A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory

YIN Zinuo; MA Hailong; HU Tao

doi:10.11999/JEIT220959

Volume 45 Issue 10

Oct. 2023

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2023 > 45(10): 3719-3728

YIN Zinuo, MA Hailong, HU Tao. A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3719-3728. doi: 10.11999/JEIT220959

Citation:

YIN Zinuo, MA Hailong, HU Tao. A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3719-3728. doi: 10.11999/JEIT220959

Citation:

YIN Zinuo, MA Hailong, HU Tao. A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3719-3728. doi: 10.11999/JEIT220959

PDF( 2241 KB)

A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory

doi: 10.11999/JEIT220959

Institute of Information Technology, PLA Information Engineering University, Zhengzhou 450001, China

Funds: The National Key R&D Program of China (2018YFB0804002)

Received Date: 2022-07-18
Rev Recd Date: 2022-09-03

Available Online: 2022-09-06

Publish Date: 2023-10-31

Abstract

Abstract

Considering the problem that the class imbalance of traffic dataset limits the performance of the model to the minority class attack traffic, a traffic anomaly detection method based on the joint model of attention mechanism and One-Dimensional Convolutional Neural Network - Bidirectional Long Short Term Memory (1DCNN-BiLSTM) is proposed. First, in the data preprocessing, the BorderlineSMOTE method is used to preprocess the imbalanced traffic training data, so that the quantities of different categories are balanced, which is helpful for the model to train various types fully. Then, the joint model of attention mechanism and 1DCNN-BiLSTM is designed to extract the local and long-distance sequence features of the traffic data. The features useful for classification are assigned weights according to their importance through the attention mechanism, which makes the model improve the detection rate of attack classes. Experimental results show that the proposed method has the highest accuracy for NSL-KDD and CICIDS2017 datasets (up to 93.17% and 98.65%). The proposed method improves the detection rate of User to Root(U2R) attack traffic in NSL-KDD dataset by at least 13.70%, which proves the effectiveness of the proposed method in improving the detection rate of minority attack traffic.

FullText(HTML)

References(23)

References

[1]	Statista Research Department. Number of internet of things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022 to 2030[EB/OL]. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/, 2022.
[2]	SU Yu, QI Kaiyue, DI Chong, et al. Learning automata based feature selection for network traffic intrusion detection[C]. 2018 IEEE Third International Conference on Data Science in Cyberspace, Guangzhou, China, 2018: 622–627.
[3]	SYARIF I, PRUGEL-BENNETT A, and WILLS G. Unsupervised clustering approach for network anomaly detection[C]. 4th International Conference on Networked Digital Technologies, Berlin, Germany, 2012: 135–145.
[4]	BO Li and YUAN Chenyuan. The research of intrusion detection based on support vector machine[C]. 2009 International Conference on Computer and Communications Security, Hong Kong, China, 2009: 21–23.
[5]	TENGL S, ZHANG Zhenhua, TENG Luyao, et al. A collaborative intrusion detection model using a novel optimal weight strategy based on genetic algorithm for ensemble classifier[C]. 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design. Nanjing, China, 2018: 761–766.
[6]	SORNSUWIT P and JAIYEN S. Intrusion detection model based on ensemble learning for U2R and R2L attacks[C]. 2015 7th International Conference on Information Technology and Electrical Engineering, Chiang Mai, Thailand, 2015: 354–359.
[7]	NEGANDHI P, TRIVEDI Y, and MANGRULKAR R. Intrusion detection system using random forest on the NSL-KDD dataset[C]. Emerging Research in Computing, Information, Communication and Applications, Singapore, 2019: 519–531.
[8]	KORONIOTIS N, MOUSTAFA N, SITNIKOVA E, et al. Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques[C]. International Conference on Mobile Networks and Management, Cham, Switzerland, 2018: 30–44.
[9]	D'HOOGE L, WAUTERS T, VOLCKAERT B, et al. Inter-dataset generalization strength of supervised machine learning methods for intrusion detection[J]. Journal of Information Security and Applications, 2020, 54: 102564. doi: 10.1016/j.jisa.2020.102564
[10]	TANG T A, MHAMDI L, MCLERNON D, et al. Deep learning approach for network intrusion detection in software defined networking[C]. 2016 International Conference on Wireless Networks and Mobile Communications, Fez, Morocco, 2016: 258–263.
[11]	SHONE N, NGOC T N, PHAI V D, et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018, 2(1): 41–50. doi: 10.1109/TETCI.2017.2772792
[12]	董书琴, 张斌. 基于深度特征学习的网络流量异常检测方法[J]. 电子与信息学报, 2020, 42(3): 695–703. doi: 10.11999/JEIT190266 DONG Shuqin and ZHANG Bin. Network traffic anomaly detection method based on deep features learning[J]. Journal of Electronics &Information Technology, 2020, 42(3): 695–703. doi: 10.11999/JEIT190266
[13]	缪祥华, 单小撤. 基于密集连接卷积神经网络的入侵检测技术研究[J]. 电子与信息学报, 2020, 42(11): 2706–2712. doi: 10.11999/JEIT190655 MIAO Xianghua and SHAN Xiaoche. Research on intrusion detection technology based on densely connected convolutional neural networks[J]. Journal of Electronics &Information Technology, 2020, 42(11): 2706–2712. doi: 10.11999/JEIT190655
[14]	SIVAMOHAN S, SRIDHAR S S, and KRISHNAVENI S. An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory[C]. 2021 International Conference on Intelligent Technologies (CONIT), Hubli, India, 2021: 1–5.
[15]	EBENUWA S H, SHARIF M S, ALAZAB M, et al. Variance ranking attributes selection techniques for binary classification problem in imbalance data[J]. IEEE Access, 2019, 7: 24649–24666. doi: 10.1109/ACCESS.2019.2899578
[16]	CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: Synthetic minority over-sampling technique[J]. Journal of Artificial Intelligence Research, 2002, 16: 321–357. doi: 10.1613/jair.953
[17]	HE Haibo, BAI Yang, GARCIA E A, et al. ADASYN: Adaptive synthetic sampling approach for imbalanced learning[C]. 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), Hong Kong, China, 2008: 1322–1328.
[18]	HE Haibo and GARCIA E A. Learning from imbalanced data[J]. IEEE Transactions on Knowledge and Data Engineering, 2009, 21(9): 1263–1284. doi: 10.1109/TKDE.2008.239
[19]	YU Yingwei and BIAN Naizheng. An intrusion detection method using few-shot learning[J]. IEEE Access, 2020, 8: 49730–49740. doi: 10.1109/ACCESS.2020.2980136
[20]	CHOWDHURY M M U, HAMMOND F, KONOWICZ G, et al. A few-shot deep learning approach for improved intrusion detection[C]. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), New York, USA, 2017: 456–462.
[21]	CHORAŚ M and PAWLICKI M. Intrusion detection approach based on optimised artificial neural network[J]. Neurocomputing, 2021, 452: 705–715. doi: 10.1016/j.neucom.2020.07.138
[22]	BEDI P, GUPTA N, and JINDAL V. I-SiamIDS: An improved Siam-IDS for handling class imbalance in network-based intrusion detection systems[J]. Applied Intelligence, 2021, 51(2): 1133–1151. doi: 10.1007/s10489-020-01886-y
[23]	PANIGRAHI R, BORAH S, PRAMANIK M, et al. Intrusion detection in cyber-physical environment using hybrid Naïve Bayes-Decision table and multi-objective evolutionary feature selection[J]. Computer Communications, 2022, 188: 133–144. doi: 10.1016/j.comcom.2022.03.009