Visible to the public A Hybrid Feature Extraction Network for Intrusion Detection Based on Global Attention Mechanism

TitleA Hybrid Feature Extraction Network for Intrusion Detection Based on Global Attention Mechanism
Publication TypeConference Paper
Year of Publication2020
AuthorsChen, W., Cao, H., Lv, X., Cao, Y.
Conference Name2020 International Conference on Computer Information and Big Data Applications (CIBDA)
KeywordsAI methods, composability, computer network security, Deep Learning, false alarm rates, feature extraction, feature extraction layer, fully connected layer, Global Attention Mechanism, global attention mechanism layer, hybrid feature extraction network, hybrid network, Intrusion detection, intrusion detection task, intrusion detection tasks, large-scale network traffic, low recognition performance, machine learning, Metrics, network intrusion detection, network monitoring system, network traffic attributes, neural nets, pattern classification, pubcrawl, Residual U Net, resilience, Resiliency, RULA-IDS, spatial features, Support vector machines, SVM classification layer, telecommunication traffic, temporal features, Testing, Training
AbstractThe widespread application of 5G will make intrusion detection of large-scale network traffic a mere need. However, traditional intrusion detection cannot meet the requirements by manually extracting features, and the existing AI methods are also relatively inefficient. Therefore, when performing intrusion detection tasks, they have significant disadvantages of high false alarm rates and low recognition performance. For this challenge, this paper proposes a novel hybrid network, RULA-IDS, which can perform intrusion detection tasks by great amount statistical data from the network monitoring system. RULA-IDS consists of the fully connected layer, the feature extraction layer, the global attention mechanism layer and the SVM classification layer. In the feature extraction layer, the residual U-Net and LSTM are used to extract the spatial and temporal features of the network traffic attributes. It is worth noting that we modified the structure of U-Net to suit the intrusion detection task. The global attention mechanism layer is then used to selectively retain important information from a large number of features and focus on those. Finally, the SVM is used as a classifier to output results. The experimental results show that our method outperforms existing state-of-the-art intrusion detection methods, and the accuracies of training and testing are improved to 97.01% and 98.19%, respectively, and presents stronger robustness during training and testing.
Citation Keychen_hybrid_2020