A Multimodal Threat Detection Algorithm for Wide Area Network Security Based on Support Vector Machines
DOI:
https://doi.org/10.13052/jwe1540-9589.2465Keywords:
Support vector machines, web security, multimodal detection, intrusion detection, WAN threatsAbstract
Wide area networks (WANs) are increasingly susceptible to sophisticated cyber threats, particularly as critical infrastructure becomes more interconnected. For example, computing-first networks (CFNs) often traverse WANs at edge access nodes, making them more vulnerable to security threats. This paper proposes a multimodal threat detection framework that combines traffic statistics, system logs, and user behavior patterns to deliver interpretable and real-time classification of network threats. The system applies feature normalization and uses principal component analysis (PCA) to reduce dimensionality. A support vector machine (SVM) with a radial basis function kernel is then used to detect non-linear attack patterns. A web-based architecture enables real-time deployment via REST APIs, and extensive evaluations on the CICIDS 2017 and UNSW-NB15 datasets demonstrate high accuracy (up to 96.8%) and low-latency inference. Ablation studies confirm the importance of multimodal fusion, and benchmark tests validate scalability and system responsiveness. This work offers a deployable and efficient solution for real-time WAN security, with promising applications in energy systems, public infrastructure, and enterprise networks.
Downloads
References
IBM Security: Cost of a Data Breach Report 2023. https://www.ibm.com/reports/data-breach (2023).
NETSCOUT: Threat Intelligence Report 2H 2022. https://www.netscout.com/threatreport (2022).
Dragos: Industrial Cybersecurity Year in Review 2022. https://www.dragos.com/year-in-review/2022/ (2022).
Lee, W., Stolfo, S.: Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Symposium (1998).
Liao, Y., Vemuri, V.R.: Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security 21(5), 439–448 (2002).
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Computer Networks 31(8), 805–822 (1999).
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE CISA (2009).
Mukkamala, D., Sung, A.H.: Identifying significant features for network forensic analysis using SVM. Int. J. of Digital Evidence 1(4) (2003).
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: Methods, systems and tools. IEEE Commun. Surveys Tuts. 16(1), 303–336 (2014).
Liu, H., Shao, X., Hu, Y., Yang, Y.: Multimodal deep learning for activity and context recognition. In: Proc. of the ACM Int. Joint Conf. on Pervasive and Ubiquitous Computing (UbiComp), pp. 447–456 (2016).
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proc. of the 4th Int. Conf. on Information Systems Security and Privacy (ICISSP), pp. 108–116 (2018).
Moustafa, N., Slay, J.: UNSW-NB15: A comprehensive data set for network intrusion detection systems. In: MilCIS, pp. 1–6. IEEE (2015).
Zhang, X., Zhu, Y., Li, J.: An improved deep learning model for network intrusion detection. IEEE Access 8, 93952–93963 (2020).
Wang, Z., Li, M.: Hybrid learning-based intrusion detection in software-defined networks. Comput. Secur. 117, 102712 (2022).
Kim, J., Kim, D., Lee, J.: Deep ensemble model for intrusion detection using multi-layered feature fusion. J. Netw. Comput. Appl. 174, 102906 (2021).
Liu, H., Lang, B., Liu, M., Yan, H.: CNN and RNN based payload classification methods for attack detection. Knowl.-Based Syst. 163, 332–341 (2019).
