https://doi.org/10.1140/epjp/s13360-024-05320-x
Regular Article
An enhanced strategy for minority class detection using bidirectional GRU employing penalized cross-entropy and self-attention mechanisms for imbalance network traffic
1
Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences (PIEAS), 45650, Nilore, Islamabad, Pakistan
2
Future Technology Research Center, National Yunlin University of Science and Technology, 123 University Road, Section 3, 64002, Douliou, Yunlin, Taiwan, R.O.C.
Received:
1
May
2024
Accepted:
27
May
2024
Published online:
17
June
2024
The emergence of the Internet as a global communication tool has brought significant transformations across various aspects of our everyday lives. However, it has also resulted in new technical challenges, such as the risk of personal information exposure, network congestion, and limited availability of network addresses. The cybersecurity field has greatly benefited from the implementation of artificial intelligence and machine learning to model network activity and improve the detection of potential threats. Intrusion detection systems are specifically unable to tackle the challenges of high-class imbalance and the varying significance of misclassifications specifically for minority classes. The proposed SABiG (CPL) model targets the high dimensional imbalance data set CIC-IDS2017 by employing the evolutionary computing framework of genetic algorithms utilizing random forest GA(RF) for optimal feature selection. For attack classification, a powerful deep learning technique of bidirectional gated recurrent unit (Bi-GRU) with a self-attention mechanism is exploited. Our proposed model features a custom penalized cross entropy strategy by assigning three penalty values according to class imbalanced ratios to address the misclassification issue. The experimental results have demonstrated enhanced detection accuracy for all classes in general and minority classes in particular, such as infiltration, and web attacks. Comparison with the existing techniques in terms of all standard performance indices further evaluates our proposed intrusion detection system for imbalanced data. The generalization of the proposed model is evaluated with the recent CIC-CSE-IDS2018 web attack dataset.
Copyright comment Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
© The Author(s), under exclusive licence to Società Italiana di Fisica and Springer-Verlag GmbH Germany, part of Springer Nature 2024. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
