Network Image datasets for IDS using Anomaly Detection

As the world increasingly becomes more interconnected, the demand for safety and security is ever-increasing, particularly for industrial networks. This has prompted numerous researchers to investigate different methodologies and techniques suitable for intrusion detection systems (IDS) requirements. Over the years, many studies have proposed various solutions in this regard, including signature-based and machine learning (ML)-based systems. More recently, researchers are considering deep learning (DL)-based anomaly detection approaches. Most proposed works in this research field aim to achieve either one or a combination of high accuracy, considerably low false alarm rates (FARs), high classification specificity and detection sensitivity, lightweight DL models, or other ML and DL-related performance measurement metrics. In this study, we propose a novel method to convert a raw dataset to an image dataset to magnify patterns by utilizing the Short-Term Fourier transform (STFT). The resulting high-quality image dataset allowed us to devise an anomaly detection system for IDS using a simple lightweight convolutional neural network (CNN) that classifies denial of service and distributed denial of service. The proposed methods were evaluated using a modern dataset, CSE-CIC-IDS2018, and a legacy dataset, NSLKDD. We have also applied a combined dataset to assess the generalization of the proposed model across various datasets. Our experimental results have demonstrated that the proposed methods achieved high accuracy and considerably low FARs with high specificity and sensitivity. The resulting loss and accuracy curves have demonstrated the efficacy of our raw dataset to image dataset conversion methodology, which is evident as an excellent generalization of the proposed lightweight CNN model was observed, effectively avoiding overfitting. This holds for both the modern and legacy datasets, including their mixed versions.

随着世界日益互联互通，对安全与保障的需求亦不断攀升，尤其是在工业网络领域。这一现象促使众多研究者深入探究适用于入侵检测系统（IDS）需求的不同方法和技巧。历经数年，诸多研究在这一领域提出了各种解决方案，包括基于特征和基于机器学习（ML）的系统。近年来，研究者们开始考虑利用深度学习（DL）的异常检测方法。大部分在此研究领域提出的作品旨在实现高精度、显著降低误报率（FARs）、高分类特异性和检测灵敏度、轻量级深度学习模型，或其他机器学习和深度学习相关的性能评估指标。在本研究中，我们提出了一种新颖的方法，通过运用短期傅里叶变换（STFT）将原始数据集转换为图像数据集，以放大模式。所得到的优质图像数据集使我们能够设计出用于IDS的异常检测系统，该系统采用了一个简单的轻量级卷积神经网络（CNN）对拒绝服务和分布式拒绝服务进行分类。所提出的方法使用现代数据集CSE-CIC-IDS2018和传统数据集NSLKDD进行了评估，同时，我们还应用了一个组合数据集以评估所提出模型在各个数据集上的泛化能力。我们的实验结果表明，所提出的方法实现了高精度和显著降低的误报率，同时具有高特异性和灵敏度。所得到的损失和精度曲线证明了我们的原始数据集转换为图像数据集方法的功效，这一成效体现在所提出的轻量级CNN模型在良好泛化方面表现卓越，有效地避免了过拟合。这一结论适用于现代和传统数据集，包括它们的混合版本。