A Generalized and Real-Time Network Intrusion Detection System Through Incremental Feature Encoding and Similarity Embedding Learning
Abstract
1. Introduction
2. Related Work
2.1. Session-Based Methods
2.2. Packet-Based Methods
2.3. Detecting Novel Attack Types
3. Materials and Methods
3.1. Feature Encoding
3.1.1. Transformer Model
3.1.2. LSTM Network
3.1.3. Online Statistical Flow Feature Extractor
3.1.4. Feature Fusion
3.2. Semantic Embedding Learning
3.2.1. Architecture
3.2.2. Loss Function
3.2.3. Compactness Loss Term
3.3. Final Loss and Training Algorithm
Algorithm 1. Main Training Steps of GR-IDS |
Input: : a sequence of incoming labeled packets Output: Trained IDS model (the transformer, LSTM, and embedding modules)
|
3.4. Novel Attack Detection
3.5. Memory and Time Complexity
4. Results
4.1. Datasets
4.2. Evaluation Metrics
4.3. Experimental Setup
4.4. Early Detection Performance
4.5. Detection Performance
4.6. Identifying Novel Attacks
4.7. Ablation Study
- GR-IDS w/o SF: Obtained by removing the statistical features from the feature encoder.
- GR-IDS w/o LSTM: Derived by omitting the LSTM network from the feature encoder.
- GR-IDS w/o C: Indicates GR-IDS without the compactness loss term.
- GR-IDS w/o C-Thresh: Shows GR-IDS without the adaptive class-wise thresholds.
- GR-IDS Pure Trans: Shows a GR-IDS where the feature encoding module is replaced by a transformer.
- GR-IDS Pure LSTM: Indicates a GR-IDS where the feature encoding module is replaced by an LSTM.
4.8. Hyperparameter Analysis
5. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Han, J.; Pak, W. High performance network intrusion detection system using two-stage LSTM and incremental created hybrid features. Electronics 2023, 12, 956. [Google Scholar] [CrossRef]
- Wu, S.X.; Banzhaf, W. The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput. 2010, 10, 1–35. [Google Scholar] [CrossRef]
- Gamage, S.; Samarabandu, J. Deep learning methods in network intrusion detection: A survey and an objective comparison. J. Netw. Comput. Appl. 2020, 169, 102767. [Google Scholar] [CrossRef]
- Wang, W.; Sheng, Y.; Wang, J.; Zeng, X.; Ye, X.; Huang, Y.; Hast-Ids, M.Z. Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection. IEEE Access 2018, 6, 1792–1806. [Google Scholar] [CrossRef]
- Yang, L.; Song, Y.; Gao, S.; Hu, A.; Xiao, B. Griffin: Real-time network intrusion detection system via ensemble of autoencoder in SDN. IEEE Trans. Netw. Serv. Manag. 2022, 19, 2269–2281. [Google Scholar] [CrossRef]
- Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–3 October 2019; pp. 1–8. [Google Scholar]
- Lanvin, M.; Gimenez, P.-F.; Han, Y.; Majorczyk, F.; Mé, L.; Totel, E. Errors in the CICIDS2017 dataset and the significant differences in detection performances it makes. In International Conference on Risks and Security of Internet and Systems; Springer: New York, NY, USA, 2022; pp. 18–33. [Google Scholar]
- Sharafaldin, I.; Lashkari, A.H.; Ghorbani, A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 2018, 1, 108–116. [Google Scholar]
- Kim, J.; Shin, N.; Jo, S.Y.; Kim, S.H. Method of intrusion detection using deep neural network. In Proceedings of the 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Jeju Island, Republic of Korea, 13–16 February 2017; pp. 313–316. [Google Scholar]
