Hi-MLIC: Hierarchical Multilayer Lightweight Intrusion Classification for Various Intrusion Scenarios

Abstract

There is a growing need for systems that can be used to effectively detect and classify intrusions in extensive network data exchanges. To this end, we propose <italic>Hi-MLIC</italic>, a hierarchical multilayer lightweight intrusion classification model that has been designed to address various intrusion types. This study highlights the challenges involved in classifying intrusions due to data imbalance across different types of intrusion data along with the complex nature of consolidating multiple benchmark datasets into cohesive datasets for real-time detection. To address these issues, we consolidated packet capture data from two widely used benchmark datasets, CIC-IDS2017 and UNSW-NB15, into two newer and more comprehensive datasets, CM-CIC-IDS2017 and CM-UNSW-NB15, respectively. This consolidation enables the identification and classification of a broader range of intrusion types. Our hierarchical approach achieves improved classification accuracy by effectively addressing the class imbalance that is inherent in non-hierarchical models. Layer-1 separates network traffic into benign and malicious categories. Layer-2 further classifies malicious traffic into four groups, while Layer-3 identifies 23 specific intrusion types. We reduced the model complexity and processing time by performing misclassification analysis and eliminating unnecessary features. Our model ultimately achieved a recall metric of up to 98.8%, thus demonstrating its effectiveness and efficiency in intrusion detection and classification. Altogether, the proposed <italic>Hi-MLIC</italic> represents a significant advancement in addressing the challenges of real-time network intrusion detection. Authors