Abstract

Network Intrusion Detection Systems (NIDSes) are essential for safeguarding critical information systems. However, the lack of adaptability of Machine Learning (ML) based NIDSes to different environments could cause slow adoption. In this paper, we propose a multimodal NIDS that combines flow and payload features to detect cyber-attacks. The focus of the paper is to evaluate the use of multimodal traffic features in detecting attacks, but not on a practical online implementation. In the multimodal NIDS, two random forest models are trained to classify network traffic using selected flow-based features and the first few bytes of protocol payload, respectively. Predictions from the two models are combined using a soft voting approach to get the final traffic classification results. We evaluate the multimodal NIDS using flow-based features and the corresponding payloads extracted from Packet Capture (PCAP) files of a publicly available UNSW-NB15 dataset. The experimental results show that the proposed multimodal NIDS can detect most attacks with average Accuracy, Recall, Precision and F 1 scores ranging from 98% to 99% using only six flow-based traffic features, and the first 32 bytes of protocol payload. The proposed multimodal NIDS provides a reliable approach to detecting cyber-attacks in different environments.

Original languageEnglish
Article number100349
Pages (from-to)1-13
Number of pages13
JournalArray
Volume22
Early online date16 May 2024
DOIs
Publication statusE-pub ahead of print - 16 May 2024

Keywords

  • intrusion detection
  • Machine learning
  • Security
  • networking
  • Network flow
  • Intrusion detection
  • Random forest
  • Packet payload

Fingerprint

Dive into the research topics of 'Network intrusion detection leveraging multimodal features'. Together they form a unique fingerprint.

Cite this