Multi-View Cluster Structure Guided One-Class BLS-Autoencoder for Intrusion Detection

Multi-View Cluster Structure Guided One-Class BLS-Autoencoder for Intrusion Detection

Intrusion detection systems are crucial for cybersecurity applications. Network traffic data originate from diverse terminal sources, exhibiting multi-view feature spaces, while the collection of unknown intrusion data is costly. Current one-class classification (OCC) approaches are mainly designed...

Full description

Saved in:
Bibliographic Details
Main Authors: Qifan Yang, Yu-Ang Chen, Yifan Shi
Format: Article
Language:English
Published: MDPI AG 2025-07-01
Series:Applied Sciences
Subjects:
broad learning system
one-class classification
multi-source data
intrusion detection
multi-view learning
Online Access:https://www.mdpi.com/2076-3417/15/14/8094
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Intrusion detection systems are crucial for cybersecurity applications. Network traffic data originate from diverse terminal sources, exhibiting multi-view feature spaces, while the collection of unknown intrusion data is costly. Current one-class classification (OCC) approaches are mainly designed for single-view data. Multi-view OCC approaches usually require collecting multi-view traffic data from all sources and have difficulty detecting intrusion independently in each view. Furthermore, they commonly ignore the potential subcategories in normal traffic data. To address these limitations, this paper utilizes the Broad Learning System (BLS) technique and proposes an intrusion detection framework based on a multi-view cluster structure guided one-class BLS-autoencoder (IDF-MOCBLSAE). Specifically, a multi-view co-association matrix optimization objective function with doubly-stochastic constraints is first designed to capture the cross-view cluster structure. Then, a multi-view cluster structure guided one-class BLS-autoencoder (MOCBLSAEs) is proposed, which learns the discriminative patterns of normal traffic data by preserving the cross-view clustering structure while minimizing the intra-view sample reconstruction errors, thereby enabling the identification of unknown intrusion data. Finally, an intrusion detection framework is constructed based on multiple MOCBLSAEs to achieve both individual and ensemble intrusion detection. Through experimentation, IDF-MOCBLSAE is validated on real-world network traffic datasets for multi-view one-class classification tasks, demonstrating its superiority over state-of-the-art one-class approaches.
ISSN:2076-3417

Similar Items