- Vinayakumar, R.; Alazab, M.; Soman, K.; Poornachandran, P.; Al-Nemrat, A.; Venkatraman, S. Deep learning approach for intelligent intrusion detection system. IEEE Access 2019, 7, 41525–41550. [Google Scholar] [CrossRef]
- Shone, N.; Ngoc, T.N.; Phai, V.D.; Shi, Q. A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2018, 2, 41–50. [Google Scholar] [CrossRef]
- Al-Qatf, M.; Lasheng, Y.; Al-Habib, M.; Al-Sabahi, K. Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 2018, 6, 52843–52856. [Google Scholar] [CrossRef]
- Yan, B.; Han, G. Effective feature extraction via stacked sparse autoencoder to improve intrusion detection system. IEEE Access 2018, 6, 41238–41248. [Google Scholar] [CrossRef]
- Yin, C.; Zhu, Y.; Fei, J.; He, X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 2017, 5, 21954–21961. [Google Scholar] [CrossRef]
- Xu, C.; Shen, J.; Du, X.; Zhang, F. An intrusion detection system using a deep neural network with gated recurrent units. IEEE Access 2018, 6, 48697–48707. [Google Scholar] [CrossRef]
- Naseer, S.; Saleem, Y.; Khalid, S.; Bashir, M.K.; Han, J.; Iqbal, M.M.; Han, K. Enhanced network anomaly detection based on deep neural networks. IEEE Access 2018, 6, 48231–48246. [Google Scholar] [CrossRef]
- Zavrak, S.; Iskefiyeli, M. Flow-based intrusion detection on software-defined networks: A multivariate time series anomaly detection approach. Neural Comput. Appl. 2023, 35, 12175–12193. [Google Scholar] [CrossRef]
- Lan, Y.; Truong-Huu, T.; Wu, J.; Teo, S.G. Cascaded Multi-Class Network Intrusion Detection With Decision Tree and Self-attentive Model. In Proceedings of the 2022 IEEE International Conference on Data Mining Workshops (ICDMW), Orlando, FL, USA, 28 November–1 December 2022; pp. 1–7. [Google Scholar]
- Hnamte, V.; Hussain, J. DCNNBiLSTM: An efficient hybrid deep learning-based intrusion detection system. Telemat. Inform. Rep. 2023, 10, 100053. [Google Scholar] [CrossRef]
- Fosić, I.; Žagar, D.; Grgić, K.; Križanović, V. Anomaly detection in NetFlow network traffic using supervised machine learning algorithms. J. Ind. Inf. Integr. 2023, 33, 100466. [Google Scholar] [CrossRef]
- Keerthi, S.S.; Srija, K.S.; Pavan, P.S.; Prakash, K. Machine Learning for Net Flow Based Anomaly Intrusion Detection System Using Neural Network Stages. Int. J. Comput. Learn. Intell. 2023, 2, 25–31. [Google Scholar]
- Oh Song, H.; Xiang, Y.; Jegelka, S.; Savarese, S. Deep metric learning via lifted structured feature embedding. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA, 27 June–30 June 2016; pp. 4004–4012. [Google Scholar]
- Zabihzadeh, D.; Alitbi, Z.; Mousavirad, S.J. Ensemble of loss functions to improve generalizability of deep metric learning methods. Multimed. Tools Appl. 2024, 83, 21525–21549. [Google Scholar] [CrossRef]
- Bedi, P.; Gupta, N.; Jindal, V. Siam-IDS: Handling class imbalance problem in intrusion detection systems using siamese neural network. Procedia Comput. Sci. 2020, 171, 780–789. [Google Scholar] [CrossRef]
- Bedi, P.; Gupta, N.; Jindal, V. I-SiamIDS: An improved Siam-IDS for handling class imbalance in network-based intrusion detection systems. Appl. Intell. 2021, 51, 1133–1151. [Google Scholar] [CrossRef]
