Network intrusion detection system (NIDS) is a tool that can detect various network attacks by analyzing network traffic. In recent years, traditional machine learning and deep learning methods have been widely used in NIDS. And these works achieved high detection rate and low false positive rate when identifying common attacks (such as DoS). However, the existing models performed poor in detecting rare or unseen network attacks. In this paper, we design a novel network intrusion detection model based on two-phase detection and manually labeling. This two-phase detection model (TPDM) is a multi-classification system, and it can classify network traffic into benign or specific attack type. TPDM gains the overall accuracy 98.35%, and average F1-score 99.23% on UNSW-NB15 dataset. The experiment shows that TPDM performs better than state of the art in detecting rare attacks with few training samples. Besides, it can detect unknown network attacks and then label these attacks.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.