In the ever-evolving realm of network security, the swift and accurate identification of diverse attack classes within network traffic is of paramount importance. This paper introduces "ByteStack-ID," a pioneering approach tailored for packet-level intrusion detection. At its core, ByteStack-ID leverages grayscale images generated from the frequency distributions of payload data, a groundbreaking technique that greatly enhances the model's ability to discern intricate data patterns. Notably, our approach is exclusively grounded in packet-level information, a departure from conventional Network Intrusion Detection Systems (NIDS) that predominantly rely on flow-based data. While building upon the fundamental concept of stacking methodology, ByteStack-ID diverges from traditional stacking approaches. It seamlessly integrates additional meta learner layers into the concatenated base learners, creating a highly optimized, unified model. Empirical results unequivocally confirm the outstanding effectiveness of the ByteStack-ID framework, consistently outperforming baseline models and state-of-the-art approaches across pivotal performance metrics, including precision, recall, and F1-score. Impressively, our proposed approach achieves an exceptional 81\% macro F1-score in multiclass classification tasks. In a landscape marked by the continuous evolution of network threats, ByteStack-ID emerges as a robust and versatile security solution, relying solely on packet-level information extracted from network traffic data.

翻译：在网络安全的持续演进领域中，快速准确地识别网络流量中的多种攻击类别至关重要。本文提出了一种新颖的逐包入侵检测方法“ByteStack-ID”。其核心在于利用载荷数据频率分布生成的灰度图像，这一开创性技术极大增强了模型解析复杂数据模式的能力。值得注意的是，本方法完全基于逐包信息，区别于传统主要依赖流数据的网络入侵检测系统（NIDS）。在继承堆叠方法基本概念的基础上，ByteStack-ID对传统堆叠方法进行了创新：通过将额外的元学习层无缝集成至串联的基础学习器中，构建了高度优化的统一模型。实验证据明确证实了ByteStack-ID框架的卓越有效性，其在关键性能指标（包括精确率、召回率和F1分数）上持续优于基线模型及最先进方法。值得关注的是，所提方法在多分类任务中实现了81%的宏平均F1分数。在网络威胁持续演变的背景下，ByteStack-ID作为一种仅依赖网络流量数据中逐包信息的稳健且多功能安全解决方案脱颖而出。