Abstract
The Internet of Things (IoT) is vulnerable to network attacks due to the real-time, open and interactive characteristics, thus causing network security risks. This makes the intrusion detection technology face new challenges of high precision and low latency. In this paper, we propose a hybrid network intrusion detection model (ACNNBN-LSTM) based on CNN-LSTM and attention mechanism to classify network intrusions in real-time. The model consists of ACNNBN and LSTM modules. In the ACNNBN module, we introduce the convolution block attention module (CBAM) and batch normalization to recognize spatial features of two-dimensional images. The LSTM module learns the temporal features of feature vectors through time series to realize real-time detection. We use the CIRA-CIC-DoHBrw-2020 unbalanced dataset to evaluate model performance. Six machine learning algorithms are selected to compare in evaluation indexes of F1 score, recall ratio, precision ratio and accuracy. Experimental results demonstrate that the ACNNBN-LSTM model is preferable than the other six models in indicators of F1 score, recall rate and accuracy. And the accuracy of our model reached 99.41\(\%\).
This work was supported in part by National Natural Science Foundation of China under Grant 61902222, Grant 61702307, and the Taishan Scholars Program of Shandong Province under Grant tsqn201909109.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Farid, D.-M., Harbi, N., Rahman, M.-Z.: Combining Naive Bayes and decision tree for adaptive intrusion detection, pp. 12–25. arXiv preprint arXiv:1005.4496 (2010)
Aslahi-Shahri, B.-M., Rahmani, R., Chizari, M., et al.: A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput. Appl. 27(6), 1669–1676 (2015). https://doi.org/10.1007/s00521-015-1964-2
Dhaliwal, S.-S., Nahid, A.-A., Abbas, R.: Effective intrusion detection system using XGBoost. Information 9(7), 149 (2018)
Jin, D., Lu, Y., Qin, J., et al.: SwiftIDS: real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism. Comput. Secur. 97, 101984 (2020)
Wu, K., Chen, Z., Li, W.: A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6, 50850–50859 (2018)
Potluri, S., Ahmed, S., Diedrich, C.: Convolutional neural networks for multi-class intrusion detection system. In: Groza, A., Prasath, R. (eds.) MIKE 2018. LNCS (LNAI), vol. 11308, pp. 225–238. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05918-7_20
Tan, M., Iacovazzi, A., et al.: A neural attention model for real-time network intrusion detection. In: Local Computer Networks (2019)
Andresini, G., Appice, A., Malerba, D.: Nearest cluster-based intrusion detection through convolutional neural networks. Knowl. Based Syst. 216, 106798 (2021)
Hinton, G.-E., Osindero, S., et al.: A fast learning algorithm for deep belief nets. Neural Comput. 18(7), 1527–1554 (2006)
Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha, A., Takahashi, R., Schaefer, G., Costa, L. (eds.) Soft Computing in Industrial Applications. AINSC, vol. 96, pp. 293–303. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20505-7_26
Vinayakumar, R., Alazab, M., Soman, K.-P., et al.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)
Gregor, K., et al.: Draw: A recurrent neural network for image generation. In: International Conference on Machine Learning, pp. 1462–1471. PMLR (2015)
Dai, J., He, K., et al.: Convolutional feature masking for joint object and stuff segmentation. In: 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Boston (2015)
Cao, C., Liu, X., et al.: Look and think twice: capturing top-down visual attention with feedback convolutional neural networks. In: 2015 IEEE International Conference on Computer Vision (ICCV). Santiago, Chile (2015)
Wang, F., Jiang, M., et al.: Residual attention network for image classification. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society 2017, Honolulu (2017)
Yin, C., Zhu, Y., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5(99), 21954–21961 (2017)
Brown, A., Tuor, A., Hutchinson, B., et al.: Recurrent neural network attention mechanisms for interpretable system log anomaly detection. In: Proceedings of the First Workshop on Machine Learning for Computing Systems, pp. 1–8 (2018)
Qin, Z.-Q., Ma, X.-K., Wang, Y.-J.: Attentional payload anomaly detector for web applications. In: Cheng, L., Leung, A.C.S., Ozawa, S. (eds.) ICONIP 2018. LNCS, vol. 11304, pp. 588–599. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04212-7_52
Zhu, M., Ye, K., Wang, Y., Xu, C.-Z.: A deep learning approach for network anomaly detection based on AMF-LSTM. In: Zhang, F., Zhai, J., Snir, M., Jin, H., Kasahara, H., Valero, M. (eds.) NPC 2018. LNCS, vol. 11276, pp. 137–141. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05677-3_13
Zhang, J., Ling, Y., Fu, X., et al.: Model of the intrusion detection system based on the integration of spatial-temporal features. Comput. Secur. 89, 101681 (2020)
Greff, K., Srivastava, R.-K., Koutník, J., et al.: LSTM: a search space odyssey. IEEE Trans. Neural Networks Learn. Syst. 28(10), 2222–2232 (2016)
Woo, S., Park, J., Lee, J.-Y., Kweon, I.S.: CBAM: convolutional block attention module. In: Ferrari, V., Hebert, M., Sminchisescu, C., Weiss, Y. (eds.) ECCV 2018. LNCS, vol. 11211, pp. 3–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01234-2_1
Ma, B., Wang, X., Zhang, H., Li, F., Dan, J.: CBAM-GAN: generative adversarial networks based on convolutional block attention module. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICAIS 2019. LNCS, vol. 11632, pp. 227–236. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24274-9_20
Yakura, H., Shinozaki, S., et al.: Neural malware analysis with attention mechanism. Comput. Secur. 87, 101592 (2019)
MontazeriShatoori, M., Davidson, L., Kaur, G., et al.: Detection of DOH tunnels using time-series classification of encrypted traffic. In: 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). IEEE (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Mu, J., He, H., Li, L., Pang, S., Liu, C. (2022). A Hybrid Network Intrusion Detection Model Based on CNN-LSTM and Attention Mechanism. In: Cao, C., Zhang, Y., Hong, Y., Wang, D. (eds) Frontiers in Cyber Security. FCS 2021. Communications in Computer and Information Science, vol 1558. Springer, Singapore. https://doi.org/10.1007/978-981-19-0523-0_14
Download citation
DOI: https://doi.org/10.1007/978-981-19-0523-0_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0522-3
Online ISBN: 978-981-19-0523-0
eBook Packages: Computer ScienceComputer Science (R0)