- Jmila, H.; Ibn Khedher, M.; Blanc, G.; El Yacoubi, M.A. Siamese network based feature learning for improved intrusion detection. In Proceedings of the Neural Information Processing: 26th International Conference, ICONIP 2019, Sydney, NSW, Australia, 12–15 December 2019; Proceedings, Part I 26. Springer: Berlin/Heidelberg, Germany, 2019; pp. 377–389. [Google Scholar]
- Andresini, G.; Appice, A.; Malerba, D. Autoencoder-based deep metric learning for network intrusion detection. Inf. Sci. 2021, 569, 706–727. [Google Scholar] [CrossRef]
- Wang, W.; Jian, S.; Tan, Y.; Wu, Q.; Huang, C. Representation learning-based network intrusion detection system by capturing explicit and implicit feature interactions. Comput. Secur. 2022, 112, 102537. [Google Scholar] [CrossRef]
- Qin, Z.-Q.; Ma, X.-K.; Wang, Y.-J. Attentional payload anomaly detector for web applications. In Proceedings of the Neural Information Processing: 25th International Conference, ICONIP 2018, Siem Reap, Cambodia, 13–16 December 2018; Proceedings, Part IV 25. Springer: Berlin/Heidelberg, Germany, 2018; pp. 588–599. [Google Scholar]
- Farrukh, Y.A.; Khan, I.; Wali, S.; Bierbrauer, D.; Pavlik, J.A.; Bastian, N.D. Payload-byte: A tool for extracting and labeling packet capture files of modern network intrusion detection datasets. In Proceedings of the 2022 IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT), Vancouver, WA, USA, 6–9 December 2022; pp. 58–67. [Google Scholar]
- Zhang, X.; Chen, J.; Zhou, Y.; Han, L.; Lin, J. A multiple-layer representation learning model for network-based attack detection. IEEE Access 2019, 7, 91992–92008. [Google Scholar] [CrossRef]
- Yu, L.; Dong, J.; Chen, L.; Li, M.; Xu, B.; Li, Z.; Qiao, L.; Liu, L.; Zhao, B.; Zhang, C. PBCNN: Packet bytes-based convolutional neural network for network intrusion detection. Comput. Netw. 2021, 194, 108117. [Google Scholar] [CrossRef]
- Ghadermazi, J.; Shah, A.; Bastian, N.D. Towards real-time network intrusion detection with image-based sequential packets representation. IEEE Trans. Big Data 2024, 11, 157–173. [Google Scholar] [CrossRef]
- Hassan, M.; Haque, M.E.; Tozal, M.E.; Raghavan, V.; Agrawal, R. Intrusion detection using payload embeddings. IEEE Access 2021, 10, 4015–4030. [Google Scholar] [CrossRef]
- Pekar, A.; Jozsa, R. Early-Stage Anomaly Detection: A Study of Model Performance on Complete vs. Partial Flows. arXiv 2025, arXiv:2407.02856. [Google Scholar]
- Zhang, Z.; Liu, Q.; Qiu, S.; Zhou, S.; Zhang, C. Unknown attack detection based on zero-shot learning. IEEE Access 2020, 8, 193981–193991. [Google Scholar] [CrossRef]
- Sarhan, M.; Layeghy, S.; Gallagher, M.; Portmann, M. From zero-shot machine learning to zero-day attack detection. Int. J. Inf. Secur. 2023, 22, 947–959. [Google Scholar] [CrossRef]
- Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.A. A detailed analysis of the KDD CUP 99 data set. In Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 8–10 July 2009; pp. 1–6. [Google Scholar]
- Sarhan, M.; Layeghy, S.; Moustafa, N.; Portmann, M. Towards a standard feature set of NIDS datasets. arXiv 2021, arXiv:2101.11315. [Google Scholar]
- Raza, S.A.; Shaikh, M.; Akhtar, R.; Anwar, A. A novel approach to intrusion detection using zero-shot learning hybrid partial labels. Mehran Univ. Res. J. Eng. Technol. 2024, 43, 182–191. [Google Scholar] [CrossRef]
