A Few-Shot Learning-Based Siamese Capsule Network for Intrusion Detection with Imbalanced Training Data

Network intrusion detection remains one of the major challenges in cybersecurity. In recent years, many machine-learning-based methods have been designed to capture the dynamic and complex intrusion patterns to improve the performance of intrusion detection systems. However, two issues, including im...

Full description

Saved in:
Bibliographic Details
Published inComputational intelligence and neuroscience Vol. 2021; no. 1; p. 7126913
Main Authors Wang, Zu-Min, Tian, Ji-Yu, Qin, Jing, Fang, Hui, Chen, Li-Ming
Format Journal Article
LanguageEnglish
Published New York Hindawi 2021
Hindawi Limited
Subjects
Accuracy
Algorithms
Artificial neural networks
Clustering
Communications traffic
Cybersecurity
Data processing
Datasets
Decision making
Deep learning
Feature extraction
Information systems
Intrusion detection systems
Learning algorithms
Machine learning
Markov analysis
Neural networks
Performance enhancement
Sampling
Support vector machines
Training
Online AccessGet full text

Cover

More Information
Summary:Network intrusion detection remains one of the major challenges in cybersecurity. In recent years, many machine-learning-based methods have been designed to capture the dynamic and complex intrusion patterns to improve the performance of intrusion detection systems. However, two issues, including imbalanced training data and new unknown attacks, still hinder the development of a reliable network intrusion detection system. In this paper, we propose a novel few-shot learning-based Siamese capsule network to tackle the scarcity of abnormal network traffic training data and enhance the detection of unknown attacks. In specific, the well-designed deep learning network excels at capturing dynamic relationships across traffic features. In addition, an unsupervised subtype sampling scheme is seamlessly integrated with the Siamese network to improve the detection of network intrusion attacks under the circumstance of imbalanced training data. Experimental results have demonstrated that the metric learning framework is more suitable to extract subtle and distinctive features to identify both known and unknown attacks after the sampling scheme compared to other supervised learning methods. Compared to the state-of-the-art methods, our proposed method achieves superior performance to effectively detect both types of attacks.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
Academic Editor: Hubert Cecotti
ISSN:1687-5265
1687-5273
DOI:10.1155/2021/7126913