FEATURES OF DESIGN AND INVESTIGATION OF AN INTRUSION DETECTION SYSTEM BASED ON NETWORK TRAFFIC SONIFICATION

Abstract

This paper investigates the design and research features of an intrusion detection system (IDS) based on the time–frequency representation of network traffic. The relevance of the study is обусловed by the increasing complexity of cyberattacks and the limitations of traditional vector-based feature representations, which often lead to insufficient detection of complex anomalies and elevated false decision rates.

A method for transforming multidimensional network feature vectors into discrete PCM signals followed by short-time Fourier transform (STFT) is proposed to generate spectrograms analyzed using a two-dimensional convolutional neural network (2D-CNN). The proposed approach provides a structured two-dimensional representation of network traffic and enhances the informativeness of input data for attack classification tasks.

To mitigate the impact of class imbalance, a signature-preserving adaptive balancing method is developed, which considers the misclassification patterns of the baseline model during the formation of the extended training set. Additionally, a τ-based uncertainty interval is formalized, and a cascade decision-making mechanism is introduced using an auxiliary classifier to refine predictions within the uncertainty zone. Particular attention is paid to maintaining strict independence between training and test datasets in order to prevent data leakage and ensure reliable generalization performance evaluation.

Experimental evaluation confirms the effectiveness of the proposed time–frequency representation and accuracy enhancement mechanisms, demonstrating a reduction in the false negative rate and improved classification stability under class imbalance conditions.

Keywords: intrusion detection system, network traffic sonification, PCM encoding, spectrogram, 2D-CNN, class imbalance, uncertainty zone, cascade classification, data leakage prevention, corporate networks.