJMklhWsKwG8CBQY8BcZSgLIo0_4oGdGSFmnBOBz_6pKdJmchrAEYhZqOkm5qjNUWXSTSNcS6iL7zGKXaIHl9WRDdbpV12JDexhWZS_WEkZjWE4exb_3bHvG7YFtHGoyo415ZR-IKibJL0sgoCboP61u3HWrOkxMjNwEvfu44WdxN55OHdPZ8_zi5naV6eDimqtKV4Y3JJWZUywIpFhXQvKZ5DsoYUJg3TWWQcZlxKhmnmcwVcF5LXZZZNk6uDrmdb993GKJYtzvvhkrBKlrTrM5KPrjYwaV9G4JHIzpvt9J_Cgpiv6w4LCuGZcX3sqIfoOwAhcHsluj_ov-hvgBcin3e</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2819139367</pqid></control><display><type>article</type><title>Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment</title><source>Business Source Complete</source><source>SpringerLink Journals - AutoHoldings</source><creator>Chen, Yingchun ; Li, Jinguo ; Guo, Naiwang</creator><creatorcontrib>Chen, Yingchun ; Li, Jinguo ; Guo, Naiwang</creatorcontrib><description>While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalies is of extraordinary importance for the stability of the network. Previous works designed based on deep learning have faced difficulties in their adoption in practice due to the lack of interpretability. Recently, Recurrent Neural Networks perform a superior ability to analyze high-dimensional complex network flow. However, these methods have the problems of limited parallelizability and time-consuming training, so they cannot meet the particular requirements of intrusion detection. To solve the above issues, we propose an efficient and interpretable intrusion detection scheme based on simple recurrent networks (Tab-AttSRU) to identify abnormal network traffic patterns accurately. Concretely, to obtain high-quality interpretation, we utilize model-specific feature importance and a learnable mask of TabNet for soft selection. The sequential attention mechanism is used to select the decision-making features for necessary interpretability. To realize efficient parallel computing, we combine SRU with attention mechanism to capture latent connections between traffic at different times and implement it on Spark. The performance of proposed method is assessed on the benchmark UNSW-NB15 and a real-world dataset UKM-IDS20. Experimental results have demonstrated the efficiency and interpretability of proposed method.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-022-00656-w</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Anomalies ; Back propagation ; Behavior ; Big Data ; Coding and Information Theory ; Communications Engineering ; Communications traffic ; Computer Communication Networks ; Computer Science ; Cryptology ; Cybersecurity ; Decision making ; Deep learning ; Dimensional analysis ; Electric power ; Intrusion detection systems ; Management of Computing and Information Systems ; Methods ; Networks ; Neural networks ; Operating Systems ; Recurrent neural networks ; Regular Contribution ; Visualization</subject><ispartof>International journal of information security, 2023-06, Vol.22 (3), p.679-689</ispartof><rights>The Author(s), under exclusive licence to Springer-Verlag GmbH, DE 2022. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c270t-b8c8f7df4ae31ca5e1e5801491440bff0be4dd8fe27a371a2713a4b0779ac6633</cites><orcidid>0000-0002-7980-0312</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-022-00656-w$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-022-00656-w$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Chen, Yingchun</creatorcontrib><creatorcontrib>Li, Jinguo</creatorcontrib><creatorcontrib>Guo, Naiwang</creatorcontrib><title>Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalies is of extraordinary importance for the stability of the network. Previous works designed based on deep learning have faced difficulties in their adoption in practice due to the lack of interpretability. Recently, Recurrent Neural Networks perform a superior ability to analyze high-dimensional complex network flow. However, these methods have the problems of limited parallelizability and time-consuming training, so they cannot meet the particular requirements of intrusion detection. To solve the above issues, we propose an efficient and interpretable intrusion detection scheme based on simple recurrent networks (Tab-AttSRU) to identify abnormal network traffic patterns accurately. Concretely, to obtain high-quality interpretation, we utilize model-specific feature importance and a learnable mask of TabNet for soft selection. The sequential attention mechanism is used to select the decision-making features for necessary interpretability. To realize efficient parallel computing, we combine SRU with attention mechanism to capture latent connections between traffic at different times and implement it on Spark. The performance of proposed method is assessed on the benchmark UNSW-NB15 and a real-world dataset UKM-IDS20. Experimental results have demonstrated the efficiency and interpretability of proposed method.