Attention-driven multi-model architecture for unbalanced network traffic intrusion detection via extreme gradient boosting

Attention-driven multi-model architecture for unbalanced network traffic intrusion detection via extreme gradient boosting

Network Intrusion Detection Systems (NIDS) face significant challenges in identifying rare attack instances due to the inherent class imbalance and diversity in network traffic. This imbalance, often characterized by a dominance of benign network traffic data, reduces the effectiveness of traditiona...

Full description

Saved in:
Bibliographic Details
Main Authors: Oluwadamilare Harazeem Abdulganiyu, Taha Ait Tchakoucht, Ahmed El Hilali Alaoui, Yakub Kayode Saheed
Format: Article
Language:English
Published: Elsevier 2025-06-01
Series:Intelligent Systems with Applications
Subjects:
Intrusion detection system
Artificial intelligence
Imbalanced network traffic
Attention mechanism
Variational autoencoder
Class wise focal loss
Online Access:http://www.sciencedirect.com/science/article/pii/S2667305325000456
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network Intrusion Detection Systems (NIDS) face significant challenges in identifying rare attack instances due to the inherent class imbalance and diversity in network traffic. This imbalance, often characterized by a dominance of benign network traffic data, reduces the effectiveness of traditional detection methods. To address this, we proposed CWFLAM-VAE, an attention-driven multi-model architecture that combines Class-Wise Focal Loss, Variational Autoencoder, and Extreme Gradient Boosting. CWFLAM-VAE generates synthetic rare-class attack data while preserving the original feature distribution, mitigating imbalance and improving classification performance. The effectiveness of our proposed system was evaluated by employing two datasets, one of which is the NSL-KDD, which exhibits a skewed distribution of network traffic favoring the majority class, and CSE-CIC-IDS2018 dataset, where approximately 83 % of the data consists of benign network traffic. We compared our method with existing sampling techniques (SMOTE, ROS, ADASYN, RUS) and existing classifiers (Logistic Regression, KNN, SVM, Decision Tree, LSTM, CNN). The experimental findings distinctly reveal the efficacy of the CWFLAM-VAE in resolving class imbalance concerns, with Extreme Gradient Boosting surpassing alternative machine learning techniques particularly in the detection of rare instances of attack traffic with an f-score of 97.6 % and 98.1 %, as well as a false positive rate of 0.17 and 0.27 for both data respectively.
ISSN:2667-3053

Similar Items