A Novel Hybrid Convolutional-Attention Recurrent Network (HCARN) for Enhanced Cybersecurity Threat Detection
Subject Areas : IT Strategy
Archana Laddhad
1
*
,
Gurveen Vaseer
2
1 - Faculty of Computer Science, Oriental University, Indore – Madhya Pradesh 453555
2 - Faculty of Computer Science, Oriental University, Indore – Madhya Pradesh 453555
Keywords: Intrusion detection systems, CSE-CIC-IDS2018, deep learning, Hybrid Convolutional-Attention Recurrent Network,
Abstract :
Cybersecurity solutions are critical for the protection of networks against constantly evolving threats. Traditional intrusion detection systems (IDS) struggle to adapt to the rapidly varying attack patterns, encouraging the exploration of advanced techniques such as deep learning. This study introduces a novel framework utilizing a Hybrid Convolutional-Attention Recurrent Network (HCARN) for identifying cybersecurity threat. Utilizing the CSE-CIC-IDS2018 dataset, the data preparation process includes data cleanup, feature extraction, and Information Gain-based feature choice. The HCARN architecture, integrates convolutional layers, attention mechanisms, and recurrent layers, is employed for categorization. Convolutional layers effectively capture spatial features in the dataset, attention mechanisms highlight critical features, and recurrent layers model temporal dependencies. This allows HCARN to process and analyze complex patterns in network traffic, leading to more accurate threat diagnosis. The proposed model proves significant efficacy in distinguishing between major, moderate, and minor threats, attaining high accuracy and robustness in threat recognition. The incorporation of attention mechanisms allows the model to emphasize on critical features, while the recurrent layers pay attention to temporal dependencies in the dataset. Extensive assessment through k-fold cross-validation, training, and testing phases shows the model's consistent performance and low false positive rates. This novel attempt underscores the potential of hybrid deep learning models in enhancing cybersecurity defenses against sophisticated attacks, paving the way for adaptive security systems.
1. M. Markevych and M. Dawson, “A review of enhancing intrusion detection systems for cybersecurity using artificial intelligence (AI),” in International Conference Knowledge-Based Organization, vol. 29, no. 3, pp. 30–37, July 2023.
2. A. Dunmore, J. Jang-Jaccard, F. Sabrina, and J. Kwak, “A comprehensive survey of generative adversarial networks (GANs) in cybersecurity intrusion detection,” IEEE Access, 2023.
3. J. M. Storm, J. Hagen, and Ø. A. A. Toftegaard, “A survey of using process data and features of industrial control systems in intrusion detection,” in 2021 IEEE International Conference on Big Data (Big Data), Dec. 2021, pp. 2170–2177.
4. B. J. Asaju, “Advancements in Intrusion Detection Systems for V2X: Leveraging AI and ML for Real-Time Cyber Threat Mitigation,” Journal of Computational Intelligence and Robotics, vol. 4, no. 1, pp. 33–50, 2024.
5. S. Alzughaibi and S. El Khediri, “A cloud intrusion detection systems based on DNN using backpropagation and PSO on the CSE-CIC-IDS2018 dataset,” Applied Sciences, vol. 13, no. 4, p. 2276, 2023.
6. L. Göcs and Z. C. Johanyák, “Identifying relevant features of CSE-CIC-IDS2018 dataset for the development of an intrusion detection system,” Intelligent Data Analysis, preprint, 2023.
7. H. Najafi Mohsenabad and M. A. Tut, “Optimizing cybersecurity attack detection in computer networks: A comparative analysis of bio-inspired optimization algorithms using the CSE-CIC-IDS2018 dataset,” Applied Sciences, vol. 14, no. 3, p. 1044, 2024.
8. L. Göcs and Z. C. Johanyák, “Feature selection with weighted ensemble ranking for improved classification performance on the CSE-CIC-IDS2018 dataset,” Computers, vol. 12, no. 8, p. 147, 2023.
9. S. Songma, T. Sathuphan, and T. Pamutha, “Optimizing intrusion detection systems in three phases on the CSE-CIC-IDS2018 dataset,” Computers, vol. 12, no. 12, p. 245, 2023.
