A malicious network traffic detection model based on bidirectional temporal convolutional network with multi-head self-attention mechanism

被引:17
作者
Cai, Saihua [1 ,2 ]
Xu, Han [1 ]
Liu, Mingjie [1 ]
Chen, Zhilin [1 ]
Zhang, Guofeng [3 ]
机构
[1] Jiangsu Univ, Sch Comp Sci & Commun Engn, Zhenjiang 212013, Peoples R China
[2] Jiangsu Univ, Jiangsu Key Lab Secur Technol Ind Cyberspace, Zhenjiang 212013, Peoples R China
[3] Taishan Univ, Sch Informat Sci & Technol, Tai An 271000, Peoples R China
基金
中国国家自然科学基金;
关键词
Malicious network traffic detection; Bidirectional temporal convolutional network; Multi -head self -attention mechanism; Cross -entropy loss function; Deep learning;
D O I
10.1016/j.cose.2023.103580
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The increasingly frequent network intrusions have brought serious impacts to the production and life, thus malicious network traffic detection has received more and more attention in recent years. However, the traditional rule matching-based and machine learning-based malicious network traffic detection methods have the problems of relying on human experience as well as low detection efficiency. The continuous development of deep learning technology provides new ideas to solve malicious network traffic detection, and the deep learning models are also widely used in the field of malicious network traffic detection. Compared with other deep learning models, bidirectional temporal convolutional network (BiTCN) has achieved better detection results due to its ability to obtain bidirectional semantic features of network traffic, but it does not consider the different meanings as well as different importance of different subsequence segments in network traffic sequences; In addition, the loss function used in BiTCN is the negative log likelihood function, which may lead to overfitting problems when facing multi-classification problems and data imbalance problems. To solve these problems, this paper proposes a malicious network traffic detection model based on BiTCN and multi-head self-attention (MHSA) mechanism, namely BiTCN_MHSA, it innovatively uses the MHSA mechanism to assign different weights to different subsequences of network traffic, thus making the model more focused on the characteristics of malicious network traffic as well as improving the efficiency of processing global network traffic; Moreover, it also changes its loss function to a cross-entropy loss function to penalize misclassification more severely, thereby speeding up the convergence. Finally, extensive experiments are conduced to evaluate the efficiency of proposed BiTCN_MHSA model on two public network traffic, the experimental results verify that the proposed BiTCN_MHSA model outperforms six state-of-the-arts in precision, recall, F1-measure and accuracy.
引用
收藏
页数:17
相关论文
共 44 条
[41]   Gigabit rate packet pattern-matching using TCAM [J].
Yu, F ;
Katz, RH ;
Lakshman, TV .
12TH IEEE INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS - PROCEEDINGS, 2004, :174-183
[42]   Comparative research on network intrusion detection methods based on machine learning [J].
Zhang, Chunying ;
Jia, Donghao ;
Wang, Liya ;
Wang, Wenjie ;
Liu, Fengchun ;
Yang, Aimin .
COMPUTERS & SECURITY, 2022, 121
[43]   An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset [J].
Zhang, Hongpo ;
Huang, Lulu ;
Wu, Chase Q. ;
Li, Zhanbo .
COMPUTER NETWORKS, 2020, 177
[44]   Algorithms to speedup pattern matching for network intrusion detection systems [J].
Zheng, Kai ;
Cai, Zhiping ;
Zhang, Xin ;
Wang, Zhijun ;
Yang, Baohua .
COMPUTER COMMUNICATIONS, 2015, 62 :47-58