- Sun, Y.; Ochiai, H.; Esaki, H. Intrusion detection with segmented federated learning for large-scale multiple LANs. In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK, 19–24 July 2020; pp. 1–8. [Google Scholar]
- Wang, Z.-M.; Tian, J.-Y.; Qin, J.; Fang, H.; Chen, L.-M. A few-shot learning-based siamese capsule network for intrusion detection with imbalanced training data. Comput. Intell. Neurosci. 2021, 2021, 7126913. [Google Scholar] [CrossRef] [PubMed]
- Iliyasu, A.S.; Abdurrahman, U.A.; Zheng, L. Few-shot network intrusion detection using discriminative representation learning with supervised autoencoder. Appl. Sci. 2022, 12, 2351. [Google Scholar] [CrossRef]
- Vaswani, A.; Shazeer, N.; Parmar, N.; Uszkoreit, J.; Jones, L.; Gomez, A.N.; Kaiser, Ł.; Polosukhin, I. Attention is all you need. Adv. Neural Inf. Process. Syst. 2017, 30. [Google Scholar]
- Kingma, D.; Adam, J.B. A method for stochastic optimization. In Proceedings of the International Conference on Learning Representations (ICLR), San Diego, CA, USA, 2–4 May 2016; p. 6. [Google Scholar]
- Youden, W. Statistical Techniques. NBS Spec. Publ. 1969, 300–301, 421. [Google Scholar]
- Yang, Y.; Cheng, J.; Liu, Z.; Li, H.; Xu, G. A multi-classification detection model for imbalanced data in NIDS based on reconstruction and feature matching. J. Cloud Comput. 2024, 13, 31. [Google Scholar] [CrossRef]
- Belarbi, O.; Khan, A.; Carnelli, P.; Spyridopoulos, T. An intrusion detection system based on deep belief networks. In International Conference on Science of Cyber Security; Springer: New York, NY, USA, 2022; pp. 377–392. [Google Scholar]
- Corsini, A.; Yang, S.J. Are Existing Out-Of-Distribution Techniques Suitable for Network Intrusion Detection? In Proceedings of the 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA, 2–5 October 2023; pp. 1–9. [Google Scholar]
- Sun, Y.; Ming, Y.; Zhu, X.; Li, Y. Out-of-distribution detection with deep nearest neighbors. In Proceedings of the International Conference on Machine Learning, Baltimore, MD, USA, 17–23 July 2022; pp. 20827–20840. [Google Scholar]
Variable (s) | Description | Update Eq. | Feature | State |
---|---|---|---|---|
Last IAT in the session | ✓ | |||
Timestamp of the last packet in the session | ✓ | |||
Number of packets in the session | ✓ | |||
Length of the session in bytes | ✓ | |||
Duration of the session in seconds | ✓ | |||
Packet rate per second in the session | ✓ | |||
, | Mean and standard deviation of IATs in the session | ✓ | ✓ | |
Maximum of IATs in the session | ✓ | ✓ | ||
Mean of the squares of IATs in the session | ✓ | |||
, | Mean and standard deviation of packet lengths in the session | ✓ | ✓ | |
Mean of the squares of packet lengths in the session | ✓ |
Layer/Block | Input | Output | Connected To | #Parameters |
---|---|---|---|---|
Transformer 1 | ||||
FC1 2 + Pos Emb | Input | |||
FC1+ Pos Emb | ||||
FC2 | ||||
FC3 | FC2 | |||
LSTM | FC3 |
Dataset | #Features | #Flows | #Classes | Categories | Description |
---|---|---|---|---|---|
CIC_DDoS2019 | 80 | 4,534,059 | 13 | Benign and twelve different DDoS attacks | Recorded during two days of network activity, containing both extracted flow features and raw packet sequences. |
