Multidomain transformer-based deep learning for early detection of   network intrusion

Jinxin Liu; Murat Simsek; Michele Nogueira; Burak Kantarci

arXiv:2309.01070·cs.CR·May 28, 2024·2 cites

Multidomain transformer-based deep learning for early detection of network intrusion

Jinxin Liu, Murat Simsek, Michele Nogueira, Burak Kantarci

PDF

Open Access

TL;DR

This paper introduces a novel deep learning framework using multi-domain transformers for early detection of network intrusions, significantly improving detection speed and accuracy over existing methods.

Contribution

It proposes a new feature extractor, a benchmark dataset, and a multi-domain transformer model with enhanced attention mechanisms for early network intrusion detection.

Findings

01

Achieved 84.1% macro F1 score, 31% higher than Transformer.

02

Improved earliness by 5x10^4 times in packet usage.

03

Outperformed state-of-the-art methods by 5-6% on benchmark datasets.

Abstract

Timely response of Network Intrusion Detection Systems (NIDS) is constrained by the flow generation process which requires accumulation of network packets. This paper introduces Multivariate Time Series (MTS) early detection into NIDS to identify malicious flows prior to their arrival at target systems. With this in mind, we first propose a novel feature extractor, Time Series Network Flow Meter (TS-NFM), that represents network flow as MTS with explainable features, and a new benchmark dataset is created using TS-NFM and the meta-data of CICIDS2017, called SCVIC-TS-2022. Additionally, a new deep learning-based early detection model called Multi-Domain Transformer (MDT) is proposed, which incorporates the frequency domain into Transformer. This work further proposes a Multi-Domain Multi-Head Attention (MD-MHA) mechanism to improve the ability of MDT to extract better features. Based on…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Anomaly Detection Techniques and Applications

MethodsMulti-Head Attention · Attention Is All You Need · Residual Connection · Adam · Byte Pair Encoding · Softmax · Dropout · Label Smoothing · Absolute Position Encodings · Layer Normalization