Attention-based deep learning modelling for intrusion detection

Ban AlOmar, Zouheir Trabelsi, Firas Saidi

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Cyber-Attacks are becoming increasingly sophisticated, posing more significant challenges to traditional intrusion detection methods. The inability to prevent intrusions could compromise the credibility of security services, thereby putting data confidentiality, integrity, and availability at risk. In response to this problem, research has been conducted to apply deep learning (DL) models to intrusion detection, leveraging the new era of AI and the proven efficiency of DL in many fields. This study proposes a new intrusion detection system (IDS) based on DL, utilizing attention-based long short-Term memory (AT-LSTM) and attention-based bidirectional LSTM (AT-BiLSTM) models. The time-series nature of network traffic data, which changes continuously over time, makes LSTM and BiLSTM particularly effective in handling intrusion detection. These models can capture long-Term dependencies in the sequence of events, learn the patterns of normal network behaviour, and detect deviations from this behaviour that may indicate an intrusion. Also, the attention mechanism in the proposed models lets them make predictions based on the most important parts of the network traffic data. This is important for finding intrusions because network traffic data can have many different features, not all of which are important for finding an attack. The attention mechanism lets the models learn which features are most important for making accurate predictions, which improves their performance and efficiency. The UNSW-NB15 benchmark dataset is used in the study to measure and compare the effectiveness and reliability of the proposed system. This dataset contains normal and attack traffic data with a significant class imbalance. To address this issue, the study employs the Synthetic Minority Over-sampling Technique (SMOTE) to balance the dataset, thus reducing the risk of overfitting to the majority class and improving the model's performance in detecting attacks. The performance evaluation results demonstrate that the proposed models achieved a detection rate of over 93%, indicating high precision in detecting intrusions. By harnessing the power of deep learning, these models can learn and adapt to new threats over time, thus ensuring data confidentiality, integrity, and availability in today's interconnected world.

Original languageEnglish
Title of host publicationProceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023
EditorsAntonios Andreatos, Christos Douligeris
PublisherCurran Associates Inc.
Number of pages11
ISBN (Electronic)9781914587702
Publication statusPublished - 2023
Event22nd European Conference on Cyber Warfare and Security, ECCWS 2023 - Athens, Greece
Duration: Jun 22 2023Jun 23 2023

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610


Conference22nd European Conference on Cyber Warfare and Security, ECCWS 2023


  • Attention Architecture
  • BiLSTM
  • Intrusion Detection
  • LSTM
  • Network Attacks

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Attention-based deep learning modelling for intrusion detection'. Together they form a unique fingerprint.

Cite this