Enhancing network attack detection across infrastructures: An automatic labeling method and deep learning model with an attention mechanism

Abstract

AbstractIn the era of industry 4.0 and the widespread use of digital devices, the number of cyber attacks poses an escalating and diverse threat, jeopardizing users' online activities. Intrusion detection systems (IDS) emerge as pivotal solutions, playing a crucial role in detecting anomalous signals within network systems. To counter novel attack patterns, IDS systems require periodic rule updates for effective identification of unusual signals. Typically, these policies are updated based on rule‐based or deep learning algorithms to enhance detection performance. However, the insufficient number of labeled samples remains a challenge for real‐world deployment. In this article, an automated labeling method is presented that has shown high effectiveness, requiring minimal hardware resources, and applicable to IDS systems. Additionally, the approach utilizes transfer learning combined with attention mechanisms to boost the efficiency of abnormal signal detection. The results from the approach are compared with those of a reference model, illustrating an overall improvement of nearly 10% in our model's performance compared to the reference model. This underscores the effectiveness of automating rule adjustments for IDS, contributing significantly to reducing associated financial costs. The research addresses the challenges in deploying IDS in real‐world scenarios and provides a valuable contribution to enhancing cyber threat detection capabilities.A preprint has previously been published [11].