AS-CNN is an approach proposed for enhancing anomaly detection in wireless networks, particularly focusing on addressing the vulnerabilities present in traditional methods. This project integrates Adaptive Synthetic Sampling (ADASYN) and a novel Convolutional Neural Network (CNN) architecture, termed Split-Convolution CNN (SPC-CNN), to achieve improved accuracy, detection rates, and reduced false alarm rates compared to conventional IDS models.
-
ADASYN Integration: Balances the sample distribution by generating synthetic samples for minority classes, thus mitigating the bias towards frequent classes commonly observed in imbalanced datasets.
-
SPC-CNN Architecture: Utilizes Split-Convolution Modules to enhance feature diversity and eliminate interchannel redundancy during model training. This architecture enables the extraction of multi-scale features from oversampled data, improving the model's representation capability.
-
Performance Evaluation: The AS-CNN model is evaluated using the widely-used NSL-KDD dataset, encompassing various attack types. Evaluation metrics include Accuracy (ACC), Detection Rate (DR), and False Alarm Rate (FAR), providing insights into the model's effectiveness in detecting anomalies.
- KDDTrain
- KDDTest+
- KDDTest-21
-
AS-CNN demonstrates superior performance compared to traditional CNN models, exhibiting higher accuracy, increased detection rates, and significantly reduced false alarm rates across different subsets of the NSL-KDD dataset.
-
The model's robustness is particularly highlighted in its ability to detect minority attack classes such as Remote-to-Local (R2L) and User-to-Root (U2R) attacks, thereby enhancing cyber threat detection capabilities in wireless networks.
DR | ACC |
---|---|
Dataset | Model | ACC | DR | FAR |
---|---|---|---|---|
KDDTest+ | CNN | 79.48 | 68.66 | 27.90 |
SPC - CNN | 83.83 | 74.61 | 22.41 | |
KDDTest - 21 | CNN | 60.71 | 58.47 | 71.88 |
SPC - CNN | 69.41 | 66.44 | 60.17 |
- AS-CNN shows superior detection rates for minority attack classes.
- Other models show significantly lower detection rates for R2L and U2R attacks.
- AS-CNN’s robustness makes it reliable for cyber threat detection.
- DoS: Denial of Service
- Probe: Network Probe
- R2L: Remote-to-Local
- U2R: User-to-Root
To run the AS-CNN model and reproduce the results:
- Clone the repository:
git clone https://github.com/rohzzn/nids.git
- Navigate to the project directory:
cd nids
- Install the required dependencies:
pip install -r requirements.txt
- Execute the main script to train and evaluate the AS-CNN model
python main.py
This project is licensed under the MIT License - see the LICENSE file for details.