Early Network Intrusion Detection Enabled by Attention Mechanisms and RNNs
Auteurs
Djaidja T.E.T., Brik B., Mohammed Senouci S., Boualouache A., Ghamri-Doudane Y.
Référence
IEEE Transactions on Information Forensics and Security, vol. 19, pp. 7783-7793, 2024
Description
Current flow-based Network Intrusion Detection Systems (NIDSs) have the drawback of detecting attacks only once the flow has ended, resulting in potential delays in attack detection and increasing the risk of damage due to the infiltration of a greater number of malicious packets. Moreover, the delay provides attackers with an extended period of presence within the network, enabling them to execute subsequent attacks. To overcome this drawback, this work addresses the issue of early flow classification in NIDSs that incorporates a Deep Learning (DL) model. This model leverages Recurrent Neural Networks (RNNs), including Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU), coupled with attention mechanisms. This strategic combination allows the system to harness the inherent sequential nature of packets within network flows, enhancing the efficiency of early flow classification. We conducted experiments on two up-to-date network intrusion datasets, namely CIC-IDS2017 and 5G-NIDD. Our findings demonstrate the effectiveness and accuracy of the proposed NIDS in classifying network flows. Additionally, our approach showcases its efficacy by promptly identifying and detecting attacks in their early stages without the need for flow termination. This results in a reduction in both the number of initial packets required for classification and the time needed for detection.
