Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification
Abstract
:1. Introduction
- (1)
- Addressing the challenges faced by traditional intrusion detection methods in IoT environments, such as data imbalance and difficulties detecting unknown attacks. By training the model exclusively on normal traffic, the proposed algorithm enhances its robustness in detecting new and previously unseen attacks.
- (2)
- Validating the effectiveness of the proposed algorithm through experiments on the CIC-IDS2017 and Kitsune datasets. The results show that the algorithm performs well on both datasets when handling complex network traffic, significantly outperforming traditional methods.
2. Related Work
3. Methodology
3.1. Dataset and Preprocessing
3.2. Algorithm Design
3.2.1. Network Model Structure
3.2.2. Overall Model Architecture
Algorithm 1 Testing Process for TransGAN-IDS |
|
3.2.3. Loss Function
4. Experiments
4.1. Experimental Environment
4.2. Dataset and Evaluation Metrics
4.3. Model Evaluation
4.4. Intrusion Detection System Design
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Bitdefender. The 2024 IoT Security Landscape Report. Available online: Https://www.bitdefender.com (accessed on 26 August 2024).
- Díaz-Verdejo, J.; Muñoz-Calle, J.; Estepa Alonso, A.; Estepa Alonso, R.; Madinabeitia, G. On the detection capabilities of signature-based intrusion detection systems in the context of web attacks. Appl. Sci. 2022, 12, 852. [Google Scholar] [CrossRef]
- Ahmad, R.; Alsmadi, I.; Alhamdani, W.; Tawalbeh, L.A. Zero-day attack detection: A systematic literature review. Artif. Intell. Rev. 2023, 56, 10733–10811. [Google Scholar] [CrossRef]
- Maseer, Z.K.; Yusof, R.; Bahaman, N.; Mostafa, S.A.; Foozy, C.F.M. Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset. IEEE Access 2021, 9, 22351–22370. [Google Scholar] [CrossRef]
- Hao, Y.; Dong, L.; Wei, F.; Xu, K.; Zhang, S. Self-attention attribution: Interpreting information interactions inside transformer. In Proceedings of the AAAI Conference on Artificial Intelligence, Virtually, 2–9 February 2021; Volume 35, pp. 12963–12971. [Google Scholar]
- Pingale, S.V.; Sutar, S.R. Remora based Deep Maxout Network model for network intrusion detection using Convolutional Neural Network features. Comput. Electr. Eng. 2023, 110, 108831. [Google Scholar] [CrossRef]
- Kasongo, S.M. A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework. Comput. Commun. 2023, 199, 113–125. [Google Scholar] [CrossRef]
- Eshak Magdy, M.; M MATTER, A.; Hussin, S.; Hassan, D.; Elsaid, S. A Comparative study of intrusion detection systems applied to NSL-KDD Dataset. Egypt. Int. J. Eng. Sci. Technol. 2023, 43, 88–98. [Google Scholar] [CrossRef]
- Türk, F. Analysis of intrusion detection systems in UNSW-NB15 and NSL-KDD datasets with machine learning algorithms. Bitlis Eren Üniversitesi Fen Bilim. Derg. 2023, 12, 465–477. [Google Scholar] [CrossRef]
- Lee, J.H.; Park, K.H. GAN-based imbalanced data intrusion detection system. Pers. Ubiquitous Comput. 2021, 25, 121–128. [Google Scholar] [CrossRef]
- Thanh-Tung, H.; Tran, T. Catastrophic forgetting and mode collapse in GANs. In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK, 19–24 July 2020; pp. 1–10. [Google Scholar]
- Wang, S.; Zou, Q.; Gao, B. SCA-GANomaly: An unsupervised anomaly detection model of high-speed railway catenary components. Multimed. Tools Appl. 2024, 83, 88919–88947. [Google Scholar] [CrossRef]
- Zhang, C.; Cai, Y.; Lin, G.; Shen, C. Deepemd: Few-shot image classification with differentiable earth mover’s distance and structured classifiers. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, WA, USA, 13–19 June 2020; pp. 12203–12213. [Google Scholar]
- Singh, A.; Jang-Jaccard, J. Autoencoder-based unsupervised intrusion detection using multi-scale convolutional recurrent networks. arXiv 2022, arXiv:2204.03779. [Google Scholar]
- Narasimhan, H.; Ravi, V.; Mohammad, N. Unsupervised deep learning approach for in-vehicle intrusion detection system. IEEE Consum. Electron. Mag. 2021, 12, 103–108. [Google Scholar] [CrossRef]
- Mvula, P.K.; Branco, P.; Jourdan, G.V.; Viktor, H.L. A Survey on the Applications of Semi-supervised Learning to Cyber-security. ACM Comput. Surv. 2024, 56, 1–41. [Google Scholar] [CrossRef]
- Han, Y.; Chang, H. XA-GANomaly: An explainable adaptive semi-supervised learning method for intrusion detection using GANomaly. Comput. Mater. Contin. 2023, 76, 221–237. [Google Scholar] [CrossRef]
- Kabilan, N.; Ravi, V.; Sowmya, V. Unsupervised intrusion detection system for in-vehicle communication networks. J. Saf. Sci. Resil. 2024, 5, 119–129. [Google Scholar]
- Krasnov, D.; Davis, D.; Malott, K.; Chen, Y. Fuzzy c-means clustering: A review of applications in breast cancer detection. Entropy 2023, 25, 1021. [Google Scholar] [CrossRef]
