Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement.
The network intrusion detection system (NIDS) plays a critical role in maintaining network security. However, traditional NIDS relies on a large volume of samples for training, which exhibits insufficient adaptability in rapidly changing network environments and complex attack methods, especially wh...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Public Library of Science (PLoS)
2025-01-01
|
| Series: | PLoS ONE |
| Online Access: | https://doi.org/10.1371/journal.pone.0317713 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832540283804319744 |
|---|---|
| author | Congyuan Xu Yong Zhan Guanghui Chen Zhiqiang Wang Siqing Liu Weichen Hu |
| author_facet | Congyuan Xu Yong Zhan Guanghui Chen Zhiqiang Wang Siqing Liu Weichen Hu |
| author_sort | Congyuan Xu |
| collection | DOAJ |
| description | The network intrusion detection system (NIDS) plays a critical role in maintaining network security. However, traditional NIDS relies on a large volume of samples for training, which exhibits insufficient adaptability in rapidly changing network environments and complex attack methods, especially when facing novel and rare attacks. As attack strategies evolve, there is often a lack of sufficient samples to train models, making it difficult for traditional methods to respond quickly and effectively to new threats. Although existing few-shot network intrusion detection systems have begun to address sample scarcity, these systems often fail to effectively capture long-range dependencies within the network environment due to limited observational scope. To overcome these challenges, this paper proposes a novel elevated few-shot network intrusion detection method based on self-attention mechanisms and iterative refinement. This approach leverages the advantages of self-attention to effectively extract key features from network traffic and capture long-range dependencies. Additionally, the introduction of positional encoding ensures the temporal sequence of traffic is preserved during processing, enhancing the model's ability to capture temporal dynamics. By combining multiple update strategies in meta-learning, the model is initially trained on a general foundation during the training phase, followed by fine-tuning with few-shot data during the testing phase, significantly reducing sample dependency while improving the model's adaptability and prediction accuracy. Experimental results indicate that this method achieved detection rates of 99.90% and 98.23% on the CICIDS2017 and CICIDS2018 datasets, respectively, using only 10 samples. |
| format | Article |
| id | doaj-art-d08ddf2461c948c4bf59a3ab5b8e428f |
| institution | Kabale University |
| issn | 1932-6203 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Public Library of Science (PLoS) |
| record_format | Article |
| series | PLoS ONE |
| spelling | doaj-art-d08ddf2461c948c4bf59a3ab5b8e428f2025-02-05T05:31:17ZengPublic Library of Science (PLoS)PLoS ONE1932-62032025-01-01201e031771310.1371/journal.pone.0317713Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement.Congyuan XuYong ZhanGuanghui ChenZhiqiang WangSiqing LiuWeichen HuThe network intrusion detection system (NIDS) plays a critical role in maintaining network security. However, traditional NIDS relies on a large volume of samples for training, which exhibits insufficient adaptability in rapidly changing network environments and complex attack methods, especially when facing novel and rare attacks. As attack strategies evolve, there is often a lack of sufficient samples to train models, making it difficult for traditional methods to respond quickly and effectively to new threats. Although existing few-shot network intrusion detection systems have begun to address sample scarcity, these systems often fail to effectively capture long-range dependencies within the network environment due to limited observational scope. To overcome these challenges, this paper proposes a novel elevated few-shot network intrusion detection method based on self-attention mechanisms and iterative refinement. This approach leverages the advantages of self-attention to effectively extract key features from network traffic and capture long-range dependencies. Additionally, the introduction of positional encoding ensures the temporal sequence of traffic is preserved during processing, enhancing the model's ability to capture temporal dynamics. By combining multiple update strategies in meta-learning, the model is initially trained on a general foundation during the training phase, followed by fine-tuning with few-shot data during the testing phase, significantly reducing sample dependency while improving the model's adaptability and prediction accuracy. Experimental results indicate that this method achieved detection rates of 99.90% and 98.23% on the CICIDS2017 and CICIDS2018 datasets, respectively, using only 10 samples.https://doi.org/10.1371/journal.pone.0317713 |
| spellingShingle | Congyuan Xu Yong Zhan Guanghui Chen Zhiqiang Wang Siqing Liu Weichen Hu Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. PLoS ONE |
| title | Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. |
| title_full | Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. |
| title_fullStr | Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. |
| title_full_unstemmed | Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. |
| title_short | Elevated few-shot network intrusion detection via self-attention mechanisms and iterative refinement. |
| title_sort | elevated few shot network intrusion detection via self attention mechanisms and iterative refinement |
| url | https://doi.org/10.1371/journal.pone.0317713 |
| work_keys_str_mv | AT congyuanxu elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement AT yongzhan elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement AT guanghuichen elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement AT zhiqiangwang elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement AT siqingliu elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement AT weichenhu elevatedfewshotnetworkintrusiondetectionviaselfattentionmechanismsanditerativerefinement |