<p>The swift expansion of interconnected infrastructures including Internet of Things (IoT) ecosystems, cloud computing platforms, and cyber-physical systems has markedly heightened susceptibility to advanced web threats such as SQL injection, cross-site scripting (XSS), and brute-force assaults, which persist in dominating the OWASP 2025 risk framework. Despite the fact that current intrusion detection systems (IDS), incorporating deep learning (DL)-based methodologies, report accuracies surpassing 99% on established benchmark datasets like CIC-IDS2017, their efficacy is frequently undermined by pronounced class imbalance and elevated feature dimensionality. Specifically, minority attack classes, which may represent less than 5% of the dataset, experience inadequate recall, thereby obscuring vulnerabilities linked to high-impact yet infrequent threats. In order to mitigate these constraints, this study presents BALanced Attack Learning NETwork (BALNet), a robust intrusion detection framework that integrates Adaptive Synthetic Sampling (ADASYN) for the precise balancing of sparse minority regions, Linear Discriminant Analysis (LDA) for effective dimensionality reduction, and Convolutional Neural Network (CNN) for the classification of multi-class attacks. Thorough ablation studies conducted on the CIC-IDS2017 dataset evaluate ADASYN against alternative resampling methodologies (such as Synthetic Minority Optimization Technique (SMOTE), Random Over-Sampling (ROS), and Random Under-Sampling (RUS), LDA in comparison to other feature extraction methods (including Principal Component Analysis (PCA), and the evaluation of classification models CNN versus Deep Neural Networks (DNN) and Long Short Term Memory (LSTM) classifiers. The experimental findings reveal that BALNet attains a training accuracy of 99.87%, a test accuracy of 99.79%, and a validation accuracy of 97.31%, with negligible overfitting (training and validation losses recorded at 0.0175 and 0.118, respectively), while significantly enhancing generalization particularly for severely underrepresented attack types such as Web and SQL injection. BALNet establishes a reproducible and scalable IDS benchmark that comprehensively addresses issues of class imbalance and feature redundancy, thus facilitating robust and real-time detection of intricate web attacks within contemporary network environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

BALNet: Balanced Attack learning Network for Web Attack Detection via Adaptive Sampling, LDA, and CNNs

  • Mudita Kohli,
  • Indu Chhabra

摘要

The swift expansion of interconnected infrastructures including Internet of Things (IoT) ecosystems, cloud computing platforms, and cyber-physical systems has markedly heightened susceptibility to advanced web threats such as SQL injection, cross-site scripting (XSS), and brute-force assaults, which persist in dominating the OWASP 2025 risk framework. Despite the fact that current intrusion detection systems (IDS), incorporating deep learning (DL)-based methodologies, report accuracies surpassing 99% on established benchmark datasets like CIC-IDS2017, their efficacy is frequently undermined by pronounced class imbalance and elevated feature dimensionality. Specifically, minority attack classes, which may represent less than 5% of the dataset, experience inadequate recall, thereby obscuring vulnerabilities linked to high-impact yet infrequent threats. In order to mitigate these constraints, this study presents BALanced Attack Learning NETwork (BALNet), a robust intrusion detection framework that integrates Adaptive Synthetic Sampling (ADASYN) for the precise balancing of sparse minority regions, Linear Discriminant Analysis (LDA) for effective dimensionality reduction, and Convolutional Neural Network (CNN) for the classification of multi-class attacks. Thorough ablation studies conducted on the CIC-IDS2017 dataset evaluate ADASYN against alternative resampling methodologies (such as Synthetic Minority Optimization Technique (SMOTE), Random Over-Sampling (ROS), and Random Under-Sampling (RUS), LDA in comparison to other feature extraction methods (including Principal Component Analysis (PCA), and the evaluation of classification models CNN versus Deep Neural Networks (DNN) and Long Short Term Memory (LSTM) classifiers. The experimental findings reveal that BALNet attains a training accuracy of 99.87%, a test accuracy of 99.79%, and a validation accuracy of 97.31%, with negligible overfitting (training and validation losses recorded at 0.0175 and 0.118, respectively), while significantly enhancing generalization particularly for severely underrepresented attack types such as Web and SQL injection. BALNet establishes a reproducible and scalable IDS benchmark that comprehensively addresses issues of class imbalance and feature redundancy, thus facilitating robust and real-time detection of intricate web attacks within contemporary network environments.