A Novel Multimodal-Sequential Approach Based on Multi-View Features for Network Intrusion Detection

Network intrusion detection systems (NIDS) are essential tools in ensuring network information security, and neural networks have become an increasingly popular solution for NIDS. However, with the gradual complexity of the network environment, the existing solutions using the conventional neural network cannot make full use of the rich information in the network traffic data due to its single structure. More importantly, this will lead to the existing NIDS have incomplete knowledge of the intrusion detection domain, and making it unable to achieve a high detection rate and good stability in the new environment. In this paper, we take a step forward and extract the different level features from the network connection, rather than a long feature vector used in the traditional approach, which can process feature information separately more efficiently. And further, we propose multimodal-sequential intrusion detection approach with special structure of hierarchical progressive network, which is supported by multimodal deep auto encoder (MDAE) and LSTM technologies. By design the special structure of hierarchical progressive network, our approach can efficiently integrate the different level features information within a network connection and automatically learn temporal information between adjacent network connections at the same time. Based on the three benchmark datasets from 1999 to 2017, including NSL-KDD, UNSW-NB15, and CICIDS 2017, we investigated the performance of our proposed approach on the task of detecting attacks within modern network. The experimental results show that the average accuracy of this method is 94% in binary classification and 88% in multi-class classification, which is at least 2% and 4% super than other methods respectively, and demonstrated that our model has excellent stability. Moreover, we further explore the multimodality and complementarity in traffic data, the experimental results show that the performance of detection model can be further improved in the range 2% to 5% when using our MDAE model to process the features of traffic data.