Skip to main content
SpringerLink
Log in

Towards an Attention-Based Accurate Intrusion Detection Approach

  • Conference paper
  • First Online:
Quality, Reliability, Security and Robustness in Heterogeneous Systems (QShine 2021)

Abstract

With the advancement of 5G and IoT, the volume of network traffic is growing in a tremendous rate (e.g., 235.7 Exabytes (EB) in Internet traffic, a 3.2-fold increase from 2016), leading to an alarming rise in different types of attacks. As a result, the requirements of an intrusion detection system (IDS) are also evolving. In addition to having a large number of flow-based intrusion detection systems powered by machine learning techniques, achieving higher accuracy including higher recall and precision has become equally important. While most of the existing works successfully achieve accuracy, they still strive to achieve a good recall score or minimize the False Negative Rate (FNR) as well as the False Positive Rate (FPR). In this paper, we investigate the potential of combining the state-of-the-art neural network models (i.e., CNN, LSTM, and GRU) with attention mechanisms (where attention helps the model to selectively concentrate on more relevant factors) for improving the accuracy of intrusion detection systems. We evaluate our model with the most recent and state-of-the-art benchmark datasets (e.g., CSE-CIC-IDS-2018, and NSL-KDD) and compare the obtained results with the existing works. Empirical results show that our proposed model outperforms the existing works in terms of accuracy while achieving a higher recall score (e.g., a maximum recall of 100%, 99.91% for CSE-CIC-IDS-2018, and NSL-KDD datasets, respectively) and higher F1-Score (e.g., a maximum F-1 score of 100%, 99.22% for CSE-CIC-IDS-2018, and NSL-KDD datasets, respectively).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. CISCO: Global 2021 forecast highlights (2021). https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast-highlights/pdf/Global_2021_Forecast_Highlights.pdf. Accessed 30 June 2021

  2. IoT Business News: Global IoT roaming data traffic to increase by 300% to reach 500pb in 2025 (2021). https://iotbusinessnews.com/2020/10/15/70310-global-iot-roaming-data-traffic-to-increase-by-300-to-reach-500pb-in-2025/. Accessed 30 June 2021

  3. CISCO: Cisco annual internet report (2018–2023) white paper (2021). https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 30 June 2021

  4. Biermann, E., Cloete, E., Venter, L.M.: A comparison of intrusion detection systems. Comput. Secur. 20(8), 676–683 (2001)

    Article  Google Scholar 

  5. Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  6. Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: Proceedings of the IEEE Workshop on Information Assurance and Security, vol. 85, p. 90 (2001)

    Google Scholar 

  7. Vinayakumar, R., Soman, K.P., Poornachandran, P.: Applying convolutional neural network for network intrusion detection. In: ICACCI. IEEE (2017)

    Google Scholar 

  8. Botros, S.M., Diep, T.A., Izenson, M.D.: Method and apparatus for training a neural network model for use in computer network intrusion detection. US Patent 6,769,066, 27 July 2004

    Google Scholar 

  9. Hsu, C.-M., Azhari, M.Z., Hsieh, H.-Y., Prakosa, S.W., Leu, J.-S.: Robust network intrusion detection scheme using long-short term memory based convolutional neural networks. Mob. Netw. Appl. 26(3), 1137–1144 (2020). https://doi.org/10.1007/s11036-020-01623-2

    Article  Google Scholar 

  10. Canadian Institute for Cybersecurity (CIC): NSL-KDD dataset (2009). https://www.unb.ca/cic/datasets/nsl.html. Accessed 30 June 2021

  11. Canadian Institute for Cybersecurity (CIC): CSE-CIC-IDS2018 on AWS (2018). https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 30 June 2021

  12. Wu, P., Guo, H.: LuNET: a deep neural network for network intrusion detection. In: SSCI. IEEE (2019)

    Google Scholar 

  13. Tjhai, G.C., Papadaki, M., Furnell, S.M., Clarke, N.L.: Investigating the problem of IDS false alarms: an experimental study using snort. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 253–267. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-09699-5_17