</description><subject>Anomalies</subject><subject>Back propagation</subject><subject>Behavior</subject><subject>Big Data</subject><subject>Coding and Information Theory</subject><subject>Communications Engineering</subject><subject>Communications traffic</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Cryptology</subject><subject>Cybersecurity</subject><subject>Decision making</subject><subject>Deep learning</subject><subject>Dimensional analysis</subject><subject>Electric power</subject><subject>Intrusion detection systems</subject><subject>Management of Computing and Information Systems</subject><subject>Methods</subject><subject>Networks</subject><subject>Neural networks</subject><subject>Operating Systems</subject><subject>Recurrent neural networks</subject><subject>Regular Contribution</subject><subject>Visualization</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNp9kEtPwzAQhCMEEqXwBzhZ4hxYOw8nR1SVh1SBBO3Zsp1169I6wXaJ-PekFMGN085hvpnVJMklhWsKwG8CBQY8BcZSgLIo0_4oGdGSFmnBOBz_6pKdJmchrAEYhZqOkm5qjNUWXSTSNcS6iL7zGKXaIHl9WRDdbpV12JDexhWZS_WEkZjWE4exb_3bHvG7YFtHGoyo415ZR-IKibJL0sgoCboP61u3HWrOkxMjNwEvfu44WdxN55OHdPZ8_zi5naV6eDimqtKV4Y3JJWZUywIpFhXQvKZ5DsoYUJg3TWWQcZlxKhmnmcwVcF5LXZZZNk6uDrmdb993GKJYtzvvhkrBKlrTrM5KPrjYwaV9G4JHIzpvt9J_Cgpiv6w4LCuGZcX3sqIfoOwAhcHsluj_ov-hvgBcin3e</recordid><startdate>20230601</startdate><enddate>20230601</enddate><creator>Chen, Yingchun</creator><creator>Li, Jinguo</creator><creator>Guo, Naiwang</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-7980-0312</orcidid></search><sort><creationdate>20230601</creationdate><title>Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment</title><author>Chen, Yingchun ; Li, Jinguo ; Guo, Naiwang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c270t-b8c8f7df4ae31ca5e1e5801491440bff0be4dd8fe27a371a2713a4b0779ac6633</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Anomalies</topic><topic>Back propagation</topic><topic>Behavior</topic><topic>Big Data</topic><topic>Coding and Information Theory</topic><topic>Communications Engineering</topic><topic>Communications traffic</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Cryptology</topic><topic>Cybersecurity</topic><topic>Decision making</topic><topic>Deep learning</topic><topic>Dimensional analysis</topic><topic>Electric power</topic><topic>Intrusion detection systems</topic><topic>Management of Computing and Information Systems</topic><topic>Methods</topic><topic>Networks</topic><topic>Neural networks</topic><topic>Operating Systems</topic><topic>Recurrent neural networks</topic><topic>Regular Contribution</topic><topic>Visualization</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Chen, Yingchun</creatorcontrib><creatorcontrib>Li, Jinguo</creatorcontrib><creatorcontrib>Guo, Naiwang</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>ProQuest Criminal Justice</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chen, Yingchun</au><au>Li, Jinguo</au><au>Guo, Naiwang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2023-06-01</date><risdate>2023</risdate><volume>22</volume><issue>3</issue><spage>679</spage><epage>689</epage><pages>679-689</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalies is of extraordinary importance for the stability of the network. Previous works designed based on deep learning have faced difficulties in their adoption in practice due to the lack of interpretability. Recently, Recurrent Neural Networks perform a superior ability to analyze high-dimensional complex network flow. However, these methods have the problems of limited parallelizability and time-consuming training, so they cannot meet the particular requirements of intrusion detection. To solve the above issues, we propose an efficient and interpretable intrusion detection scheme based on simple recurrent networks (Tab-AttSRU) to identify abnormal network traffic patterns accurately. Concretely, to obtain high-quality interpretation, we utilize model-specific feature importance and a learnable mask of TabNet for soft selection. The sequential attention mechanism is used to select the decision-making features for necessary interpretability. To realize efficient parallel computing, we combine SRU with attention mechanism to capture latent connections between traffic at different times and implement it on Spark. The performance of proposed method is assessed on the benchmark UNSW-NB15 and a real-world dataset UKM-IDS20. Experimental results have demonstrated the efficiency and interpretability of proposed method.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-022-00656-w</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0002-7980-0312</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2023-06, Vol.22 (3), p.679-689
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_journals_2819139367
source Business Source Complete; SpringerLink Journals - AutoHoldings
subjects Anomalies
Back propagation
Behavior
Big Data
Coding and Information Theory
Communications Engineering
Communications traffic
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Decision making
Deep learning
Dimensional analysis
Electric power
Intrusion detection systems
Management of Computing and Information Systems
Methods
Networks
Neural networks
Operating Systems
Recurrent neural networks
Regular Contribution
Visualization
title Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T12%3A03%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Efficient%20and%20interpretable%20SRU%20combined%20with%20TabNet%20for%20network%20intrusion%20detection%20in%20the%20big%20data%20environment&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Chen,%20Yingchun&rft.date=2023-06-01&rft.volume=22&rft.issue=3&rft.spage=679&rft.epage=689&rft.pages=679-689&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-022-00656-w&rft_dat=%3Cproquest_cross%3E2819139367%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2819139367&rft_id=info:pmid/&rfr_iscdi=true