CRiSIS-2022 | 79 | 2,830,743 | 15 | Benign and fourteen different attacks | Corrected version of CIC-IDS2017 that includes flow features and pcap files. |
Hyperparameters | Description | Search Space |
---|---|---|
Learning rate | ||
Batch size | ||
opt | Optimizer algorithm | Adam |
Margin in the compactness loss term | ||
Sequence length | ||
Number of proxies per class | ||
Embedding dimension | 32 |
Class | #Sessions | Mean | Std | Min | 25% | 50% | 75% | Max |
---|---|---|---|---|---|---|---|---|
BENIGN | 14,944 | 39.39 | 131.6 | 5 | 8 | 17 | 49 | 7526 |
DrDoS_DNS | 13,154 | 1548.63 | 11,591.99 | 5 | 174 | 200 | 200 | 100,150 |
DrDoS_LDAP | 1147 | 4798.67 | 19,708.64 | 5 | 8 | 8 | 8 | 86,232 |
DrDoS_MSSQL | 266 | 1529.99 | 5127.89 | 5 | 6 | 15 | 37.5 | 61,421 |
DrDoS_NTP | 1,088,415 | 70.24 | 63.67 | 5 | 20 | 46 | 104 | 400 |
DrDoS_NetBIOS | 2077 | 12.94 | 95.72 | 5 | 8 | 8 | 8 | 4308 |
DrDoS_SNMP | 1494 | 5168.54 | 21,053.86 | 5 | 8 | 10 | 16 | 92,128 |
DrDoS_SSDP | 496,972 | 7.93 | 70.73 | 5 | 6 | 6 | 6 | 49,690 |
DrDoS_UDP | 604,806 | 7.96 | 7.5 | 5 | 6 | 6 | 6 | 2430 |
Syn | 131,317 | 14.94 | 18.41 | 5 | 12 | 14 | 18 | 4692 |
TFTP | 2,126,468 | 7.67 | 4.32 | 5 | 6 | 6 | 8 | 664 |
UDP-lag | 52,852 | 7.97 | 63.01 | 5 | 6 | 6 | 8 | 8666 |
WebDDoS | 147 | 16.14 | 6.51 | 5 | 15 | 15 | 21 | 63 |
Total | 4,534,059 | 30.55 | 811.89 | 5 | 6 | 6 | 16 | 100,150 |
Accuracy | Macro Acc | Precision (DR) | F1-Score | Macro F1-Score | FAR | |
---|---|---|---|---|---|---|
1 | 78.97 | 75.36 | 88.60 | 82.99 | 40.15 | 18.56 |
2 | 84.91 | 80.56 | 91.08 | 87.54 | 44.72 | 12.13 |
3 | 87.97 | 83.72 | 92.41 | 89.87 | 47.87 | 9.35 |
4 | 90.09 | 87.31 | 93.44 | 91.52 | 50.64 | 7.23 |
5 | 93.08 | 89.48 | 94.83 | 93.81 | 56.34 | 4.1 |
6 | 96.24 | 92.57 | 96.54 | 96.36 | 71.54 | 1.49 |
7 | 97.47 | 94.43 | 97.48 | 97.47 | 94.14 | 0.4 |
8 | 97.49 | 94.63 | 97.5 | 97.49 | 95.51 | 0.00 |
9 | 97.49 | 93.28 | 97.49 | 97.49 | 93.68 | 0.54 |
10 | 97.56 | 95.09 | 97.57 | 97.57 | 95.39 | 0.00 |
11 | 97.58 | 95.41 | 97.59 | 97.58 | 94.63 | 0.47 |
12 | 97.56 | 94.18 | 97.56 | 97.56 | 93.78 | 0.36 |
Type | Method | Accuracy | Macro Acc | Precision (DR) | F1-Score | Macro F1-Score | FAR |
---|---|---|---|---|---|---|---|
Session-based | Yang et al. [47] | 93.36 | 84.67 | 93.38 | 93.37 | 85.51 | 2.25 |
DBN [48] | 91.13 | 80.25 | 91.28 | 90.68 | 91.13 | 0.02 | |
Packet-based | Han et al. [1] | 92.25 | 84.22 | 92.27 | 92.26 | 84.26 | 2.12 |
SPIN-IDS [33] | 94.92 | 88.47 | 94.93 | 94.92 | 89.00 | 1.09 | |
GR-IDS | 97.47 | 94.43 | 97.48 | 97.47 | 94.14 | 0.40 |
Session Size | Method | Accuracy | Macro Acc | Precision (DR) | F1-Score | Macro F1-Score | FAR |
---|---|---|---|---|---|---|---|
Small | GR-IDS | 96.75 | 94.30 | 96.76 | 96.75 | 92.50 | 0.63 |
SPIN-IDS [33] | 93.21 | 88.05 | 93.23 | 93.22 | 87.79 | 1.40 | |
Medium | GR-IDS | 98.03 | 94.88 | 98.04 | 98.03 | 94.55 | 0.30 |
SPIN-IDS | 96.05 | 88.67 | 96.08 | 96.05 | 87.56 | 1.01 | |
Large | GR-IDS | 99.94 | 96.67 | 99.94 | 99.94 | 96.13 | 0.22 |
SPIN-IDS | 99.87 | 84.68 | 99.88 | 99.87 | 83.56 | 1.03 | |
XLarge | GR-IDS | 99.93 | 96.27 | 99.94 | 99.93 | 88.13 | 0.00 |
SPIN-IDS | 99.87 | 84.68 | 99.88 | 99.87 | 83.56 | 1.03 |