    Chapter  Google Scholar 

  14. KirstenS, Wichers, Jkurucar, kingthorin: Intrusion detection control-OWASP (2021). https://owasp.org/www-community/controls/Intrusion_Detection. Accessed 30 June 2021

  15. Liu, C., Liu, Y., Yan, Y., Wang, J.: An intrusion detection model with hierarchical attention mechanism. IEEE Access 8, 67542–67554 (2020)

    Article  Google Scholar 

  16. Yan, L., Xiong, J.: Web-APT-Detect: a framework for web-based advanced persistent threat detection using self-translation machine with attention. IEEE Lett. Comput. Soc. 3(2), 66–69 (2020)

    Article  Google Scholar 

  17. Liu, T., Qi, Y., Shi, L., Yan, J.: Locate-then-detect: real-time web attack detection via attention-based deep neural networks. In: IJCAI, pp. 4725–4731 (2019)

    Google Scholar 

  18. Shun, J., Malki, H.A.: Network intrusion detection system using neural networks. In: ICNC, vol. 5, pp. 242–246. IEEE (2008)

    Google Scholar 

  19. MIT: 1999 DARPA intrusion detection evaluation dataset (1999). https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 30 June 2021

  20. Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., Rida, M.: A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Comput. Secur. 75, 36–58 (2018)

    Article  Google Scholar 

  21. KDD 1999: KDD cup 1999 data (2021). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 30 June 2021

  22. Mahalingam, P.R.: Intelligent network-based intrusion detection system (iNIDS). In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds.) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol. 176, pp. 1–9. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31513-8_1

    Chapter  Google Scholar 

  23. Su, L., Yu, L., Li, T., Liu, X.: Research on network data security based on RS-PS Support Vector Machine (SVM). J. Phys: Conf. Ser. 1748(3), 032057 (2020). IOP Publishing

    Google Scholar 

  24. Mendonça, R.V., et al.: Intrusion detection system based on fast hierarchical deep convolutional neural network. IEEE Access 9, 61024–61034 (2021)

    Article  Google Scholar 

  25. Canadian Institute for Cybersecurity (CIC): Intrusion detection evaluation dataset (CIC-IDS2017) (2017). https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 30 June 2021

  26. Kim, J., Kim, J., Kim, H., Shim, M., Choi, E.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)

    Article  Google Scholar 

  27. Wang, H., Cao, Z., Hong, B.: A network intrusion detection system based on convolutional neural network. J. Intell. Fuzzy Syst. 38(6), 7623–7637 (2020)

    Article  Google Scholar 

  28. Bandyopadhyay, S., Chowdhury, R., Roy, A., Saha, B.: A step forward to revolutionise intrusiondetection system using deep convolution neural network. Preprints (2020)

    Google Scholar 

  29. Sun, P., et al.: DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system. Secur. Commun. Netw. 2020, Article ID: 8890306, 11 (2020). https://doi.org/10.1155/2020/8890306

  30. Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: PlatCon, pp. 1–5. IEEE (2016)

    Google Scholar 

  31. Kuang, X., et al.: DeepWAF: detecting web attacks based on CNN and LSTM models. In: Vaidya, J., Zhang, X., Li, J. (eds.) CSS 2019. LNCS, vol. 11983, pp. 121–136. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37352-8_11

    Chapter  Google Scholar 

  32. CSIC: HTTP dataset CSIC 2010 (2010). https://www.tic.itefi.csic.es/dataset/. Accessed 30 June 2021

  33. Hsu, C.-M., Hsieh, H.-Y., Prakosa, S.W., Azhari, M.Z., Leu, J.-S.: Using long-short-term memory based convolutional neural networks for network intrusion detection. In: Chen, J.-L., Pang, A.-C., Deng, D.-J., Lin, C.-C. (eds.) WICON 2018. LNICST, vol. 264, pp. 86–94. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-06158-6_9

    Chapter  Google Scholar 

  34. UNSW: The UNSW-NB15 dataset (2015). https://research.unsw.edu.au/projects/unsw-nb15-dataset. Accessed 30 June 2021

  35. Basati, A., Faghih, M.M.: APAE: an IoT intrusion detection system using asymmetric parallel auto-encoder. Neural Comput. Appl. 1–21 (2021). https://doi.org/10.1007/s00521-021-06011-9

