Network Intrusion Traffic Detection Based on Feature Extraction

作     者：Xuecheng Yu Yan Huang Yu Zhang Mingyang Song Zhenhong Jia 

作者机构：College of Information Science and EngineeringXinjiang UniversityUrumqi830046China Network DepartmentChina Mobile Communications Group Xinjiang CoLtd.UrumqiUrumqi830011China Xinjiang Signal Detection and Processing Key LaboratoryXinjiang UniversityUrumqi830000China 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2024年第78卷第1期

页      面：473-492页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD) 

主　　题：Network intrusion traffic detection PCA Hotelling’s T^(2) BiLSTM 

摘      要：With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal ***,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion *** method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after *** network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between *** datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the ***,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic *** empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing *** results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.