- Hashemi, S.E.; Gholian-Jouybari, F.; Hajiaghaei-Keshteli, M. A fuzzy C-means algorithm for optimizing data clustering. Expert Syst. Appl. 2023, 227, 120377. [Google Scholar] [CrossRef]
- Rosay, A.; Cheval, E.; Carlier, F.; Leroux, P. Network intrusion detection: A comprehensive analysis of CIC-IDS2017. In Proceedings of the 8th International Conference on Information Systems Security and Privacy, Online, 9–11 February 2022; SCITEPRESS-Science and Technology Publications: Setúbal, Portugal, 2022; pp. 25–36. [Google Scholar]
- Jin, X.; Zhou, J.; Rao, Y.; Zhang, X.; Zhang, W.; Ba, W.; Zhou, X.; Zhang, T. An innovative approach for integrating two-dimensional conversion of Vis-NIR spectra with the Swin Transformer model to leverage deep learning for predicting soil properties. Geoderma 2023, 436, 116555. [Google Scholar] [CrossRef]
- ValizadehAslani, T.; Liang, H. LayerNorm: A key component in parameter-efficient fine-tuning. arXiv 2024, arXiv:2403.20284. [Google Scholar]
- Ray, D.; Murgoitio-Esandi, J.; Dasgupta, A.; Oberai, A.A. Solution of physics-based inverse problems using conditional generative adversarial networks with full gradient penalty. Comput. Methods Appl. Mech. Eng. 2023, 417, 116338. [Google Scholar] [CrossRef]
- Valero-Carreras, D.; Alcaraz, J.; Landete, M. Comparing two SVM models through different metrics based on the confusion matrix. Comput. Oper. Res. 2023, 152, 106131. [Google Scholar] [CrossRef]
- Layeghy, S.; Baktashmotlagh, M.; Portmann, M. DI-NIDS: Domain invariant network intrusion detection system. Knowl.-Based Syst. 2023, 273, 110626. [Google Scholar] [CrossRef]
- Yin, X.; Chen, L. Network Intrusion Detection Method Based on Multi-Scale CNN in Internet of Things. Mob. Inf. Syst. 2022, 2022, 8124831. [Google Scholar] [CrossRef]
- Aktar, S. Network Intrusion Detection Using a Deep Learning Approach. Master’s Thesis, The University of New Orleans, New Orleans, LA, USA, 2022. [Google Scholar]
- Aldhaheri, S.; Alhuzali, A. SGAN-IDS: Self-attention-based generative adversarial network against intrusion detection systems. Sensors 2023, 23, 7796. [Google Scholar] [CrossRef] [PubMed]
- Kaliyaperumal, P.; Periyasamy, S.; Thirumalaisamy, M.; Balamurugan, B. A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT. Future Internet 2024, 16, 253. [Google Scholar] [CrossRef]
- Ma, X.; Luo, L.; Zeng, Q. From One Thousand Pages of Specification to Unveiling Hidden Bugs: Large Language Model Assisted Fuzzing of Matter IoT Devices. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), Philadelphia, PA, USA, 14–16 August 2024; pp. 4783–4800. [Google Scholar]
- Feng, X.; Sun, R.; Zhu, X.; Xue, M.; Wen, S.; Liu, D.; Nepal, S.; Xiang, Y. Snipuzz: Black-box fuzzing of IoT firmware via message snippet inference. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, 15–19 December 2021; pp. 337–350. [Google Scholar]
CPU | GPU | OS | CUDA | Pytorch |
---|---|---|---|---|
Intel i5-12400 | NVIDA-A4500 | Ubuntu-22.04 | 11.8 | 2.0.0 |
Dataset | Attack Type | Data Volume |
---|---|---|
CIC-IDS2017 | Benign | 2,271,285 |
DoS | 251,701 | |
PortScan | 158,804 | |
DDoS | 128,019 | |
BruteForce | 13,832 | |
WebAttack | 2180 | |
Kitsune | OS Scan | 1,697,851 |
Fuzzing | 2,244,139 | |
Video Injection | 2,472,401 | |
ARP MitM | 2,504,267 | |
Active Wiretap | 4,554,925 | |
SSDP Flood | 4,077,266 | |
SYN DoS | 2,771,276 | |
SSL Renegotiation | 6,084,492 | |
Mirai | 764,137 |
Scenario | Quantity | Proportion |
---|---|---|
Map Navigation | 129,832 | 23% |
Online Music | 108,867 | 19.4% |
Online Video | 139,195 | 24.8% |
Instant Messaging | 87,892 | 15.6% |
Web Browsing | 96,561 | 17.2% |
Scenario | Quantity | Proportion |
---|---|---|
Map Navigation | 5047 | 10.8% |
Online Music | 6363 | 13.7% |
Online Video | 5489 | 11.8% |
Instant Messaging | 4927 | 10.6% |
Web Browsing | 3876 | 8.3% |
DOS | 7893 | 17% |
DDOS | 7037 | 15.1% |
Web Attack | 5889 | 12.7% |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Li, M.; Luo, L.; Xiao, K.; Wang, G.; Wang, Y. Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification. Appl. Sci. 2025, 15, 1709. https://doi.org/10.3390/app15041709
Li M, Luo L, Xiao K, Wang G, Wang Y. Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification. Applied Sciences. 2025; 15(4):1709. https://doi.org/10.3390/app15041709
Chicago/Turabian StyleLi, Meng, Lei Luo, Kun Xiao, Geng Wang, and Yintao Wang. 2025. "Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification" Applied Sciences 15, no. 4: 1709. https://doi.org/10.3390/app15041709
APA StyleLi, M., Luo, L., Xiao, K., Wang, G., & Wang, Y. (2025). Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification. Applied Sciences, 15(4), 1709. https://doi.org/10.3390/app15041709