CANET: A hierarchical CNN-Attention model for Network Intrusion Detection

Abstract

Network Intrusion Detection (NID) is an important defense strategy in modern networks to detect malicious activities in large-scale cyberspace. The current NID methods suffer from a high false positive rate, which significantly reduces the overall effectiveness of network intrusion detection systems and simultaneously increases the maintenance cost. Furthermore, the class imbalance problem associated with the intrusion detection dataset limits the detection rate for the minority classes. This paper proposes a novel hierarchical CNN-Attention network, CANET. In CANET, CNN and the Attention mechanism mingle to form a CA Block that focuses on local spatio-temporal feature extraction. The multi-layer CA Block combination can fully learn the multi-level spatio-temporal features of network attack data, which is more suitable for modern large-scale NID. Besides, for the class imbalance problem, we propose to use Equalization Loss v2 (EQL v2) to increase the minority class weight and balance the learning attention on minority classes. Extensive experiments demonstrate that CANET outperforms the state-of-the-art methods in terms of accuracy, detection rate, and false positive rate. And it efficiently improves the detection rate of minority classes. The source code for the proposed CANET models is publicly available at https://github.com/yuanshuai666/CANET.