COOL: Conservation of Output Links for Pruning Algorithms in Network Intrusion Detection

Thi Nga Dao, Hyungjune Lee

Research output: Contribution to journalArticlepeer-review


To reduce network intrusion detection latency in a high volume of data traffic, on-device detection with neuron pruning has been widely adopted by eliminating ineffective connections from a densely connected neural network. However, neuron pruning has a serious problem called output separation in which some parts of neurons can easily be pruned in the middle and become isolated from the rest of the network. To this end, we introduce a solution called the conservation of output links (COOL) pruning method that iteratively preserves a set of effective connections to avoid neuron isolation. We first evaluate COOL on MNIST and CIFAR-10 data sets as well as programmable networking devices, such as P4-supported switches. The experimental results show that COOL outperforms existing methods in terms of both detection time and classification accuracy, especially in extremely sparse networks. Compared to three representative pruning methods, our COOL-based classification model performs at least 25% more accurately with the upper bound for the pruning probability. To further display the effectiveness of COOL-based intrusion detection, we formulate a novel detection time minimization problem by assigning suitable detection models for switches in Internet of Things (IoT) under performance requirements and resource limitations. The experimental results demonstrate that our COOL algorithm is particularly useful for delay-critical and high-traffic applications.

Original languageEnglish
Pages (from-to)8906-8920
Number of pages15
JournalIEEE Internet of Things Journal
Issue number5
StatePublished - 1 Mar 2024

Bibliographical note

Publisher Copyright:
© 2014 IEEE.


  • Delay minimization
  • intrusion detection
  • output isolation
  • programmable data plane
  • weight pruning


Dive into the research topics of 'COOL: Conservation of Output Links for Pruning Algorithms in Network Intrusion Detection'. Together they form a unique fingerprint.

Cite this