Type | Method | Accuracy | Macro Acc | Precision (DR) | F1-Score | Macro F1-Score | FAR |
---|---|---|---|---|---|---|---|
Session-based | Yang et al. [47] | 99.81 | 87.50 | 99.35 | 99.34 | 90.37 | 0.33 |
DBN [48] | 94.19 | 63.39 | 99.58 | 96.73 | 48.78 | 3.97 | |
Packet-based | Han et al. [1] | 99.67 | 84.20 | 99.69 | 99.68 | 83.13 | 0.40 |
SPIN-IDS [33] | 99.10 | 88.73 | 99.12 | 99.11 | 84.26 | 0.40 | |
GR-IDS | 99.90 | 92.60 | 99.90 | 99.90 | 91.23 | 0.11 |
Category | Classes | #Sessions |
---|---|---|
BENIGN | BENIGN | 432,946 |
Botnet | Botnet | 738 |
DDoS | DDoS, DoS GoldenEye, DoS Hulk, DoS Slowhttptest, DoS slowloris, Heartbleed | 265,308 |
Brute Force | FTP-Patator, SSH-Patator | 6953 |
PortScan | PortScan | 221 |
Web Attack | Web Attack-Brute Force, Web Attack-Sql Injection, Web Attack-XSS | 190 |
Total | 706,356 |
Novel Attack | GR-IDS NADR/NAFAR | CONF NADR/NAFAR | MCD NADR/NAFAR | KNN NADR/NAFAR | SLH NADR/NAFAR |
---|---|---|---|---|---|
Web Attack | 99.71/4.01 | 93.10/4.97 | 93.10/6.16 | 90.30/5.69 | 88.58/1.46 |
PortScan | 62.64/3.03 | 5.28/4.99 | 38.64/5.96 | 40.26/6.02 | 1.23/1.53 |
DoS/DDoS | 59.2/3.15 | 26.95/4.92 | 28.98/5.79 | 30.25/6.15 | 13.65/1.63 |
Brute Force | 99.76/2.23 | 2.15/4.95 | 76.02/5.75 | 94.38/6.02 | 1.85/1.43 |
Botnet ARES | 99.21/5.75 | 0.00/5.00 | 3.77/6.21 | 0.00/5.17 | 0.00/1.12 |
AVG | 84.10/3.63 | 25.50/4.97 | 48.10/5.97 | 51.04/5.81 | 21.50/1.43 |
Novel Attack | GR-IDS NADR/NAFAR | w/o LSTM NADR/NAFAR | w/o C NADR/NAFAR | w/o C-Thresh NADR/NAFAR | Pure Trans NADR/NAFAR | Pure LSTM NADR/NAFAR |
---|---|---|---|---|---|---|
Web Attack | 99.71/4.01 | 98.23/4.46 | 96.56/5.81 | 96.79/5.66 | 98.27/3.17 | 95.68/5.08 |
PortScan | 62.64/3.03 | 61.56/2.78 | 59.82/3.03 | 59.98/3.99 | 59.9/6.17 | 59.21/3.77 |
DoS/DDoS | 59.20/3.15 | 58.49/3.82 | 55.26/4.58 | 55.51/4.51 | 56.91/3.89 | 55.84/3.49 |
Brute Force | 99.76/2.23 | 98.19/3.03 | 95.84/3.40 | 94.65/3.03 | 96.73/0.6 | 93.93/3.55 |
Botnet ARES | 99.21/5.75 | 98.79/6.31 | 94.72/6.88 | 94.5/5.99 | 95.39/7.4 | 93.53/6.98 |
AVG | 84.10/3.63 | 83.05/4.05 | 80.44/4.74 | 80.29/4.64 | 81.64/4.25 | 79.64/4.57 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alitbi, Z.k.; Hosseini Seno, S.A.; Ghaemi Bafghi, A.; Zabihzadeh, D. A Generalized and Real-Time Network Intrusion Detection System Through Incremental Feature Encoding and Similarity Embedding Learning. Sensors 2025, 25, 4961. https://doi.org/10.3390/s25164961
Alitbi Zk, Hosseini Seno SA, Ghaemi Bafghi A, Zabihzadeh D. A Generalized and Real-Time Network Intrusion Detection System Through Incremental Feature Encoding and Similarity Embedding Learning. Sensors. 2025; 25(16):4961. https://doi.org/10.3390/s25164961
Chicago/Turabian StyleAlitbi, Zahraa kadhim, Seyed Amin Hosseini Seno, Abbas Ghaemi Bafghi, and Davood Zabihzadeh. 2025. "A Generalized and Real-Time Network Intrusion Detection System Through Incremental Feature Encoding and Similarity Embedding Learning" Sensors 25, no. 16: 4961. https://doi.org/10.3390/s25164961
APA StyleAlitbi, Z. k., Hosseini Seno, S. A., Ghaemi Bafghi, A., & Zabihzadeh, D. (2025). A Generalized and Real-Time Network Intrusion Detection System Through Incremental Feature Encoding and Similarity Embedding Learning. Sensors, 25(16), 4961. https://doi.org/10.3390/s25164961