MULTIMODAL DATA FEATURE EXTRACTION METHOD FOR NETWORK ATTACK CLASSIFICATION
Abstract
An intrusion detection system (IDS) is an important component of corporate data network (CDN) protection. IDS analyzes network traffic and detects network attacks. Depending on the detection methods, IDS can be classified into the following types of systems: signature-based analysis systems, anomaly detection systems (ADS), and hybrid systems combining the aforementioned approaches. Recently, anomaly detection systems (IDS) have been actively developing. For anomaly detection systems, network attacks are anomalous behavior of network traffic consisting of a set of features or event attributes. Modern IDS are based on machine and deep learning methods, and therefore the detection of network attacks and anomalies is formulated as a classification and clustering problem. To solve these problems, methods for optimizing the feature space of network traffic are required. The aim of the work is to develop a feature extraction method based on a multimodal approach to representing network traffic data for classifying network attacks. The paper considers the analysis of relevant studies on feature extraction methods from various fields. The objective of the study is to improve classification efficiency using a multimodal representation of network traffic features. The result of the work is a method for extracting data features based on two modalities: a spectral representation of network traffic features and an image feature matrix. The novelty of the presented method lies in the application of the windowed Fourier transform method for network traffic events, followed by the calculation of spectral features for discrete signals, as well as the transformation of data features into an image matrix and its expansion to optimize the feature space using a convolutional neural network (CNN). Evaluation of the multimodal method showed that this method increased the classification accuracy for unbalanced classes of network attacks
References
1. Vasil'ev V.I., Kirillova A.D., Kukharev S.N. Kiberbezopasnost' avtomatizirovannykh sistem upravleniya promyshlennykh ob"ektov (sovremennoe sostoyanie, tendentsii) [Cybersecurity of automated control systems of industrial facilities (current status, trends)], Vestnik UrFO. Bezopasnost' v informatsionnoy sfere [Bulletin of the Ural Federal District. Security in the Information Sphere], 2018, No. 4 (30), pp. 66-74. DOI: 10.14529/secur180410. EDN YUNKEP.
2. Shelukhin O.I., Sakalema D.Zh., Filinova A.S. Obnaruzhenie vtorzheniy v komp'yuternye seti (setevye anomalii): ucheb. posobie [Detection of intrusions in computer networks (network anomalies): a tutori-al], ed. by O.I. Shelukhina. Moscow: Goryachaya liniya-Telekom, 2018, 220 p. ISBN 978-5-9912-0323-4. Lan': elektronno-bibliotechnaya sistema. Available at: https://e.lanbook.com/book/111119.
3. Shelukhin O.I. Setevye anomalii. Obnaruzhenie, lokalizatsiya, prognozirovanie [Network anomalies. Detection, localization, forecasting]. Moscow: Goryachaya liniya-Telekom, 2019, 447 p. ISBN 978-5-9912-0756-0.
4. Varun Chandola, Arindam Banerjee, and Vipin Kumar. Anomaly detection: A survey. ACM Comput., Surv., 2009, 41, 3, Article 15 (July 2009), 58 p. Available at: https://doi.org/10.1145/1541880.1541882.
5. Shelukhin O.I., Sudarikov R.A. Analiz informativnykh priznakov v zadachakh obnaruzheniya anomaliy trafika statisticheskimi metodami [Analysis of informative features in the problems of detecting traffic anomalies by statistical methods], T-Comm: Telekommunikatsii i transport [T-Comm: Telecommunica-tions and transport], 2014, Vol. 8, No. 3, pp. 14-18. EDN SGIHFZ.
6. Xin R., Liu H., Chen P. et al. Robust and accurate performance anomaly detection and prediction for cloud applications: a novel ensemble learning-based framework, J Cloud Comp., 2023, 12, 7. Available at: https://doi.org/10.1186/s13677-022-00383-6.
7. Alsaffar A.M., Nouri-Baygi M. & Zolbanin H.M. Shielding networks: enhancing intrusion detection with hybrid feature selection and stack ensemble learning, J Big Data, 2024, 11, 133. Available at: https://ezpro.fa.ru:2117/10.1186/s40537-024-00994-7.
8. Shelukhin O.I., Matorin F.A. Snizhenie razmernosti massivov dannykh s pomoshch'yu mnogosloynykh avtokodirovshchikov v zadache klassifikatsii mobil'nykh prilozheniy [Reducing the dimensionality of da-ta arrays using multilayer autoencoders in the problem of mobile application classification],
Tr. uchebnykh zavedeniy svyazi [Proceedings of educational institutions of communication], 2024, Vol. 10, No. 6, pp. 111-120. DOI: 10.31854/1813-324X-2024-10-6-111-120. EDN TOPDUA.
