Attention-based CNN-BiSLTM deep learning approach for network intrusion detection system in software defined networks

Ben Said R., Askerbeyli İ.

International conferences "Problems of Cybernetics and Informatics", Baku, Azerbaycan, 28 - 30 Ağustos 2023, ss.80-81

  • Yayın Türü: Bildiri / Özet Bildiri
  • Basıldığı Şehir: Baku
  • Basıldığı Ülke: Azerbaycan
  • Sayfa Sayıları: ss.80-81
  • Ankara Üniversitesi Adresli: Evet

Özet

Intrusion detection is a critical security function in softwaredefined networks (SDNs). However, traditional intrusion detection methods are often ineffective in SDNs due to their limited ability to capture the complex network traffic patterns. The high value of the SDN controller makes it a prime target for intruders who can use it to route network traffic according to their needs, potentially causing catastrophic consequences for the entire network. The effectiveness of the detection algorithms that leverage the unified vision of SDN and deep learning methods to improve IDS security depends heavily on the quality of the training datasets. In this paper, we propose the intrusion detection hybrid model based on CNN (Convolutional Neural Network) and a BiLSTM (Bidirectional Long-Short Term Memory) with attention mechanism. The model consists of three main components: a CNN layer, a BiSLTM layer, and an attention layer. The CNN layer extracts local features from the network traffic data. The BiSLTM layer learns the temporal dependencies between the local features. The attention layer selects the most relevant features from the BiSLTM output for each intrusion type. Our hybrid model can effectively detect a wide range of intrusions, including Brute force, Web attacks, DDoS (Distributed Denial-of-Service). The hybrid model has several advantages over the state-of-the-art intrusion detection models. First, our model can effectively capture the complex network traffic patterns. Second, it can identify intrusions with high accuracy. Third, it is efficient and can be easily deployed in SDNs. We evaluate our model on a realworld SDN dataset (InSDN dataset). The experimental results show that our hybrid model outperforms the state-of-the-art intrusion detection models in terms of accuracy, precision, recall, and F1 score like Alexnet, Lenet5, CNN, CNN-LSTM and CNN-BiLSTM without attention mechanism models.