Abstract
Machine learning-based approaches have been widely used in network attack detection. Existing solutions typically train the model on a balanced dataset and get a superior detection result. However, the actual network traffic data is imbalanced due to the less frequent network attacks than the normal, which decreases the models’ performance. To reduce the impact of imbalanced data, an AOPL model is proposed in this paper, consisting of Attention Mechanism Enhanced Oversampling (AMEO) and Parallel Deep Learning (PDL). AMEO uses the attention mechanism to reduce redundancy when generating attack traffic samples. By forming data pairs as the input, PDL models each network traffic separately and requires less data than Deep Neural Network. Extensive comparison experiments on four real network traffic datasets show that AOPL has better Accuracy, Precision, and F1-score performances. Significantly, AMEO can help models perform better attack detection on the imbalanced data.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Okutan, A., Werner, G., et al.: Forecasting cyberattacks with incomplete, imbalanced, and insignificant data. Cybersecurity 1(1), 1–16 (2018)
The National Internet Emergency Response Center (CNCERT): China’s Internet Network Security Report 2019 (2020)
Wheelus, C., Bou-Harb, E., Zhu, X.: Tackling class imbalance in cyber security datasets. 2018 IEEE International Conference on Information Reuse and Integration (IRI), pp. 229–232 (2018)
Zhang, H., Li, Y., et al.: A real-time and ubiquitous network attack detection based on deep belief network and support vector machine. IEEE/CAA J. Automatica Sin. 7(3), 790–799 (2020)
Ferrag, M.A., et al.: RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Future Internet 12(3), 44 (2020)
Dada, EG.: A hybridized SVM-kNN-pdAPSO approach to intrusion detection system. Proceedings of the Faculty Seminar Series, pp. 14–21 (2017)
Yuan, Y., Huo, L., Hogrefe, D.: Two layers multi-class detection method for network intrusion detection system. 2017 IEEE Symposium on Computers and Communications (ISCC), pp. 767–772 (2017)
Meng, Y.X.: The practice on using machine learning for network anomaly intrusion detection. In: 2011 International Conference on Machine Learning and Cybernetics, vol. 2, pp. 576–581 (2011). https://doi.org/10.1109/ICMLC.2011.6016798
Zheng, W.F.: Intrusion detection based on convolutional neural network. In: 2020 International Conference on Computer Engineering and Application (ICCEA), pp. 273–277 (2020)
Kwon, O., Sim, J.M.: Effects of data set features on the performances of classification algorithms. Expert Syst. Appl. 40(5), 1847–1857 (2013)
Seo, J.H., Kim, Y.H.: Machine-learning approach to optimize SMOTE ratio in class imbalance dataset for intrusion detection. Comput. Intell. Neurosci. (2018)
Mani, I., Zhang, I.: kNN approach to unbalanced data distributions: a case study involving information extraction. In: Proceedings of Workshop on Learning from Imbalanced Datasets, vol. 126 (2003)
He, H., Garcia, E.A.: Learning from imbalanced data. IEEE Trans. Knowl. Data Eng. 21(9), 1263–1284 (2009)
Liu, S., Lin, G.: DeepBalance: deep-learning and fuzzy oversampling for vulnerability detection. IEEE Trans. Fuzzy Syst. 28(7), 1329–1343 (2019)
Sun, D., Wu, Z. et al.: Risk prediction for imbalanced data in cyber security : a Siamese network-based deep learning classification framework. In: 2019 International Joint Conference on Neural Networks (IJCNN) (2019)
Liu, X.Y., Wu, J., Zhou, Z.H.: Exploratory undersampling for class-imbalance learning. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 39(2), 539–550 (2008)
Chawla, N.V., et al.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
He, H., Bai, Y., et al.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322–1328 (2008)
Vaswani, A., Shazeer, N., Parmar, N., et al.:: Attention is all you need. In: Advances in Neural Information Processing Systems, pp. 5998–6008 (2017)
Xu, K., Ba, J., et al.: Show, attend and tell: neural image caption generation with visual attention. In: International Conference on Machine Learning, pp. 2048–2057 (2015)
Tehrani, P., Levorato, M.: Frequency-based multi task learning with attention mechanism for fault detection in power systems (2020)
Meidan, Y., Bohadana, M., Mathov, Y., et al.: N-BaIoT: network-based detection of IoT Botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018). Special Issue - Securing the IoT
Mirsky, Y., Doitshman, T., et al.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Network and Distributed System Security Symposium (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, L., Huang, W., Lv, Q., Wang, Y., Chen, H. (2021). AOPL: Attention Enhanced Oversampling and Parallel Deep Learning Model for Attack Detection in Imbalanced Network Traffic. In: Liu, Z., Wu, F., Das, S.K. (eds) Wireless Algorithms, Systems, and Applications. WASA 2021. Lecture Notes in Computer Science(), vol 12938. Springer, Cham. https://doi.org/10.1007/978-3-030-86130-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-86130-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86129-2
Online ISBN: 978-3-030-86130-8
eBook Packages: Computer ScienceComputer Science (R0)