Abstract
With the advancement of 5G and IoT, the volume of network traffic is growing in a tremendous rate (e.g., 235.7 Exabytes (EB) in Internet traffic, a 3.2-fold increase from 2016), leading to an alarming rise in different types of attacks. As a result, the requirements of an intrusion detection system (IDS) are also evolving. In addition to having a large number of flow-based intrusion detection systems powered by machine learning techniques, achieving higher accuracy including higher recall and precision has become equally important. While most of the existing works successfully achieve accuracy, they still strive to achieve a good recall score or minimize the False Negative Rate (FNR) as well as the False Positive Rate (FPR). In this paper, we investigate the potential of combining the state-of-the-art neural network models (i.e., CNN, LSTM, and GRU) with attention mechanisms (where attention helps the model to selectively concentrate on more relevant factors) for improving the accuracy of intrusion detection systems. We evaluate our model with the most recent and state-of-the-art benchmark datasets (e.g., CSE-CIC-IDS-2018, and NSL-KDD) and compare the obtained results with the existing works. Empirical results show that our proposed model outperforms the existing works in terms of accuracy while achieving a higher recall score (e.g., a maximum recall of 100%, 99.91% for CSE-CIC-IDS-2018, and NSL-KDD datasets, respectively) and higher F1-Score (e.g., a maximum F-1 score of 100%, 99.22% for CSE-CIC-IDS-2018, and NSL-KDD datasets, respectively).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CISCO: Global 2021 forecast highlights (2021). https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast-highlights/pdf/Global_2021_Forecast_Highlights.pdf. Accessed 30 June 2021
IoT Business News: Global IoT roaming data traffic to increase by 300% to reach 500pb in 2025 (2021). https://iotbusinessnews.com/2020/10/15/70310-global-iot-roaming-data-traffic-to-increase-by-300-to-reach-500pb-in-2025/. Accessed 30 June 2021
CISCO: Cisco annual internet report (2018–2023) white paper (2021). https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 30 June 2021
Biermann, E., Cloete, E., Venter, L.M.: A comparison of intrusion detection systems. Comput. Secur. 20(8), 676–683 (2001)
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)
Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: Proceedings of the IEEE Workshop on Information Assurance and Security, vol. 85, p. 90 (2001)
Vinayakumar, R., Soman, K.P., Poornachandran, P.: Applying convolutional neural network for network intrusion detection. In: ICACCI. IEEE (2017)
Botros, S.M., Diep, T.A., Izenson, M.D.: Method and apparatus for training a neural network model for use in computer network intrusion detection. US Patent 6,769,066, 27 July 2004
Hsu, C.-M., Azhari, M.Z., Hsieh, H.-Y., Prakosa, S.W., Leu, J.-S.: Robust network intrusion detection scheme using long-short term memory based convolutional neural networks. Mob. Netw. Appl. 26(3), 1137–1144 (2020). https://doi.org/10.1007/s11036-020-01623-2
Canadian Institute for Cybersecurity (CIC): NSL-KDD dataset (2009). https://www.unb.ca/cic/datasets/nsl.html. Accessed 30 June 2021
Canadian Institute for Cybersecurity (CIC): CSE-CIC-IDS2018 on AWS (2018). https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 30 June 2021
Wu, P., Guo, H.: LuNET: a deep neural network for network intrusion detection. In: SSCI. IEEE (2019)
Tjhai, G.C., Papadaki, M., Furnell, S.M., Clarke, N.L.: Investigating the problem of IDS false alarms: an experimental study using snort. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 253–267. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-09699-5_17
KirstenS, Wichers, Jkurucar, kingthorin: Intrusion detection control-OWASP (2021). https://owasp.org/www-community/controls/Intrusion_Detection. Accessed 30 June 2021
Liu, C., Liu, Y., Yan, Y., Wang, J.: An intrusion detection model with hierarchical attention mechanism. IEEE Access 8, 67542–67554 (2020)
Yan, L., Xiong, J.: Web-APT-Detect: a framework for web-based advanced persistent threat detection using self-translation machine with attention. IEEE Lett. Comput. Soc. 3(2), 66–69 (2020)
Liu, T., Qi, Y., Shi, L., Yan, J.: Locate-then-detect: real-time web attack detection via attention-based deep neural networks. In: IJCAI, pp. 4725–4731 (2019)
Shun, J., Malki, H.A.: Network intrusion detection system using neural networks. In: ICNC, vol. 5, pp. 242–246. IEEE (2008)
MIT: 1999 DARPA intrusion detection evaluation dataset (1999). https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 30 June 2021
Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., Rida, M.: A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Comput. Secur. 75, 36–58 (2018)
KDD 1999: KDD cup 1999 data (2021). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 30 June 2021
Mahalingam, P.R.: Intelligent network-based intrusion detection system (iNIDS). In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds.) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol. 176, pp. 1–9. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31513-8_1
