An Efficacious Feature Fusion-based approach for Network Intrusion Detection using Attention Mechanism

A Network Intrusion Detection System (NIDS) analyses incoming network traffic at strategic points within a network to detect any abnormal or malignant activity. A malignant activity is termed as an intrusion. From a machine learning perspective, network intrusion detection is essentially a multi-classification task with various types of known and unknown intrusions. The accuracy of the detection can be significantly improved by intelligent feature engineering. The primary challenge is that feature extraction problem in NIDS is aggravated by the large scale high dimensional network traffic data. Additionally, there is the challenge related to capability of the model to generalise between different networks. The proposed approach in this paper attempts to alleviate above issues by utilizing models of deep learning for intrusion detection in a novel manner. After initial preprocessing of data, the efficacious features are extracted by application of two techniques in parallel: the first technique uses a Autoencoder (AE) to learn the latent patterns in data, and the second technique uses a customised Residual Network (ResNet) model to extract features from network traffic. The features identified from these two techniques are then made to undergo late feature fusion to obtain a complete set of network traffic input features. Further, an Attention Mechanism (AM) based method is used to obtain optimal feature set by assigning different attention weights to input features. Finally, detection of intrusions is done by employing embedded Convolutional Neural Network (CNN) layers. The CNN is used for learning the changes occurring in abnormal i.e. network attack data. Extensive experimentation is done to compare proposed approach with other state-of-the-art techniques. Experimental results obtained over three benchmark datasets for four performance metrics- accuracy, precision, recall and F1-Score, clearly demonstrate the superior performance of proposed approach, both for binary as well as multiple intrusion detection problem.