Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (19): 142-149.DOI: 10.3778/j.issn.1002-8331.2006-0220

Previous Articles     Next Articles

Intrusion Detection Method Based on Two-Layer Attention Networks

CAO Lei, LI Zhanbin, YANG Yongsheng, ZHAO Longfei   

  1. 1.National Marine Data and Information Service, Tianjin 300171, China
    2.Institute of Public Safety Research, Tsinghua University, Beijing 100084, China
  • Online:2021-10-01 Published:2021-09-29



  1. 1.国家海洋信息中心,天津 300171
    2.清华大学 公共安全研究院,北京 100084


Network-based intrusion detection technology, as an important security protection means, plays an important role in timely detection of network attacks. Currently, machine learning algorithms using feature engineering are common methods for detecting and analyzing network intrusions, but manually designed features often lose important information of payload data. In addition, different data packets in the network attack traffic play different roles in intrusion detection, but most existing algorithms are not capable of capturing important information. To address the above problems, this paper proposes a new deep learning model L2-AMNN, which directly extracts the raw network traffic payload data as samples without complex feature engineering, and introduces a two-layer attention on the basis of bidirectional Long Short-Term Memory(LSTM) network to capture keyword bytes information and data packets information to generate more accurate feature vectors of intrusion detection. The experimental results show that compared with SVM, DNN, LSTM and other models, L2-AMNN improves the accuracy and detection rate of network intrusion detection by an average of 4.05% and 2.48%, and reduces the false alarm rate and miss rate by an average of 4.41% and 2.61%, and the overall detection performance is better than other similar models.

Key words: cyber security, intrusion detection, deep learning, attention mechanism, Long Short-Term Memory(LSTM)



关键词: 网络安全, 入侵检测, 深度学习, 注意力机制, 长短时记忆神经网络