{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:29:27Z","timestamp":1778693367528,"version":"3.51.4"},"reference-count":27,"publisher":"Engineering and Technology Publishing","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["jcm"],"published-print":{"date-parts":[[2020]]},"abstract":"<jats:p>Identifying threats contained within encrypted network traffic poses a great challenge to Intrusion Detection Systems (IDS). Because traditional approaches like deep packet inspection could not operate on encrypted network traffic, machine learning-based IDS is a promising solution. However, machine learning-based IDS requires enormous amounts of statistical data based on network traffic flow as input data and also demands high computing power for processing, but is slow in detecting intrusions. We propose a lightweight IDS that transforms raw network traffic into representation images. We begin by inspecting the characteristics of malicious network traffic of the CSE-CIC-IDS2018 dataset. We then adapt methods for effectively representing those characteristics into image data. A Convolutional Neural Network (CNN) based detection model is used to identify malicious traffic underlying within image data. To demonstrate the feasibility of the proposed lightweight IDS, we conduct three simulations on two datasets that contain encrypted traffic with current network attack scenarios. The experiment results show that our proposed IDS is capable of achieving 95% accuracy with a reasonable detection time while requiring relatively small size training data.<\/jats:p>","DOI":"10.12720\/jcm.15.11.808-817","type":"journal-article","created":{"date-parts":[[2020,12,29]],"date-time":"2020-12-29T07:30:16Z","timestamp":1609227016000},"page":"808-817","source":"Crossref","is-referenced-by-count":24,"title":["Lightweight Convolutional Neural Network Based Intrusion Detection System"],"prefix":"10.12720","author":[{"name":"Sungkyunkwan University, Suwon and 16419, South Korea","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vinh","family":"Pham","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eunil","family":"Seo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tai-Myoung","family":"Chung","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"4977","published-online":{"date-parts":[[2020]]},"reference":[{"key":"ref0","doi-asserted-by":"publisher","unstructured":"[1] D. Aksu, S. \u00dcstebay, M. A. Aydin, and T. Atmaca, \"Intrusion detection with comparative analysis of supervised learning techniques and fisher score feature selection algorithm,\" in Proc. International Symposium on Computer and Information Sciences, 2018, pp. 141-149.","DOI":"10.1007\/978-3-030-00840-6_16"},{"key":"ref1","doi-asserted-by":"publisher","unstructured":"[2] B. Anderson and D. McGrew, \"Identifying encrypted malware traffic with contextual flow data,\" in Proc. ACM Workshop on Artificial Intelligence and Security, pp. 35-46, 2016.","DOI":"10.1145\/2996758.2996768"},{"key":"ref2","doi-asserted-by":"publisher","unstructured":"[3] D. P\u00e9rez, S. Alonso, A. Mor\u00e1n, M. A. Prada, J. J. Fuertes, and M. Dom\u00ednguez, \"Comparison of network intrusion detection performance using feature representation,\" in Proc. International Conference on Engineering Applications of Neural Networks, 2019, pp. 463-475.","DOI":"10.1007\/978-3-030-20257-6_40"},{"key":"ref3","doi-asserted-by":"publisher","unstructured":"[4] O. Faker and E. Dogdu, \"Intrusion detection using big data and deep learning techniques,\" in Proc. ACM Southeast Conference, 2019, pp. 86-93.","DOI":"10.1145\/3299815.3314439"},{"key":"ref4","doi-asserted-by":"publisher","unstructured":"[5] M. Catillo, M. Rak, and U. Villano, \"2l-zed-ids: A two-level anomaly detector for multiple attack classes,\" in Proc. Workshops of the International Conference on Advanced Information Networking and Applications, 2020, pp. 687-696.","DOI":"10.1007\/978-3-030-44038-1_63"},{"key":"ref5","doi-asserted-by":"publisher","unstructured":"[6] P. Lin, K. Ye, and C. Z. Xu, \"Dynamic network anomaly detection system by using deep learning techniques,\" in Proc. International Conference on Cloud Computing, 2019, pp. 161-176.","DOI":"10.1007\/978-3-030-23502-4_12"},{"key":"ref6","doi-asserted-by":"publisher","unstructured":"[7] D. D. Roy and D. Shin, \"Network intrusion detection in smart grids for imbalanced attack types using machine learning models,\" in Proc. International Conference on Information and Communication Technology Convergence (ICTC), 2019.","DOI":"10.1109\/ICTC46691.2019.8939744"},{"key":"ref7","doi-asserted-by":"publisher","unstructured":"[8] T. Shapira and Y. Shavitt, \"Flowpic: Encrypted internet traffic classification is as easy as image recognition,\" in Proc. IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2019, pp. 680-687.","DOI":"10.1109\/INFCOMW.2019.8845315"},{"key":"ref8","doi-asserted-by":"publisher","unstructured":"[9] Y. Bengio, A. Courville, and P. Vincent, \"Representation learning: A review and new perspectives,\" IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 35, no. 8, pp. 1798-1828, 2013.","DOI":"10.1109\/TPAMI.2013.50"},{"key":"ref9","doi-asserted-by":"publisher","unstructured":"[10] W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng, \"Malware