A network intrusion detection method based on contrastive learning and Bayesian Gaussian Mixture Model

A network intrusion detection method based on contrastive learning and Bayesian Gaussian Mixture Model

Abstract Network Intrusion Detection Systems (NIDS) are essential for safeguarding networks against malicious activities. However, existing machine learning-based NIDS often require complex feature engineering, which demands significant domain expertise and experimentation, leading to suboptimal mod...

Full description

Saved in:
Bibliographic Details
Main Authors: Liyou Liu, Ming Xu
Format: Article
Language:English
Published: SpringerOpen 2025-06-01
Series:Cybersecurity
Subjects:
Cybersecurity
Network intrusion detection
Contrastive learning
Bayesian Gaussian Mixure Model
Online Access:https://doi.org/10.1186/s42400-025-00364-7
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract Network Intrusion Detection Systems (NIDS) are essential for safeguarding networks against malicious activities. However, existing machine learning-based NIDS often require complex feature engineering, which demands significant domain expertise and experimentation, leading to suboptimal model performance in complex network environments. In contrast, deep learning approaches, while powerful, struggle with imbalanced data, resulting in a bias towards normal traffic and reduced effectiveness in detecting rare attacks. To address these issues, we propose a method that combines contrastive learning and Bayesian Gaussian Mixture Model (BGMM). Specifically, we propose a novel contrastive learning loss that enables the model to automatically learn the similarity within normal traffic and the distinction between normal and malicious traffic, thereby generating robust and distinguishable feature representations. This approach not only eliminates the need for manual feature engineering but also helps alleviate the issue of weak feature representations for rare attacks. BGMM further enhances detection performance by adapting to both normal and malicious patterns through the use of multiple components. The effectiveness of the proposed method is validated through extensive experiments on two widely used modern network intrusion datasets. On the UNSW-NB15 dataset, the proposed method achieves 91.27% accuracy and 92.30% F1-score, which is 1.85% and 2.35% better than the state-of-the-art (SOTA) method. On the Distrinet-CIC-IDS2017 dataset, the proposed method achieves 99.66% accuracy and 99.12% F1-score, which is 0.05% and 0.12% better than the SOTA method.
ISSN:2523-3246

Similar Items