ADFCNN-BiLSTM: A Deep Neural Network Based on Attention and Deformable Convolution for Network Intrusion Detection

ADFCNN-BiLSTM: A Deep Neural Network Based on Attention and Deformable Convolution for Network Intrusion Detection

Network intrusion detection systems can identify intrusion behavior in a network by analyzing network traffic data. It is challenging to detect a very small proportion of intrusion data from massive network traffic and identify the attack class in intrusion detection tasks. Many existing intrusion d...

Full description

Saved in:
Bibliographic Details
Main Authors: Bin Li, Jie Li, Mingyu Jia
Format: Article
Language:English
Published: MDPI AG 2025-02-01
Series:Sensors
Subjects:
network intrusion detection
bidirectional long short-term memory
deformable convolution
attention mechanism
Online Access:https://www.mdpi.com/1424-8220/25/5/1382
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network intrusion detection systems can identify intrusion behavior in a network by analyzing network traffic data. It is challenging to detect a very small proportion of intrusion data from massive network traffic and identify the attack class in intrusion detection tasks. Many existing intrusion detection studies often fail to fully extract the spatial features of network traffic and make reasonable use of temporal features. In this paper, we propose ADFCNN-BiLSTM, a novel deep neural network for network intrusion detection. ADFCNN-BiLSTM uses deformable convolution and an attention mechanism to adaptively extract the spatial features of network traffic data, and it pays attention to the important features from both channel and spatial perspectives. It uses BiLSTM to mine the temporal features from the traffic data and employs the multi-head attention mechanism to allow the network to focus on the time-series information related to suspicious traffic. In addition, ADFCNN-BiLSTM addresses the issue of class imbalance during the training process at both the data level and algorithm level. We evaluated the proposed ADFCNN-BiLSTM on three standard datasets, i.e., NSL-KDD, UNSW-NB15, and CICDDoS2019. The experimental results show that ADFCNN-BiLSTM outperforms the state-of-the-art model in terms of accuracy, detection rate, and false-positive rate.
ISSN:1424-8220

Similar Items