Show simple item record

dc.contributor.authorKiflay, Aklil Zenebe
dc.contributor.authorTsokanos, Athanasios
dc.contributor.authorFazlali, Mahmood
dc.contributor.authorKirner, Raimund
dc.date.accessioned2024-06-17T09:00:02Z
dc.date.available2024-06-17T09:00:02Z
dc.date.issued2024-07-30
dc.identifier.citationKiflay , A Z , Tsokanos , A , Fazlali , M & Kirner , R 2024 , ' Network intrusion detection leveraging multimodal features ' , Array , vol. 22 , 100349 , pp. 1-13 . https://doi.org/10.1016/j.array.2024.100349
dc.identifier.issn2590-0056
dc.identifier.otherORCID: /0000-0002-1701-5562/work/162106960
dc.identifier.urihttp://hdl.handle.net/2299/27962
dc.description© 2024 The Author(s). Published by Elsevier Inc. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/
dc.description.abstractNetwork Intrusion Detection Systems (NIDSes) are essential for safeguarding critical information systems. However, the lack of adaptability of Machine Learning (ML) based NIDSes to different environments could cause slow adoption. In this paper, we propose a multimodal NIDS that combines flow and payload features to detect cyber-attacks. The focus of the paper is to evaluate the use of multimodal traffic features in detecting attacks, but not on a practical online implementation. In the multimodal NIDS, two random forest models are trained to classify network traffic using selected flow-based features and the first few bytes of protocol payload, respectively. Predictions from the two models are combined using a soft voting approach to get the final traffic classification results. We evaluate the multimodal NIDS using flow-based features and the corresponding payloads extracted from Packet Capture (PCAP) files of a publicly available UNSW-NB15 dataset. The experimental results show that the proposed multimodal NIDS can detect most attacks with average Accuracy, Recall, Precision and F 1 scores ranging from 98% to 99% using only six flow-based traffic features, and the first 32 bytes of protocol payload. The proposed multimodal NIDS provides a reliable approach to detecting cyber-attacks in different environments.en
dc.format.extent13
dc.format.extent1325223
dc.language.isoeng
dc.relation.ispartofArray
dc.subjectintrusion detection
dc.subjectMachine learning
dc.subjectSecurity
dc.subjectnetworking
dc.subjectNetwork flow
dc.subjectIntrusion detection
dc.subjectRandom forest
dc.subjectPacket payload
dc.subjectComputer Networks and Communications
dc.subjectGeneral Computer Science
dc.titleNetwork intrusion detection leveraging multimodal featuresen
dc.contributor.institutionSchool of Physics, Engineering & Computer Science
dc.contributor.institutionCybersecurity and Computing Systems
dc.contributor.institutionDepartment of Computer Science
dc.contributor.institutionCentre for Computer Science and Informatics Research
dc.contributor.institutionCentre for Future Societies Research
dc.description.statusPeer reviewed
dc.identifier.urlhttp://www.scopus.com/inward/record.url?scp=85194046213&partnerID=8YFLogxK
rioxxterms.versionofrecord10.1016/j.array.2024.100349
rioxxterms.typeJournal Article/Review
herts.preservation.rarelyaccessedtrue


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record