TY - GEN
T1 - A hierarchical CNN-Transformer model for network intrusion detection
AU - Luo, Sijie
AU - Zhao, Zhiheng
AU - Hu, Qiyuan
AU - Liu, Yang
N1 - Publisher Copyright:
© 2022 SPIE
PY - 2022
Y1 - 2022
N2 - The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNN-Transformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.
AB - The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNN-Transformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.
KW - Transformer
KW - convolutional neural network
KW - network intrusion detection
KW - spatio-temporal features
UR - https://www.scopus.com/pages/publications/85132703503
U2 - 10.1117/12.2639876
DO - 10.1117/12.2639876
M3 - 会议稿件
AN - SCOPUS:85132703503
T3 - Proceedings of SPIE - The International Society for Optical Engineering
BT - 2nd International Conference on Applied Mathematics, Modelling, and Intelligent Computing, CAMMIC 2022
A2 - Srivastava, Hari Mohan
A2 - Chen, Chi-Hua
PB - SPIE
T2 - 2nd International Conference on Applied Mathematics, Modelling, and Intelligent Computing, CAMMIC 2022
Y2 - 25 March 2022 through 27 March 2022
ER -