A Neural Attention Model for Real-Time Network Intrusion Detection

Mengxuan Tan, Alfonso Iacovazzi, Ngai Man Man Cheung, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The diversity and ever-evolving nature of network intrusion attacks has made defense a real challenge for security practitioners. Recent research in the domain of Network-based Intrusion Detection System has mainly focused on adopting a flow-based approach when extracting features from raw packets. One drawback of this is that attack detection can only be carried out after the flow has ended. In this work, we present a new technique based on the neural attention mechanism; unlike many existing solutions, our technique can be applied for real-time attack detection since it uses time slot-based features. The proposed solution is a modified version of the transformer model which has been proposed and used in the language translation domain. We conduct experiments on a dataset extracted from a recent repository network traffic containing several kinds of network attack. We use the "bidirectional LSTM" and "conditional random fields" models as baseline for comparison and our performance results demonstrate that the proposed solution significantly outperforms the two baselines in terms of precision, recall, and false positive rates. In addition, we show that our solution is more computationally efficient than the bidirectional LSTM model as a result of the removal of recurrent layers.

Original languageAmerican English
Title of host publicationProceedings of the 44th Annual IEEE Conference on Local Computer Networks, LCN 2019
EditorsKarl Andersson, Hwee-Pink Tan, Sharief Oteafy
Number of pages9
ISBN (Electronic)9781728110288
StatePublished - 1 Oct 2019
Event44th Annual IEEE Conference on Local Computer Networks, LCN 2019 - Osnabruck, Germany
Duration: 14 Oct 201917 Oct 2019

Publication series

NameProceedings - Conference on Local Computer Networks, LCN


Conference44th Annual IEEE Conference on Local Computer Networks, LCN 2019


  • Attention model
  • Deep learning
  • Network intrusion detection
  • Network security

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture


Dive into the research topics of 'A Neural Attention Model for Real-Time Network Intrusion Detection'. Together they form a unique fingerprint.

Cite this