DETECTION OF COMPUTER ATTACKS USING 2D-CNN AND TRAFFIC SONIFICATION
DOI:
https://doi.org/10.32782/IT/2025-1-26Keywords:
intrusion detection, neural networks, PCM, STFT, network traffic sonification, 2D-CNN, IDS, honeypots.Abstract
In modern computer networks, the ever-growing volume and diversity of traffic complicate the task of detecting attacks (IDS, Intrusion Detection System). Traditional approaches – signature-based, heuristic, and statistical – often fail to handle dynamic threats and result in numerous false positives. Although honeypots and machine learning and deep neural networks have demonstrated improved recognition accuracy, the question of effective data representation and the identification of complex patterns in high-dimensional spaces remains open. The purpose of the article is to substantiate and experimentally validate a «sonification» approach for network traffic in intrusion detection systems. The objective is to demonstrate that converting feature vectors into a pseudoaudio signal (PCM), followed by applying the Short-Time Fourier Transform (STFT), yields a two-dimensional (time × frequency) representation compatible with 2D convolutional neural networks (2D-CNN). This article compares the results with traditional 1D-based methods and examines the possibility of «enhancing» certain attributes through controlled adjustments of frequencies and amplitudes. The methodology involves employing classical audio-analytical techniques (PCM transformation, STFT) to form two-dimensional spectrograms, which are then used to train a 2D-CNN. For comparison with the traditional approach, the same NSL-KDD dataset is processed by a 1D-CNN. The evaluation criteria include accuracy, recall, and computational complexity. The scientific novelty lies in adapting audio-processing methods (specifically spectral analysis and 2D convolutions) to the IDS context. It is shown that «sonification» opens up new opportunities for visualization and further application of advanced audio/speech technologies in cybersecurity. Conclusions. Experiments indicate that the detection accuracy of attacks using sonification and 2D-CNN can be comparable to 1D approaches (~75–80 %), while offering improved interpretability and spectral visualization. However, the computational overhead grows accordingly, which suggests that future research might concentrate on speeding up the STFT procedure, balancing classes, and incorporating additional recurrent blocks (CRNN).
References
Bace R., Mell P. Intrusion Detection Systems. Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, USA, 2001.
Velea R, Ciobanu C., Margarit L., Bica I. Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering. Studies in Informatics and Control, 2017, 26, P. 387–398. https://doi.org/10.24846/v26i4y201702
Hu Y., Tu B. Security Situation Assessment Model of DDoS Attack Based on Progressive Fuzzy C Clustering Algorithm. 2024 International Conference on Data Science and Network Security (ICDSNS), Tiptur, India, 2024, P. 1–4. doi: https://doi.org/10.1109/ICDSNS62112.2024.10691183
Min E., Long J., Liu Q., Cui J., Chen W. TR-IDS: Anomaly-based intrusion detection through text-convolutional neural network and random forest. Secur. Commun. Netw., 2018, 4943509. https://doi.org/10.1155/2018/4943509
Zeng Y., Gu H., Wei W., Guo Y. Deep-Full-Range: A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework. IEEE Access, 2019, 7, P. 45182–45190. https://doi.org/10.1109/ACCESS.2019.2908225.
Yu Y., Long J., Cai Z. Network intrusion detection through stacking dilated convolutional autoencoders. Secur. Commun. Netw. 2017, 4184196. https://doi.org/10.1155/2017/4184196.
Potluri S., Diedrich C. Accelerated deep neural networks for enhanced Intrusion Detection System. 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), Berlin, Germany, 2016, P. 1–8. doi: https://doi.org/10.1109/ETFA.2016.7733515
Goeschel K. Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis. SoutheastCon 2016, Norfolk, VA, USA, 2016, P. 1–6. doi: https://doi.org/10.1109/SECON.2016.7506774
Belkacem S. Simultaneous Botnet Attack Detection Using Long Short Term Memory-Based Autoencoder and XGBoost Classifier. International Journal of Safety and Security Engineering, 2024, 14, P. 155–163. https://doi.org/10.18280/ijsse.140115
Teng S., Wu N., Zhu H., Teng L., Zhang W. SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA J. Autom. Sin., 2017, 5, P. 108–118. https://doi.org/10.1109/JAS.2017.7510730
Radford B. J., Apolonio L. M., Trias A. J., Simpson, J. A. Network traffic anomaly detection using recurrent neural networks. 2018. https://arxiv.org/abs/1803.10769
Wang W., Sheng Y., Wang J., Zeng X., Ye X., Huang Y., Zhu M. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access, 2017, 6, P. 1792–1806. https://doi.org/10.1109/ACCESS.2017.2780250
Uwagbole S. O., Buchanan W. J., Fan L. Applied machine learning predictive analytics to SQL injection attack detection and prevention. Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8–12 May, 2017. P. 1087–1090.
Meng W., Li W., Kwok L. F. Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection. Secur. Commun. Netw., 2015, 8, P. 3883–3895. https://doi.org/10.1002/sec.1307
McElwee S., Heaton J., Fraley J., Cannady J. Deep learning for prioritizing and responding to intrusion detection alerts. Proceedings of the MILCOM 2017–2017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, USA, 23–25 October, 2017. P. 1–5.
Vartouni A. M., Kashi S. S., Teshnehlab M. An anomaly detection method to detect web attacks using Stacked Auto-Encoder. Proceedings of the 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), Kerman, Iran, 28 February–2 March, 2018. P. 131–134.
Каштальян А. С. Концептуальна модель архітектури мульти-комп’ютерних систем із приманками та пастками для виявлення та протидії зловмисному програмному забезпеченню та комп’ютерним атакам. Information Technology: Computer Science, Software Engineering and Cyber Security, 2023, № 3, С. 22–31. https://doi.org/10.32782/IT/2023-3-3
Kashtalian A., Lysenko S., Savenko O., Nicheporuk A., Sochor T., Avsiyevych V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024. 1, P. 152–175. doi: https://doi.org/10.32620/reks.2024.1.13
Nicheporuk, A., Savenko, O., A. Nicheporuk, and Y. Nicheporuk. An android malware detection method based on CNN mixed-data model. CEUR Workshop Proceedings, Kharkiv, Ukraine, 2020, 2732, P. 198–213.
Lysenko S., Bobrovnikova K., Kharchenko V., Savenko O. IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency. Algorithms, 2022. 15(7), 239. https://doi.org/10.3390/a15070239
Savenko B., Kashtalian A., Lysenko S., Savenko O., Malware Detection by Distributed Systems with Partial Centralization. 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023. P. 265–270. doi: https://doi.org/10.1109/IDAACS58523.2023.10348773
