Abstract
Network security has always been a hot topic as security and reliability are vital to software and hardware. Network intrusion detection system (NIDS) is an effective solution to the identification of attacks in computer and communication systems. A necessary condition for high-quality intrusion detection is the gathering of useful and precise intrusion information. Machine learning, particularly deep learning, has achieved a lot of success in various fields of industry and academic due to its good ability of feature representation and extraction. In this paper, deep learning methods are integrated into the NIDS. The intrusion activity is regarded as a time-series event and a bidirectional gated recurrent unit (GRU) based network intrusion detection model with hierarchical attention mechanism is presented. The influence of different lengths of previous traffic on the performance is then studied. Some experiments are performed on the dataset UNSW-NB15, in which the proposed hierarchical attention model achieves satisfactory detection accuracy of more than 98.76% and a false alarm rate (FAR) of lower than 1.2%. An attention probability map to reflect the importance of features is then visualized using the attention mechanism. The visualization ability assists in providing an understanding of the varied importance of the same features for different traffic classes and to determine feature selection in the future.
Highlights
Vast amounts of data are generated, processed, and exchanged in the use and interaction process of numerous devices
The results show that when the timestep equals 10, the hierarchical attention model achieves the highest detection accuracy of over 98.76% and the false alarm rate (FAR) is as low as 1.49%
This paper presented an intrusion detection model with hierarchical attention mechanism
Summary
Vast amounts of data are generated, processed, and exchanged in the use and interaction process of numerous devices. Cybersecurity can be further guaranteed through intrusion detection methods in which network attack behavior can be obtained and learned by data analysis and modeling. Deep neural network mimics human nerves and uses a large number of non-linear processing units to deal with complex problems [19]–[21] It can automatically learn features and extract core data information. Learning to identify whether the network traffic is normal or anomaly can be understood as learning to perform sentiment analysis or document classification given several sentences From this perspective, network intrusion detection is partly similar to sentiment analysis tasks, for which RNN-based methods have been suitable. To provide the ability to process such data, an RNN-based method is used as a benchmark approach for intrusion detection.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