9. Shelukhin O.I., Rakovskiy D.I. Vybor metricheskikh atributov redkikh anomal'nykh sobytiy komp'yuter-noy sistemy metodami intellektual'nogo analiza dannykh [Selection of metric attributes of rare anomalous events of a computer system using data mining methods], T-Comm: Telekommunikatsii i transport [T-Comm: Telecommunications and transport], 2021, Vol. 15, No. 6, pp. 40-47. DOI: 10.36724/2072-8735-2021-15-6-40-47. EDN YJDUYV.
10. Shelukhin O.I., Ryabinin V.S., Farmakovskiy M.A. Obnaruzhenie anomal'nykh sostoyaniy komp'yuternykh sistem sredstvami intellektual'nogo analiza dannykh sistemnykh zhurnalov [Detection of abnormal states of computer systems by means of intelligent analysis of system log data], Voprosy kiberbezopasnosti [Cybersecurity Issues], 2018, No. 2 (26), pp. 33-43. DOI: 10.21681/2311-3456-2018-2-33-43. EDN XYHQUP.
11. Slipenchuk P.V. Algoritm izvlecheniya kharakternykh priznakov iz dannykh pol'zovatel'skikh aktivnostey [Algorithm for extracting characteristic features from user activity data], Voprosy kiberbezopasnosti [Cybersecurity Issues], 2019, No. 1 (29), pp. 53-58. DOI: 10.21681/2311-3456-2019-1-53-58. EDN YZFWPZ.
12. Do E.H. and Gadepally V.N. Classifying Anomalies for Network Security, ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Barcelona, Spain, 2020, pp. 2907-2911. DOI: 10.1109/ICASSP40776.2020.9053419.
13. Wu J., Gan W., Chen Z., Wan S. and Yu P.S. Multimodal Large Language Models: A Survey, 2023 IEEE International Conference on Big Data (BigData), Sorrento, Italy, 2023, pp. 2247-2256. DOI: 10.1109/BigData59044.2023.10386743.
14. Shi S., Han D., & Cui M. A multimodal hybrid parallel network intrusion detection model, Connection Science, 2023, 35 (1). Available at: https://doi.org/10.1080/09540091.2023.2227780.
15. Ullah F., Turab A., Ullah S., Cacciagrano D., Zhao Y. Enhanced Network Intrusion Detection System for Internet of Things Security Using Multimodal Big Data Representation with Transfer Learning and Game Theory, Sensors, 2024, 24 (13):4152. Available at: https://doi.org/10.3390/s24134152.
16. Singh A.K., Krishnan S. ECG signal feature extraction trends in methods and applications, BioMed Eng OnLine, 2023, 22. Available at: https://doi.org/10.1186/s12938-023-01075-1.
17. Kotenko I., Saenko I., Lauta O., Kribel A. An approach to detecting cyber attacks against smart power grids based on the analysis of network traffic self-similarity, Energies, 2020, Vol. 13, No. 19,
pp. 5031. DOI: 10.3390/en13195031. EDN YVERBA.
18. Get'man A.I., Goryunov M.N., Matskevich A.G. [i dr.]. Primenenie glubokogo obucheniya dlya ob-naruzheniya komp'yuternykh atak v setevom trafike [Application of deep learning to detect computer at-tacks in network traffic], Tr. Instituta sistemnogo programmirovaniya RAN [Proceedings of the Institute for System Programming of the Russian Academy of Sciences], 2023, Vol. 35, No. 4,
pp. 65-92. DOI: 10.15514/ISPRAS-2023-35(4)-3. EDN CSLHAE.
19. Jogin M., Mohana, Madhulika M.S., Divya G.D., Meghana R.K. and Apoorva S. Feature Extraction using Convolution Neural Networks (CNN) and Deep Learning, 2018 3rd IEEE International Confer-ence on Recent Trends in Electronics, Information & Communication Technology (RTEICT), Banga-lore, India, 2018, pp. 2319-2323. DOI: 10.1109/RTEICT42901.2018.9012507.
20. Xiao Y., Xing C., Zhang T. and Zhao Z. An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks, in IEEE Access, 2019, Vol. 7, pp. 42210-42219. DOI: 10.1109/ACCESS.2019.2904620.
21. Thakkar A., Lohiya R. A review of the advancement in intrusion detection datasets, Procedia Comput Sci., 2020, 167, pp. 636-645.