  36. Sekhar, R., Sasirekha, K., Raja, P.S., Thangavel, K.: A novel GPU based intrusion detection system using deep autoencoder with Fruitfly optimization. SN Appl. Sci. 3(6), 1–16 (2021)

    Article  Google Scholar 

  37. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)

    Article  Google Scholar 

  38. Tang, R., et al.: ZeroWall: detecting zero-day web attacks through encoder-decoder recurrent neural networks. In: IEEE INFOCOM 2020-IEEE Conference on Computer Communications, pp. 2479–2488. IEEE (2020)

    Google Scholar 

  39. Vartouni, A.M., Kashi, S.S., Teshnehlab, M.: An anomaly detection method to detect web attacks using stacked auto-encoder. In: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), pp. 131–134. IEEE (2018)

    Google Scholar 

  40. Mac, H., Truong, D., Nguyen, L., Nguyen, H., Tran, H.A., Tran, D.: Detecting attacks on web applications using autoencoder. In: Proceedings of the Ninth International Symposium on Information and Communication Technology, pp. 416–421 (2018)

    Google Scholar 

  41. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014)

  42. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015)

    Google Scholar 

  43. Keras: Keras (2020). https://keras.io/. Accessed 30 June 2021

  44. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  45. Keras: Nadam (2015). https://keras.io/api/optimizers/Nadam/. Accessed 30 June 2021

  46. Lippmann, R.P., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 12–26. IEEE (2000)

    Google Scholar 

  47. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262–294 (2000)

    Article  Google Scholar 

  48. Kaushik, S.S., Deshmukh, P.R.: Detection of attacks in an intrusion detection system. Int. J. Comput. Sci. Inf. Technol. (IJCSIT) 2(3), 982–986 (2011)

    Google Scholar 

  49. The Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC): Cicflowmeter (formerly iscxflowmeter) (2021). https://www.unb.ca/cic/research/applications.html. Accessed 30 June 2021

  50. Zhou, Q., Pezaros, D.: Evaluation of machine learning classifiers for zero-day intrusion detection-an analysis on CIC-AWS-2018 dataset. arXiv preprint arXiv:1905.03685 (2019)

  51. scikit-learn.org: sklearn.model\(\_\)selection.stratifiedkfold (2020). https://scikit-learn.org/stable/. Accessed 30 June 2021

  52. scikit-learn.org: sklearn.metrics.precision\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.precision_score.html. Accessed 30 June 2021

  53. scikit-learn.org: sklearn.metrics.recall\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.recall_score.html. Accessed 30 June 2021

  54. scikit-learn.org: sklearn.metrics.f1\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.f1_score.html. Accessed 30 June 2021

Download references

Acknowledgment

The authors thank the anonymous reviewers for their comments. This material is based upon work partially supported by the Natural Sciences and Engineering Research Council of Canada under Discovery Grant N02815.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Bangladesh University of Business and Technology, Dhaka, Bangladesh

    Arunavo Dey

  2. Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh

    Md. Shohrab Hossain

  3. Concordia Institute for Information Systems Engineering (CIISE), Concordia University, Montreal, Canada

    Md. Nazmul Hoq & Suryadipta Majumdar

Authors
  1. Arunavo Dey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md. Shohrab Hossain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md. Nazmul Hoq
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suryadipta Majumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suryadipta Majumdar .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, VIC, Australia

    Xingliang Yuan

  2. School of Computer Science, University of Sydney, Camperdown, NSW, Australia

    Wei Bao

  3. RMIT University, Melbourne, VIC, Australia

    Xun Yi

  4. University of Sydney, Camperdown, NSW, Australia

    Nguyen Hoang Tran

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dey, A., Hossain, M.S., Hoq, M.N., Majumdar, S. (2021). Towards an Attention-Based Accurate Intrusion Detection Approach. In: Yuan, X., Bao, W., Yi, X., Tran, N.H. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. QShine 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-91424-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91424-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91423-3

  • Online ISBN: 978-3-030-91424-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation