Network Intrusion Detection Based on an Efficient Neural Architecture Search
Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-08-01
|
| Series: | Symmetry |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2073-8994/13/8/1453 |
| _version_ | 1797521905789435904 |
|---|---|
| author | Renjian Lyu Mingshu He Yu Zhang Lei Jin Xinlei Wang |
| author_facet | Renjian Lyu Mingshu He Yu Zhang Lei Jin Xinlei Wang |
| author_sort | Renjian Lyu |
| collection | DOAJ |
| description | Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate. |
| first_indexed | 2024-03-10T08:20:08Z |
| format | Article |
| id | doaj.art-013ea71997f94551b8dfc1a1f33628ee |
| institution | Directory Open Access Journal |
| issn | 2073-8994 |
| language | English |
| last_indexed | 2024-03-10T08:20:08Z |
| publishDate | 2021-08-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Symmetry |
| spelling | doaj.art-013ea71997f94551b8dfc1a1f33628ee2023-11-22T10:01:44ZengMDPI AGSymmetry2073-89942021-08-01138145310.3390/sym13081453Network Intrusion Detection Based on an Efficient Neural Architecture SearchRenjian Lyu0Mingshu He1Yu Zhang2Lei Jin3Xinlei Wang4School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaDeep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.https://www.mdpi.com/2073-8994/13/8/1453NASnetwork traffic classificationsurrogate model |
| spellingShingle | Renjian Lyu Mingshu He Yu Zhang Lei Jin Xinlei Wang Network Intrusion Detection Based on an Efficient Neural Architecture Search Symmetry NAS network traffic classification surrogate model |
| title | Network Intrusion Detection Based on an Efficient Neural Architecture Search |
| title_full | Network Intrusion Detection Based on an Efficient Neural Architecture Search |
| title_fullStr | Network Intrusion Detection Based on an Efficient Neural Architecture Search |
| title_full_unstemmed | Network Intrusion Detection Based on an Efficient Neural Architecture Search |
| title_short | Network Intrusion Detection Based on an Efficient Neural Architecture Search |
| title_sort | network intrusion detection based on an efficient neural architecture search |
| topic | NAS network traffic classification surrogate model |
| url | https://www.mdpi.com/2073-8994/13/8/1453 |
| work_keys_str_mv | AT renjianlyu networkintrusiondetectionbasedonanefficientneuralarchitecturesearch AT mingshuhe networkintrusiondetectionbasedonanefficientneuralarchitecturesearch AT yuzhang networkintrusiondetectionbasedonanefficientneuralarchitecturesearch AT leijin networkintrusiondetectionbasedonanefficientneuralarchitecturesearch AT xinleiwang networkintrusiondetectionbasedonanefficientneuralarchitecturesearch |