IEEE Access (Jan 2022)

An Abnormal Traffic Detection Model Combined BiIndRNN With Global Attention

  • Huang Li,
  • Hongjuan Ge,
  • Haoqi Yang,
  • Jie Yan,
  • Yiqin Sang

DOI
https://doi.org/10.1109/ACCESS.2022.3159550
Journal volume & issue
Vol. 10
pp. 30899 – 30912

Abstract

Read online

As time series data with internal correlation, networks traffic data can be used for abnormal detection using Recurrent Neural Network (RNN) and its variants, but existing models are difficult to calculate in parallel, and gradient explosion or vanishing easily occurs. To address this problem, we propose a Bidirectional Independent Recurrent Neural Network (BiIndRNN) with parallel computation and adjustable gradient, which can extract the bidirectional structural features of networks traffic by forward and backward input and capture the spatial influence in the data flow. To establish the dependencies on the forward and backward moments of networks traffic, a model combining Global Attention (GA) with BiIndRNN is proposed to pay more attention to the moments containing essential information. Taking the UNSW-NB15 dataset as the object, the GA expression of the packets feature vector of the networks is derived, feature fusion, as well as loss calculation, is performed for multiple fully connected layers. The experimental results show that, compared with traditional deep and shallow machine learning and other state-of-the-art technologies, our GA-BiIndRNN model converges faster, the accuracy, precision, and F1 scores are all above 99%, and the false positive rate (FPR) is close to 0.36%, which can effectively identify normal and malicious network activities. These results provide a theoretical basis for the rapid implementation of protective measures.

Keywords