research-article

A CNN-BiLSTM Method Based on Attention Mechanism for Class-imbalanced Abnormal Traffic Detection

Authors:

Jiali Yin,

Bin Hou,

Jiapeng Dai,

Yunxiao ZuAuthors Info & Claims

CVDL '24: Proceedings of the International Conference on Computer Vision and Deep Learning

Article No.: 23, Pages 1 - 6

https://doi.org/10.1145/3653781.3653807

Published: 01 June 2024 Publication History

Get Access

Abstract

Abstract: Network traffic anomaly detection technology is an effective method for monitoring network security status and identifying potential attacks. With the increasing volume of network traffic data exhibiting high dimensionality and imbalance, traditional intrusion detection models face limitations in detection efficiency and accuracy. Existing intrusion detection methods often overlook issues related to temporal features in data and class imbalances, further hindering intrusion detection efficiency. In response to these challenges, this paper proposes an attention-based convolutional neural networks–long short-term memory (CNN-BiLSTM) network structure to enhance intrusion detection efficiency. By integrating CNN and BiLSTM networks to jointly learn spatio-temporal features of the data, and introducing an attention mechanism to deeply capture hidden feature relationships, this approach accelerates model convergence while balancing accuracy and efficiency. Additionally, to address class imbalance issues in network anomaly traffic, this study optimizes the cross-entropy loss function by introducing a cyclical focal loss function (CFL). This function cyclically adjusts the model's focus on different samples, thereby enhancing the detection rate of challenging samples and improving the model's generalization capabilities. Experiments conducted on the UNSW-NB15 datasets demonstrate that the proposed algorithm achieves a high accuracy of 97.09% while ensuring efficiency. Moreover, it effectively enhances the detection rate of imbalanced samples, highlighting its capability in handling class imbalances within anomaly traffic.

Keywords: abnormal traffic detection detection; attention mechanism; CNN-BiLSTM; imbalanced data

References

[1]

LIAO H J, LIN C H, LIN Y C, Intrusion detection system: a comprehensive review [ J]. Journal of Network and Computer Applications, 2013, 36 (1): 16 - 24.

Digital Library

Google Scholar

[2]

Zhou Mingyue, Chang Minghang, Fu Dianchen, etc.A network intrusion detection algorithm based on EA-BinGRU algorithm [J].Computer Applications and Software, 2019,40(11):321-326.

Google Scholar

[3]

Le, T.-T.-H.; Oktian, Y.E.; Kim, H. XGBoost for Imbalanced Multiclass Classification-Based Industrial Internet of Things Intrusion Detection Systems. Sustainability 2022, 14, 8707. https://doi.org/10.3390/su14148707

Crossref

Google Scholar

[4]

Su Xin, Zhang Guifu, Hang Hongyan Intrusion detection of Marine meteorological sensor network based on balanced generative adversarial network [J]. Journal of Communications, 2023, 44(04): 124-136.

Google Scholar

[5]

Abdelmoumin, G.; Whitaker, J.; Rawat, D.B.; Rahman, A. A Survey on Data-Driven Learning for Intelligent Network Intrusion Detection Systems. Electronics 2022, 11, 213. https://doi.org/10.3390/electronics11020213

Crossref

Google Scholar

[6]

Smith, L. N. (2022). Cyclical focal loss. arXiv preprint arXiv:2202.08978.

Google Scholar

[7]

X. Zheng and X. Li, "Wind Electricity Power Prediction Based on CNN - LSTM Network Model," 2023 IEEE International Conference on Sensors, Electronics and Computer Engineering (ICSECE), Jinzhou, China, 2023, pp. 231-236.

Crossref

Google Scholar

[8]

Vaswani A, Shazeer N, Parmar N,et al.Attention Is All You Need[J].arXiv, 2017.

Crossref

Google Scholar

[9]

N. Moustafa and J. Slay, "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)," 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia, 2015, pp. 1-6.

Crossref

Google Scholar

[10]

Li Jun, Xia Songzhu, LAN Haiyan, Network Intrusion Detection method based on GRU-RNN [J].Journal of Harbin Engineering University, 2021, 42 (6).

Google Scholar

[11]

X. Wang, X. Wang, M. He, M. Zhang and Z. Lu, "Spatial-Temporal Graph Model Based on Attention Mechanism for Anomalous IoT Intrusion Detection," in IEEE Transactions on Industrial Informatics.

Crossref

Google Scholar

[12]

Altunay, Hakan Can and Zafer Albayrak. “A hybrid CNN + LSTMbased intrusion detection system for industrial IoT networks.” Engineering Science and Technology, an International Journal (2023): n. pag.

Google Scholar

Cited By

View all

Maseno EWang ZSun Y(2024)Performance Evaluation of Intrusion Detection Systems on the TON_IoT Datasets Using a Feature Selection MethodProceedings of the 2024 8th International Conference on Computer Science and Artificial Intelligence10.1145/3709026.3709048(607-613)Online publication date: 6-Dec-2024
https://dl.acm.org/doi/10.1145/3709026.3709048

Recommendations

RETRACTED ARTICLE: An abnormal traffic detection method using GCN-BiLSTM-Attention in the internet of vehicles environment
Abstract
In-vehicle network intrusion detection tasks, it is usually necessary to simultaneously meet the requirements of low computational power consumption, real-time response, and high detection accuracy. In response to the class imbalance problem in ...
Abnormal traffic detection system in SDN based on deep learning hybrid models
Abstract
Software defined network (SDN) provides technical support for network construction of smart cities. However, the openness of SDN is also prone to more network attacks. Traditional abnormal traffic detection algorithms are complex and time-...
Abnormal Traffic Detection Based on a Fusion BiGRU Neural Network
Advances in Swarm Intelligence
Abstract
As network security is getting more and more attention, methods for anomalous traffic detection are proposed. However, the methods for anomalous traffic detection have problems such as low detection rate and high false alarm rate, so this paper ...

Comments

Information & Contributors

Information

Published In

CVDL '24: Proceedings of the International Conference on Computer Vision and Deep Learning

January 2024

506 pages

ISBN:9798400718199

DOI:10.1145/3653804

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

CVDL 2024

CVDL 2024: The International Conference on Computer Vision and Deep Learning

January 19 - 21, 2024

Changsha, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
54
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)13

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Maseno EWang ZSun Y(2024)Performance Evaluation of Intrusion Detection Systems on the TON_IoT Datasets Using a Feature Selection MethodProceedings of the 2024 8th International Conference on Computer Science and Artificial Intelligence10.1145/3709026.3709048(607-613)Online publication date: 6-Dec-2024
https://dl.acm.org/doi/10.1145/3709026.3709048

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Recommendations

RETRACTED ARTICLE: An abnormal traffic detection method using GCN-BiLSTM-Attention in the internet of vehicles environment

Abnormal traffic detection system in SDN based on deep learning hybrid models

Abnormal Traffic Detection Based on a Fusion BiGRU Neural Network

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Share

Share this Publication link

Share on social media

Affiliations