| dc.contributor.author | Kiflay, Aklil Zenebe | |
| dc.contributor.author | Tsokanos, Athanasios | |
| dc.contributor.author | Fazlali, Mahmood | |
| dc.contributor.author | Kirner, Raimund | |
| dc.date.accessioned | 2024-06-17T09:00:02Z | |
| dc.date.available | 2024-06-17T09:00:02Z | |
| dc.date.issued | 2024-07-30 | |
| dc.identifier.citation | Kiflay , A Z , Tsokanos , A , Fazlali , M & Kirner , R 2024 , ' Network intrusion detection leveraging multimodal features ' , Array , vol. 22 , 100349 , pp. 1-13 . https://doi.org/10.1016/j.array.2024.100349 | |
| dc.identifier.issn | 2590-0056 | |
| dc.identifier.other | ORCID: /0000-0002-1701-5562/work/162106960 | |
| dc.identifier.uri | http://hdl.handle.net/2299/27962 | |
| dc.description | © 2024 The Author(s). Published by Elsevier Inc. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/ | |
| dc.description.abstract | Network Intrusion Detection Systems (NIDSes) are essential for safeguarding critical information systems. However, the lack of adaptability of Machine Learning (ML) based NIDSes to different environments could cause slow adoption. In this paper, we propose a multimodal NIDS that combines flow and payload features to detect cyber-attacks. The focus of the paper is to evaluate the use of multimodal traffic features in detecting attacks, but not on a practical online implementation. In the multimodal NIDS, two random forest models are trained to classify network traffic using selected flow-based features and the first few bytes of protocol payload, respectively. Predictions from the two models are combined using a soft voting approach to get the final traffic classification results. We evaluate the multimodal NIDS using flow-based features and the corresponding payloads extracted from Packet Capture (PCAP) files of a publicly available UNSW-NB15 dataset. The experimental results show that the proposed multimodal NIDS can detect most attacks with average Accuracy, Recall, Precision and F 1 scores ranging from 98% to 99% using only six flow-based traffic features, and the first 32 bytes of protocol payload. The proposed multimodal NIDS provides a reliable approach to detecting cyber-attacks in different environments. | en |
| dc.format.extent | 13 | |
| dc.format.extent | 1325223 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Array | |
| dc.subject | intrusion detection | |
| dc.subject | Machine learning | |
| dc.subject | Security | |
| dc.subject | networking | |
| dc.subject | Network flow | |
| dc.subject | Intrusion detection | |
| dc.subject | Random forest | |
| dc.subject | Packet payload | |
| dc.subject | Computer Networks and Communications | |
| dc.subject | General Computer Science | |
| dc.title | Network intrusion detection leveraging multimodal features | en |
| dc.contributor.institution | School of Physics, Engineering & Computer Science | |
| dc.contributor.institution | Cybersecurity and Computing Systems | |
| dc.contributor.institution | Department of Computer Science | |
| dc.contributor.institution | Centre for Computer Science and Informatics Research | |
| dc.contributor.institution | Centre for Future Societies Research | |
| dc.description.status | Peer reviewed | |
| dc.identifier.url | http://www.scopus.com/inward/record.url?scp=85194046213&partnerID=8YFLogxK | |
| rioxxterms.versionofrecord | 10.1016/j.array.2024.100349 | |
| rioxxterms.type | Journal Article/Review | |
| herts.preservation.rarelyaccessed | true | |
