|
|
Frontiers of Information Technology & Electronic Engineering
ISSN 2095-9184 (print), ISSN 2095-9230 (online)
2025 Vol.26 No.7 P.1115-1130
CRGT-SA: an interlaced and spatiotemporal deep learning model for network intrusion detection
Abstract: To address the challenge of cyberattacks, intrusion detection systems (IDSs) are introduced to recognize intrusions and protect computer networks. Among all these IDSs, conventional machine learning methods rely on shallow learning and have unsatisfactory performance. Unlike machine learning methods, deep learning methods are the mainstream methods because of their capability to handle mass data without prior knowledge of specific domain expertise. Concerning deep learning, long short-term memory (LSTM) and temporal convolutional networks (TCNs) can be used to extract temporal features from different angles, while convolutional neural networks (CNNs) are valuable for learning spatial properties. Based on the above, this paper proposes a novel interlaced and spatiotemporal deep learning model called CRGT-SA, which combines CNN with gated TCN and recurrent neural network (RNN) modules to learn spatiotemporal properties, and imports the self-attention mechanism to select significant features. More specifically, our proposed model splits the feature extraction into multiple steps with a gradually increasing granularity, and executes each step with a combined CNN, LSTM, and gated TCN module. Our proposed CRGT-SA model is validated using the UNSW-NB15 dataset and is compared with other compelling techniques, including traditional machine learning and deep learning models as well as state-of-the-art deep learning models. According to the simulation results, our proposed model exhibits the highest accuracy and F1-score among all the compared methods. More specifically, our proposed model achieves 91.5% and 90.5% accuracy for binary and multi-class classifications respectively, and demonstrates its ability to protect the Internet from complicated cyberattacks. Moreover, we conduct another series of simulations on the NSL-KDD dataset; the simulation results of comparison with other models further prove the generalization ability of our proposed model.
Key words: Intrusion detection; Deep learning; Convolutional neural network; Long short-term memory; Temporal convolutional network
上海工程技术大学电子电气工程学院,中国上海市,310027
摘要:为应对网络攻击的挑战,人们引入入侵检测系统以识别入侵行为并保护计算机网络。在所有这些入侵检测系统中,传统机器学习方法依赖于浅学习,其性能不理想。与机器学习方法不同,深度学习方法是目前主流方法,因其能处理大量数据,而无需事先了解特定领域的专业知识。在深度学习中,长短期记忆(LSTM)和时间卷积网络(TCN)可以从不同角度提取时间特征,而卷积神经网络(CNN)则可以学习空间特征。基于此背景,本文提出一种新的交错式时空深度学习模型(CRGT-SA),该模型将CNN与门控TCN和LSTM模块结合以学习时空特性,并引入自注意力机制选择显著特征。具体而言,所提模型将特征提取分解为粒度逐渐增加的多个步骤,并结合CNN、LSTM和门控TCN模块执行每个步骤。基于UNSW-NB15数据集对所提CRGT-SA模型进行验证,并与其他方法比较,包括传统机器学习、深度学习模型以及最先进的深度学习模型。仿真结果表明,所提模型具有最高准确率和F1值。所提模型在二分类和多分类上的准确率分别为91.5%和90.5%,证明其保护互联网免受复杂网络攻击的能力。此外,在NSL-KDD数据集上进行了一系列模拟,并与其他模型比较;仿真结果进一步证明该模型的泛化能力。
关键词组:
References:
Open peer comments: Debate/Discuss/Question/Opinion
<1>
DOI:
10.1631/FITEE.2400459
CLC number:
Download Full Text:
Downloaded:
909
Clicked:
813
Cited:
0
On-line Access:
2025-07-28
Received:
2024-05-30
Revision Accepted:
2024-09-18
Crosschecked:
2025-07-30