<p>Efficiently parsing high-volume Packet Capture (PCAP) files for early-stage network intrusion detection remains a persistent challenge in cybersecurity. Real-time environments demand detection systems that are both computationally efficient and capable of accurately identifying complex, multi-packet attacks. Traditional approaches often rely on full flow analysis or deep packet inspection, which are computationally intensive and struggle to generalize under limited training data. This study proposes a novel image-based Network Intrusion Detection System (NIDS) that transforms sequences of five consecutive packets into RGB images, enabling early detection without processing entire traffic flows. The model leverages parallelized PCAP-to-image conversion and integrates domain-aware data augmentation strategies that preserves the semantic structure of network flows. Furthermore, a two-fold stratified cross-validation framework is employed, ensuring robust performance estimation across imbalanced attack categories while mitigating overfitting. Experimental results show that the proposed model, trained on a combined dataset of CICIDS2017 and CICIDS2018, achieves a classification accuracy of 99% in multiclass settings. To further validate its robustness in real-world scenarios, the model was also evaluated on the BoT-IoT dataset. It achieved 96% accuracy in the full multiclass setting and up to 99.89% when excluding the DDoS_HTTP attack type. These results highlight the effectiveness of combining lightweight packet-level image representation with augmentation and cross-validation to enhance early detection of network intrusions, even under complex and imbalanced traffic conditions.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing early detection and accuracy in image-based network intrusion detection systems

  • Alshaimaa Abo-Alian,
  • Alaa Prince AbdelHalim,
  • Nagwa Badr

摘要

Efficiently parsing high-volume Packet Capture (PCAP) files for early-stage network intrusion detection remains a persistent challenge in cybersecurity. Real-time environments demand detection systems that are both computationally efficient and capable of accurately identifying complex, multi-packet attacks. Traditional approaches often rely on full flow analysis or deep packet inspection, which are computationally intensive and struggle to generalize under limited training data. This study proposes a novel image-based Network Intrusion Detection System (NIDS) that transforms sequences of five consecutive packets into RGB images, enabling early detection without processing entire traffic flows. The model leverages parallelized PCAP-to-image conversion and integrates domain-aware data augmentation strategies that preserves the semantic structure of network flows. Furthermore, a two-fold stratified cross-validation framework is employed, ensuring robust performance estimation across imbalanced attack categories while mitigating overfitting. Experimental results show that the proposed model, trained on a combined dataset of CICIDS2017 and CICIDS2018, achieves a classification accuracy of 99% in multiclass settings. To further validate its robustness in real-world scenarios, the model was also evaluated on the BoT-IoT dataset. It achieved 96% accuracy in the full multiclass setting and up to 99.89% when excluding the DDoS_HTTP attack type. These results highlight the effectiveness of combining lightweight packet-level image representation with augmentation and cross-validation to enhance early detection of network intrusions, even under complex and imbalanced traffic conditions.