traffic classification using convolutional neural network for representation learning,\" in Proc. International Conference on Information Networking (ICOIN), 2017, pp. 712-717.","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"ref10","doi-asserted-by":"publisher","unstructured":"[11] W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang, \"End-to-end encrypted traffic classification with one-dimensional convolution neural networks,\" in Proc. IEEE International Conference on Intelligence and Security Informatics (ISI), 2017, pp. 43-48.","DOI":"10.1109\/ISI.2017.8004872"},{"key":"ref11","doi-asserted-by":"publisher","unstructured":"[12] G. Helmer, J. S. Wong, V. Honavar, L. Miller, and Y. Wang, \"Lightweight agents for intrusion detection,\" Journal of Systems and Software, vol. 67, no. 2, pp. 109-122, 2003.","DOI":"10.1016\/S0164-1212(02)00092-4"},{"key":"ref12","doi-asserted-by":"publisher","unstructured":"[13] H. Zhengbing, S. Jun, and V. Shirochin, \"An intelligent lightweight intrusion detection system with forensics technique,\" in Proc. 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2007, pp. 647-651.","DOI":"10.1109\/IDAACS.2007.4488501"},{"key":"ref13","doi-asserted-by":"publisher","unstructured":"[14] S. Zaman and F. Karray, \"Lightweight ids based on features selection and ids classification scheme,\" in Proc. International Conference on Computational Science and Engineering, 2009, vol. 3, pp. 365-370.","DOI":"10.1109\/CSE.2009.180"},{"key":"ref14","unstructured":"[15] N. U. Sheikh, H. Rahman, S. Vikram, and H. AlQahtani, \"A lightweight signaturebased ids for iot environment,\" arXiv preprint arXiv:1811.04582, 2018."},{"key":"ref15","doi-asserted-by":"publisher","unstructured":"[16] Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, \"Implementing lightweight iot-ids on raspberry pi using correlation-based feature selection and its performance evaluation,\" in Proc. International Conference on Advanced Information Networking and Applications, 2019, pp. 458-469.","DOI":"10.1007\/978-3-030-15032-7_39"},{"key":"ref16","doi-asserted-by":"publisher","unstructured":"[17] J. Kim, Y. Shin, E. Choi, et al., \"An intrusion detection model based on a convolutional neural network,\" Journal of Multimedia Information System, vol. 6, no. 4, pp. 165-172, 2019.","DOI":"10.33851\/JMIS.2019.6.4.165"},{"key":"ref17","unstructured":"[18] Q. Zhou and D. Pezaros, \"Evaluation of machine learning classifiers for zeroday intrusion detection-an analysis on cic-aws-2018 dataset,\" arXiv preprint arXiv:1905.03685, 2019."},{"key":"ref18","doi-asserted-by":"publisher","unstructured":"[19] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, \"Toward generating a new intrusion detection dataset and intrusion traffic characterization,\" in ICISSP, pp. 108-116, 2018.","DOI":"10.5220\/0006639801080116"},{"key":"ref19","doi-asserted-by":"publisher","unstructured":"[20] G. Draper-Gil, A. H. Lashkari, M. S. I. Mamun, and A. A. Ghorbani, \"Characterization of encrypted and vpn traffic using time-related,\" in Proc. 2nd International Conference on Information Systems Security and Privacy (ICISSP), 2016, pp. 407-414.","DOI":"10.5220\/0005740704070414"},{"key":"ref20","unstructured":"[21] Z. Zhang, J. Li, C. Manikopoulos, J. Jorgenson, and J. Ucles, \"Hide: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification,\" in Proc. IEEE Workshop on Information Assurance and Security, 2001, pp. 85-90."},{"key":"ref21","doi-asserted-by":"publisher","unstructured":"[22] Y. LeCun, B. Boser, J. S. Denker, D. Henderson, R. E. Howard, W. Hubbard, and L. D. Jackel, \"Backpropagation applied to handwritten zip code recognition,\" Neural computation, vol. 1, no. 4, pp. 541-551, 1989.","DOI":"10.1162\/neco.1989.1.4.541"},{"key":"ref22","unstructured":"[23] F. C. et al., \"Keras,\" 2015."},{"key":"ref23","unstructured":"[24] M. A. et al., \"Tensorflow,\" 2015."},{"key":"ref24","unstructured":"[25] R. A. Dunne and N. A. Campbell, \"On the pairing of the softmax activation and cross-entropy penalty functions and the derivation of the softmax activation function,\" in Proc. 8th Aust. Conf. on the Neural Networks, Melbourne, 1997, vol. 181, p. 185."},{"key":"ref25","unstructured":"[26] D. P. Kingma and J. Ba, \"Adam: A method for stochastic optimization,\" arXiv preprint arXiv:1412.6980, 2014."},{"key":"ref26","doi-asserted-by":"publisher","unstructured":"[27] N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, \"Smote: synthetic minority over-sampling technique,\" Journal of artificial intelligence research, vol. 16, pp. 321-357, 2002.","DOI":"10.1613\/jair.953"}],"container-title":["Journal of Communications"],"original-title":[],"link":[{"URL":"http:\/\/www.jocm.us\/uploadfile\/2020\/1013\/20201013053906257.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,24]],"date-time":"2021-11-24T07:47:34Z","timestamp":1637740054000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.jocm.us\/show-246-1608-1.html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":27,"URL":"https:\/\/doi.org\/10.12720\/jcm.15.11.808-817","relation":{},"ISSN":["1796-2021"],"issn-type":[{"value":"1796-2021","type":"print"}],"subject":[],"published":{"date-parts":[[2020]]}}}