Machine Learning-Based Multilevel Intrusion Detection Approach

In this paper, we propose a multilevel-based intrusion detection model. Firstly, we design an integrated shared feature technique, which filters the features to create a general dataset, retaining fewer but more significant features to enhance the detection accuracy of the model and reduce computational costs. The first stage employs OC-SVM to achieve the efficient classification of normal and abnormal traffic based on a general dataset. Additionally, the first stage is deployed close to the monitored system to enable low-latency prediction and privacy-preserving operations, thus enhancing flexibility and improving global classification performance. The second stage proposes a novel Edge Attention Network (EGAT) with a Multi-Head Dynamic Mechanism (MHD) framework, which introduces the graph attention mechanism and considers edge information as the only element, assigning greater weights to nodes and edges exhibiting high similarity, emphasizing their relationships and thereby improving the model's accuracy and expressiveness. The MHDEGAT model facilitates additional weight learning by integrating the multi-head attention mechanism with edge features, while the weighted aggregation process enhances the data utilization across different network traffic. Finally, the model is trained and tested using the method of on-network data from a gas industrial control system, with an accuracy of 96.99%, a precision of 97.11%, a recall of 96.99%, and an F1 score of 96.93%, all of which outperform the comparison method.