10. M. Khan and M. Haroon, “Artificial neural network-based intrusion detection in cloud computing using CSE-CIC-IDS2018 datasets,” in 2023 3rd Asian Conference on Innovation in Technology (ASIANCON), Aug. 2023, pp. 1–4.
11. B. I. Farhan and A. D. Jasim, “Performance analysis of intrusion detection for deep learning model based on CSE-CIC-IDS2018 dataset,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 26, no. 2, pp. 1165–1172, 2022.
12. C. F. Tsai and C. Y. Lin, “A triangle area based nearest neighbors approach to intrusion detection,” Pattern Recognition, vol. 43, no. 1, pp. 222–229, 2010.
13. R. Bar-Yanai, M. Langberg, D. Peleg, and L. Roditty, “Realtime classification for encrypted traffic,” in Proceedings of the International Symposium on Experimental Algorithms, Springer, Berlin, Heidelberg, May 2010, pp. 373–385.
14. W. C. Lin, S. W. Ke, and C. F. Tsai, “CANN: An intrusion detection system based on combining cluster centers and nearest neighbors,” Knowledge-Based Systems, vol. 78, pp. 13–21, 2015.
15. P. M. Comar, L. Liu, S. Saha, P. N. Tan, and A. Nucci, “Combining supervised and unsupervised learning for zero-day malware detection,” in Proceedings of the 2013 IEEE INFOCOM, Apr. 2013, pp. 2022–2030.
16. A. A. Aburomman and M. B. I. Reaz, “A novel SVM-kNN-PSO ensemble method for intrusion detection system,” Applied Soft Computing, vol. 38, pp. 360–372, 2016.
17. J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-an, and H. Ye, “Significant permission identification for machine-learning-based android malware detection,” IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3216–3225, 2018.
18. S. M. H. Bamakan, H. Wang, and Y. Shi, “Ramp loss K-support vector classification-regression; a robust and sparse multi-class approach to the intrusion detection problem,” Knowledge-Based Systems, vol. 126, pp. 113–126, 2017.
19. E. De la Hoz, A. Ortiz, J. Ortega, and B. Prieto, “PCA filtering and probabilistic SOM for network intrusion detection,” Neurocomputing, vol. 164, pp. 71–81, 2015.
20. S. Dubey and J. Dubey, “KBB: A hybrid method for intrusion detection,” in Proceedings of the 2015 International Conference on Computer, Communication and Control (IC4), Sept. 2015, pp. 1–6.
21. M. Jabbar, R. Aluvalu, et al., “RFAODE: A novel ensemble intrusion detection system,” Procedia Computer Science, vol. 115, pp. 226–234, 2017.
22. N. Moustafa, B. Turnbull, and K. K. R. Choo, “An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4815–4830, 2018.
23. H. H. Pajouh, R. Javidan, R. Khayami, D. Ali, and K. K. R. Choo, “A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks,” IEEE Transactions on Emerging Topics in Computing, vol. 7, no. 2, pp. 314–323, 2016.
24. Z. Tan, A. Jamdagni, X. He, P. Nanda, and R. P. Liu, “A system for denial-of-service attack detection based on multivariate correlation analysis,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp. 447–456, 2013.
25. N. Liao, S. Tian, and T. Wang, “Network forensics based on fuzzy logic and expert system,” Computer Communications, vol. 32, no. 17, pp. 1881–1892, 2009.
26. R. Masoudi and A. Ghaffari, "Software Defined Networks: A Survey," Journal of Information Systems and Telecommunication, vol. 67, no. 5, pp. 1–25, 2016.
27. A. Shirmarz and A. Ghaffari, "Autonomic Software Defined Network (SDN) Architecture With Performance Improvement," Journal of Information Systems and Telecommunication, vol. 8, no. 2, pp. 120-128, April-June 2020.
28. A. Shirmarz and A. Ghaffari, "A Novel SDN-Based Architecture for Distributed Denial-of-Service (DDoS) Detection," Journal of Information Systems and Telecommunication, vol. 10, no. 2, pp. 120-131, April-June 2022.
29. Canadian Institute for Cybersecurity. (2018). CSE-CIC-IDS2018: A Large-Scale Dataset for Intrusion Detection Systems. Retrieved from https://registry.opendata.aws/cse-cic-ids2018/