Attention-Based CNN-BiLSTM Deep Learning Approach for Network Intrusion Detection System in Software Defined Networks

Said R. B., ASKERBEYLİ İ.

5th International Conference on Problems of Cybernetics and Informatics, PCI 2023, Baku, Azerbaycan, 28 - 30 Ağustos 2023 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/pci60110.2023.10325985
  • Basıldığı Şehir: Baku
  • Basıldığı Ülke: Azerbaycan
  • Anahtar Kelimeler: Attention mechanisms, BiLSTM, CNN, Deep learning, multi class classification, Network intrusion detection system (NIDS), Network security, Software defined networking (SDN)
  • Ankara Üniversitesi Adresli: Evet

Özet

Intrusion detection is a critical security function in software-defined networks (SDNs). However, traditional intrusion detection methods are often ineffective in SDNs due to their limited ability to capture the complex network traffic patterns. The high value of the SDN controller makes it a prime target for intruders who can use it to route network traffic according to their needs, potentially causing catastrophic consequences for the entire network. The effectiveness of the detection algorithms that leverage the unified vision of SDN and deep learning methods to improve IDS security depends heavily on the quality of the training datasets. In this paper, we propose the intrusion detection hybrid model based on CNN (Convolutional Neural Network) and a BiLSTM (Bidirectional Long-Short Term Memory) with attention mechanism. The model consists of three main components: a CNN layer, a BiLSTM layer, and an attention layer. The CNN layer extracts local features from the network traffic data. The BiLSTM layer learns the temporal dependencies between the local features. The attention layer selects the most relevant features from the BiLSTM output for each intrusion type. Our hybrid model can effectively detect a wide range of intrusions, including Brute force, Web attacks, DDoS (Distributed Denial-of-Service). The hybrid model has several advantages over the state-of-the-art intrusion detection models. First, our model can effectively capture the complex network traffic patterns. Second, it can identify intrusions with high accuracy. Third, it is efficient and can be easily deployed in SDNs. We evaluate our model on a real-world SDN dataset (InSDN dataset). The experimental results show that our hybrid model outperforms the state-of-the-art intrusion detection models in terms of accuracy, precision, recall, and F1 score like Alexnet, Lenet5, CNN, CNN-LSTM and CNN-BiLSTM without attention mechanism models.