New challenges in the cyberspace require the need for more powerful and rapidly adaptive Intrusion Detection Systems (IDS). This paper presents a hybrid deep learning method—merging autoencoders with XGBoost, extending with Network Behavior Analysis (NBA) feature extraction and chi-squared–based feature selection and evaluated on TII-SSRC-23 dataset. The raw network traffic will be preprocessed and enriched with innovations inspired from NBA features, like aggregate session- and flow-level statistics (e.g., top numerical features sum, mean of odd-indexed values). Then, we execute a chi-squared test to weed out the least relevant; dimensionality is now trimmed without losing significant predictive data. In the meantime several deep autoencoders, such as CNN-based AEs, Stacked AEs, Variational AEs (VAE), and LSTM AEs obtain compact representations of the high-dimensional traffic data. The latent features of each autoencoder are then fed into XGBoost, which performs very efficient classification. These results, obtained empirically on several disparate subsets of features, demonstrated consistently better predictive capacity for the hybrid AE + XGBoost models over standalone ensembles in the TII-SSRC-23 dataset. The proposed system is robust for accurately capturing malicious behaviors, and scalable in terms of computation, demonstrating the potential for next-generation IDS solutions through deep autoencoders, NBA-based feature engineering, and gradient-boosted trees.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Network Behavior–Driven Intrusion Detection: A Hybrid Deep Learning and XGBoost Approach

  • Mohammed Janati,
  • Fayçal Messaoudi

摘要

New challenges in the cyberspace require the need for more powerful and rapidly adaptive Intrusion Detection Systems (IDS). This paper presents a hybrid deep learning method—merging autoencoders with XGBoost, extending with Network Behavior Analysis (NBA) feature extraction and chi-squared–based feature selection and evaluated on TII-SSRC-23 dataset. The raw network traffic will be preprocessed and enriched with innovations inspired from NBA features, like aggregate session- and flow-level statistics (e.g., top numerical features sum, mean of odd-indexed values). Then, we execute a chi-squared test to weed out the least relevant; dimensionality is now trimmed without losing significant predictive data. In the meantime several deep autoencoders, such as CNN-based AEs, Stacked AEs, Variational AEs (VAE), and LSTM AEs obtain compact representations of the high-dimensional traffic data. The latent features of each autoencoder are then fed into XGBoost, which performs very efficient classification. These results, obtained empirically on several disparate subsets of features, demonstrated consistently better predictive capacity for the hybrid AE + XGBoost models over standalone ensembles in the TII-SSRC-23 dataset. The proposed system is robust for accurately capturing malicious behaviors, and scalable in terms of computation, demonstrating the potential for next-generation IDS solutions through deep autoencoders, NBA-based feature engineering, and gradient-boosted trees.