A Neural Attention Model for Real-Time Network Intrusion Detection

Mengxuan Tan, Alfonso Iacovazzi, Ngai Man Man Cheung, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

32 Scopus citations

Abstract

The diversity and ever-evolving nature of network intrusion attacks has made defense a real challenge for security practitioners. Recent research in the domain of Network-based Intrusion Detection System has mainly focused on adopting a flow-based approach when extracting features from raw packets. One drawback of this is that attack detection can only be carried out after the flow has ended. In this work, we present a new technique based on the neural attention mechanism; unlike many existing solutions, our technique can be applied for real-time attack detection since it uses time slot-based features. The proposed solution is a modified version of the transformer model which has been proposed and used in the language translation domain. We conduct experiments on a dataset extracted from a recent repository network traffic containing several kinds of network attack. We use the "bidirectional LSTM" and "conditional random fields" models as baseline for comparison and our performance results demonstrate that the proposed solution significantly outperforms the two baselines in terms of precision, recall, and false positive rates. In addition, we show that our solution is more computationally efficient than the bidirectional LSTM model as a result of the removal of recurrent layers.

Original languageEnglish
Title of host publicationProceedings of the 44th Annual IEEE Conference on Local Computer Networks, LCN 2019
EditorsKarl Andersson, Hwee-Pink Tan, Sharief Oteafy
PublisherInstitute of Electrical and Electronics Engineers
Pages291-299
Number of pages9
ISBN (Electronic)9781728110288
DOIs
StatePublished - 1 Oct 2019
Event44th Annual IEEE Conference on Local Computer Networks, LCN 2019 - Osnabruck, Germany
Duration: 14 Oct 201917 Oct 2019

Publication series

NameProceedings - Conference on Local Computer Networks, LCN
Volume2019-October

Conference

Conference44th Annual IEEE Conference on Local Computer Networks, LCN 2019
Country/TerritoryGermany
CityOsnabruck
Period14/10/1917/10/19

Keywords

  • Attention model
  • Deep learning
  • Network intrusion detection
  • Network security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'A Neural Attention Model for Real-Time Network Intrusion Detection'. Together they form a unique fingerprint.

Cite this