{"title":"SAGB: self-attention with gate and BiGRU network for intrusion detection","authors":"Zhanhui Hu, Guangzhong Liu, Yanping Li, Siqing Zhuang","doi":"10.1007/s40747-024-01577-y","DOIUrl":null,"url":null,"abstract":"<p>Network traffic intrusion detection technology plays an important role in host and platform security. At present, machine learning and deep learning methods are often used for network traffic intrusion detection. However, the imbalance of relevant data sets will cause the model algorithm to learn the features of the majority categories and ignore the features of the minority categories, which will seriously affect the precision of network intrusion detection models. The number of samples of the attacks is much less than the number of normal samples. The classification performance on unbalanced data sets is poor and can not identify the minority attack samples well. To solve these problems, this paper proposed the resampling mechanism, which used random undersampling for the majority categories samples and K-Smote oversampling for the minority categories samples, so as to generate a more balanced data set and improve the model's detection rate for the minority categories. This paper proposed the Self-Attention with Gate (SAG) and BiGRU network model for intrusion detection on the CICIDS2017 data set, which can fully extract high-dimensional information from data samples and improve the detection rate of network attacks. The Self-Attention with Gate mechanism (SAG) based on the Transformer performed the feature extraction, filtered the irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. Compared to the experimental results of other algorithms, such as Random Forest (RF) and BiGRU, it can be found that the overall classification precision for the SAG-BiGRU model in this paper is much higher and also has a good effect on the NSL-KDD data set.</p>","PeriodicalId":10524,"journal":{"name":"Complex & Intelligent Systems","volume":"15 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex & Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s40747-024-01577-y","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Network traffic intrusion detection technology plays an important role in host and platform security. At present, machine learning and deep learning methods are often used for network traffic intrusion detection. However, the imbalance of relevant data sets will cause the model algorithm to learn the features of the majority categories and ignore the features of the minority categories, which will seriously affect the precision of network intrusion detection models. The number of samples of the attacks is much less than the number of normal samples. The classification performance on unbalanced data sets is poor and can not identify the minority attack samples well. To solve these problems, this paper proposed the resampling mechanism, which used random undersampling for the majority categories samples and K-Smote oversampling for the minority categories samples, so as to generate a more balanced data set and improve the model's detection rate for the minority categories. This paper proposed the Self-Attention with Gate (SAG) and BiGRU network model for intrusion detection on the CICIDS2017 data set, which can fully extract high-dimensional information from data samples and improve the detection rate of network attacks. The Self-Attention with Gate mechanism (SAG) based on the Transformer performed the feature extraction, filtered the irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. Compared to the experimental results of other algorithms, such as Random Forest (RF) and BiGRU, it can be found that the overall classification precision for the SAG-BiGRU model in this paper is much higher and also has a good effect on the NSL-KDD data set.
期刊介绍:
Complex & Intelligent Systems aims to provide a forum for presenting and discussing novel approaches, tools and techniques meant for attaining a cross-fertilization between the broad fields of complex systems, computational simulation, and intelligent analytics and visualization. The transdisciplinary research that the journal focuses on will expand the boundaries of our understanding by investigating the principles and processes that underlie many of the most profound problems facing society today.