Zero Trust Network Intrusion Detection System (NIDS) using Auto Encoder for Attention-based CNN-BiLSTM

Abeer Alalmaie, Priyadarsi Nanda, Xiangjian He

Research output: Chapter in Book/Conference proceedingConference contributionpeer-review

5 Citations (Scopus)

Abstract

The large number of connected networks that underpin today's IT ecosystem make them more vulnerable to cyber threats because of their connectivity, user diversity, amount of connected devices, and services and applications that are available worldwide. As a response to these cyberthreats, zero trust security has been recommended. However, it's crucial to remember that this kind of security monitoring can be done by outside experts. When cloud-based third parties access network traces, there are threats to data security, thus the present trend in security monitoring needs to change to a "Never Trust, Always Verify"approach. Network Intrusion Detection System (NIDS) can be used to detect anomalous behavior. Convolution Neural Network (CNN) and Bi-directional Long Short Term Memory (BiLSTM) based classifiers and Auto-Encoder (AE) feature extractors have shown promising results in NIDS. AE feature extractor provides possibility of compressing the most important information and training the model unsupervised. CNNs are capable to capture local spatial relationships, while BiLSTMs are good at exploiting temporal interactions. In addition, Attention modules are good at capturing content-based global interactions, and can be applied on CNNs to attend to the most important contextual information. In this work, we utilized the advantages of all AE, CNN and BiLSTM structures using a multi-head Self Attention mechanism to focus and integrate CNN features for feeding into BiLSTM classifier. We proposed to use the bottleneck features of a pre-trained AE for an Attention-based CNN-BiLSTM classifier. Our experiments using 6 and 10 category NID system on UNSW-NB15 dataset showed that our proposed method outperforms state-of-the-art methods and achieved accuracy of 89.79% and 88.13% respectively. Also, we proposed a balanced data sampler for training 10 categories of NIDS which improved the accuracy up to 91.72%. We demonstrated the importance of Attention mechanism through our proposed method.

Original languageEnglish
Title of host publicationProceeding of 2023 Australasian Computer Science Week, ACSW 2023
PublisherAssociation for Computing Machinery
Pages1-9
Number of pages9
ISBN (Electronic)9798400700057
DOIs
Publication statusPublished - 30 Jan 2023
Event2023 Australasian Computer Science Week, ACSW 2023 - Melbourne, Australia
Duration: 31 Jan 20233 Feb 2023

Publication series

NameACM International Conference Proceeding Series

Conference

Conference2023 Australasian Computer Science Week, ACSW 2023
Country/TerritoryAustralia
CityMelbourne
Period31/01/233/02/23

Keywords

  • Attention
  • CNN-BiLSTM
  • Network Intrusion Detection
  • Network Security
  • Zero Trust

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Zero Trust Network Intrusion Detection System (NIDS) using Auto Encoder for Attention-based CNN-BiLSTM'. Together they form a unique fingerprint.

Cite this