Su, L., Yu, L., Li, T., Liu, X.: Research on network data security based on RS-PS Support Vector Machine (SVM). J. Phys: Conf. Ser. 1748(3), 032057 (2020). IOP Publishing
Mendonça, R.V., et al.: Intrusion detection system based on fast hierarchical deep convolutional neural network. IEEE Access 9, 61024–61034 (2021)
Canadian Institute for Cybersecurity (CIC): Intrusion detection evaluation dataset (CIC-IDS2017) (2017). https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 30 June 2021
Kim, J., Kim, J., Kim, H., Shim, M., Choi, E.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)
Wang, H., Cao, Z., Hong, B.: A network intrusion detection system based on convolutional neural network. J. Intell. Fuzzy Syst. 38(6), 7623–7637 (2020)
Bandyopadhyay, S., Chowdhury, R., Roy, A., Saha, B.: A step forward to revolutionise intrusiondetection system using deep convolution neural network. Preprints (2020)
Sun, P., et al.: DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system. Secur. Commun. Netw. 2020, Article ID: 8890306, 11 (2020). https://doi.org/10.1155/2020/8890306
Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: PlatCon, pp. 1–5. IEEE (2016)
Kuang, X., et al.: DeepWAF: detecting web attacks based on CNN and LSTM models. In: Vaidya, J., Zhang, X., Li, J. (eds.) CSS 2019. LNCS, vol. 11983, pp. 121–136. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37352-8_11
CSIC: HTTP dataset CSIC 2010 (2010). https://www.tic.itefi.csic.es/dataset/. Accessed 30 June 2021
Hsu, C.-M., Hsieh, H.-Y., Prakosa, S.W., Azhari, M.Z., Leu, J.-S.: Using long-short-term memory based convolutional neural networks for network intrusion detection. In: Chen, J.-L., Pang, A.-C., Deng, D.-J., Lin, C.-C. (eds.) WICON 2018. LNICST, vol. 264, pp. 86–94. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-06158-6_9
UNSW: The UNSW-NB15 dataset (2015). https://research.unsw.edu.au/projects/unsw-nb15-dataset. Accessed 30 June 2021
Basati, A., Faghih, M.M.: APAE: an IoT intrusion detection system using asymmetric parallel auto-encoder. Neural Comput. Appl. 1–21 (2021). https://doi.org/10.1007/s00521-021-06011-9
Sekhar, R., Sasirekha, K., Raja, P.S., Thangavel, K.: A novel GPU based intrusion detection system using deep autoencoder with Fruitfly optimization. SN Appl. Sci. 3(6), 1–16 (2021)
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)
Tang, R., et al.: ZeroWall: detecting zero-day web attacks through encoder-decoder recurrent neural networks. In: IEEE INFOCOM 2020-IEEE Conference on Computer Communications, pp. 2479–2488. IEEE (2020)
Vartouni, A.M., Kashi, S.S., Teshnehlab, M.: An anomaly detection method to detect web attacks using stacked auto-encoder. In: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), pp. 131–134. IEEE (2018)
Mac, H., Truong, D., Nguyen, L., Nguyen, H., Tran, H.A., Tran, D.: Detecting attacks on web applications using autoencoder. In: Proceedings of the Ninth International Symposium on Information and Communication Technology, pp. 416–421 (2018)
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014)
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015)
Keras: Keras (2020). https://keras.io/. Accessed 30 June 2021
Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Keras: Nadam (2015). https://keras.io/api/optimizers/Nadam/. Accessed 30 June 2021
Lippmann, R.P., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 12–26. IEEE (2000)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262–294 (2000)
Kaushik, S.S., Deshmukh, P.R.: Detection of attacks in an intrusion detection system. Int. J. Comput. Sci. Inf. Technol. (IJCSIT) 2(3), 982–986 (2011)
The Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC): Cicflowmeter (formerly iscxflowmeter) (2021). https://www.unb.ca/cic/research/applications.html. Accessed 30 June 2021
Zhou, Q., Pezaros, D.: Evaluation of machine learning classifiers for zero-day intrusion detection-an analysis on CIC-AWS-2018 dataset. arXiv preprint arXiv:1905.03685 (2019)
scikit-learn.org: sklearn.model\(\_\)selection.stratifiedkfold (2020). https://scikit-learn.org/stable/. Accessed 30 June 2021
scikit-learn.org: sklearn.metrics.precision\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.precision_score.html. Accessed 30 June 2021
scikit-learn.org: sklearn.metrics.recall\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.recall_score.html. Accessed 30 June 2021
scikit-learn.org: sklearn.metrics.f1\(\_\)score (2021). https://scikit-learn.org/stable/modules/generated/sklearn.metrics.f1_score.html. Accessed 30 June 2021
Acknowledgment
The authors thank the anonymous reviewers for their comments. This material is based upon work partially supported by the Natural Sciences and Engineering Research Council of Canada under Discovery Grant N02815.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dey, A., Hossain, M.S., Hoq, M.N., Majumdar, S. (2021). Towards an Attention-Based Accurate Intrusion Detection Approach. In: Yuan, X., Bao, W., Yi, X., Tran, N.H. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. QShine 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-91424-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-91424-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91423-3
Online ISBN: 978-3-030-91424-0
eBook Packages: Computer ScienceComputer Science (R0)