TY - GEN
T1 - Attention-based deep learning modelling for intrusion detection
AU - AlOmar, Ban
AU - Trabelsi, Zouheir
AU - Saidi, Firas
N1 - Publisher Copyright:
© 2023 Curran Associates Inc.. All rights reserved.
PY - 2023
Y1 - 2023
N2 - Cyber-Attacks are becoming increasingly sophisticated, posing more significant challenges to traditional intrusion detection methods. The inability to prevent intrusions could compromise the credibility of security services, thereby putting data confidentiality, integrity, and availability at risk. In response to this problem, research has been conducted to apply deep learning (DL) models to intrusion detection, leveraging the new era of AI and the proven efficiency of DL in many fields. This study proposes a new intrusion detection system (IDS) based on DL, utilizing attention-based long short-Term memory (AT-LSTM) and attention-based bidirectional LSTM (AT-BiLSTM) models. The time-series nature of network traffic data, which changes continuously over time, makes LSTM and BiLSTM particularly effective in handling intrusion detection. These models can capture long-Term dependencies in the sequence of events, learn the patterns of normal network behaviour, and detect deviations from this behaviour that may indicate an intrusion. Also, the attention mechanism in the proposed models lets them make predictions based on the most important parts of the network traffic data. This is important for finding intrusions because network traffic data can have many different features, not all of which are important for finding an attack. The attention mechanism lets the models learn which features are most important for making accurate predictions, which improves their performance and efficiency. The UNSW-NB15 benchmark dataset is used in the study to measure and compare the effectiveness and reliability of the proposed system. This dataset contains normal and attack traffic data with a significant class imbalance. To address this issue, the study employs the Synthetic Minority Over-sampling Technique (SMOTE) to balance the dataset, thus reducing the risk of overfitting to the majority class and improving the model's performance in detecting attacks. The performance evaluation results demonstrate that the proposed models achieved a detection rate of over 93%, indicating high precision in detecting intrusions. By harnessing the power of deep learning, these models can learn and adapt to new threats over time, thus ensuring data confidentiality, integrity, and availability in today's interconnected world.
AB - Cyber-Attacks are becoming increasingly sophisticated, posing more significant challenges to traditional intrusion detection methods. The inability to prevent intrusions could compromise the credibility of security services, thereby putting data confidentiality, integrity, and availability at risk. In response to this problem, research has been conducted to apply deep learning (DL) models to intrusion detection, leveraging the new era of AI and the proven efficiency of DL in many fields. This study proposes a new intrusion detection system (IDS) based on DL, utilizing attention-based long short-Term memory (AT-LSTM) and attention-based bidirectional LSTM (AT-BiLSTM) models. The time-series nature of network traffic data, which changes continuously over time, makes LSTM and BiLSTM particularly effective in handling intrusion detection. These models can capture long-Term dependencies in the sequence of events, learn the patterns of normal network behaviour, and detect deviations from this behaviour that may indicate an intrusion. Also, the attention mechanism in the proposed models lets them make predictions based on the most important parts of the network traffic data. This is important for finding intrusions because network traffic data can have many different features, not all of which are important for finding an attack. The attention mechanism lets the models learn which features are most important for making accurate predictions, which improves their performance and efficiency. The UNSW-NB15 benchmark dataset is used in the study to measure and compare the effectiveness and reliability of the proposed system. This dataset contains normal and attack traffic data with a significant class imbalance. To address this issue, the study employs the Synthetic Minority Over-sampling Technique (SMOTE) to balance the dataset, thus reducing the risk of overfitting to the majority class and improving the model's performance in detecting attacks. The performance evaluation results demonstrate that the proposed models achieved a detection rate of over 93%, indicating high precision in detecting intrusions. By harnessing the power of deep learning, these models can learn and adapt to new threats over time, thus ensuring data confidentiality, integrity, and availability in today's interconnected world.
KW - Attention Architecture
KW - BiLSTM
KW - Intrusion Detection
KW - LSTM
KW - Network Attacks
UR - http://www.scopus.com/inward/record.url?scp=85167578784&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85167578784&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85167578784
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 22
EP - 32
BT - Proceedings of the 22nd European Conference on Cyber Warfare and Security, ECCWS 2023
A2 - Andreatos, Antonios
A2 - Douligeris, Christos
PB - Curran Associates Inc.
T2 - 22nd European Conference on Cyber Warfare and Security, ECCWS 2023
Y2 - 22 June 2023 through 23 June 2023
ER -