Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1016/j.jisa.2021.102879

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Low-rate Denial of Service (LDoS) attacks use the low-rate requests to achieve the occupation of the network resources and have strong concealment. The traditional signal analysis based detection methods are challenging to detect LDoS attacks in the fluctuating legitimate traffic. In this paper, an LDoS attack detection method based on hybrid deep neural networks is proposed using one-dimensional convolutional neural network and gated recurrent unit. In order to evaluate the proposed detection method in the real scenarios, we captured real legitimate traffic from a website in the datacenter, and carried out a variety of real LDoS attacks on the mirror of the website in the laboratory environment to obtain real attack traffic. The detection results on the real traffic show that the proposed detection method does not need to extract features manually and can effectively detect LDoS attacks in fluctuating HTTP traffic with an average detection rate of 98.68%, which is more advantageous than MF-DFA or power spectral density based detection methods.

Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Li Yijie,Zhai Shang,Chen Mingrui

DOI: https://doi.org/10.48550/arXiv.1903.07889

2019-03-19

Abstract:Distributed Denial of Service (DDOS) attack is one of the most common network attacks. DDoS attacks are becoming more and more diverse, which makes it difficult for some DDoS attack detection methods based on single network flow characteristics to detect various types of DDoS attacks, while the detection methods of multi-feature DDoS attacks have a certain lag due to the complexity of the algorithm. Therefore, it is necessary and urgent to monitor the trend of traffic change and identify DDoS attacks timely and accurately. In this paper, a method of DDoS attack detection based on deep belief network feature extraction and LSTM model is proposed. This method uses deep belief network to extract the features of IP packets, and identifies DDoS attacks based on LSTM model. This scheme is suitable for DDoS attack detection technology. The model can accurately predict the trend of normal network traffic, identify the anomalies caused by DDoS attacks, and apply to solve more detection methods about DDoS attacks in the future.

Cryptography and Security

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.48550/arXiv.2006.13981

2020-06-25

Abstract:Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.

Cryptography and Security

Zhenping Shi,Jie Li,Chentao Wu

DOI: https://doi.org/10.1109/globecom38437.2019.9013186

2019-01-01

Abstract:Highly efficient and dependable large-scale DDoS attack detection scheme is critical for network anomaly detection. Typical machine learning algorithms such as Decision Tree and Adaboost work well on flow level analysis but cannot perform fine- grained detection of packet levels. Since these algorithms require more packets information for detection, resulting in higher detection delay and relatively lower accuracy. To address the problem, we propose DeepDDoS which is a deep learning method focusing on both period- wise and packetwise attack detection. First, the network packets are modeled in time dimension to discover the potential abnormal time period. Second, the network packets are grouped by 5 tuples (flow), the packets inside the group are sorted according to their arrival time. Then the data packet level sequence modeling is performed in each group. Comprehensive performance evaluation shows that the detection accuracy of DeepDDoS reach 99%. Furthermore, only 5 consecutive packets are needed for packet-wise detection, greatly reducing detection delay and computational overhead. Comparative experiments show that DeepDDoS outperforms existing typical attack detection methods

Qian-yi Dai,Bin Zhang,Shu-qin Dong

DOI: https://doi.org/10.1155/2022/5692820

IF: 1.968

2022-05-05

Security and Communication Networks

Abstract:By nature, a traditional attack method, denial-of-service (DDoS) attack poses a considerable threat to the security of the blockchain network layer. This paper proposes a distributed DDoS-attack traffic detection method based on a cross multilayer convolutional neural network model in the blockchain network layer. The method resolves the low generalisation, high misreporting rate, and low detection efficiency problems of the existing detection methods, which are caused by nondistinctive core features and the high complexity of robust features when detecting DDoS attacks transmitted by mixed protocols on a blockchain network layer. First, the model performs a convolution operation on preprocessed traffic on the blockchain network layer using a cross-layer method based on L2 regularisation. After this operation, the model can perceive the detailed features of attack traffic from multiple levels while enhancing the representational performance of key features; specifically, the parameters with high-variance terms are penalised to limit changes in the model's weight parameters. The highly robust abstract features of attack traffic are extracted, thereby increasing the generalisation ability and reducing the misreporting rate of the model. Second, parametric encoding of the abstract features is performed by a stacked sparse autoencoder based on Kullback–Leibler divergence, and the sparsity of the model is adjusted to reduce the redundant data and the coupling between abstract features. The outputs of the encoded features are then effectively categorised. Finally, the global optimisation of parameters is performed by an improved random gradient-descent algorithm, which prevents oscillation of the training parameters and accelerates the model convergence. In an experimental evaluation, the proposed method achieved satisfactory binary- and multiclass detection of DDoS-attack traffic on both CSE-CIC-IDS 2018 on the AWS dataset and on the real mixed data of a blockchain network layer.

computer science, information systems,telecommunications

Yue Wu

DOI: https://doi.org/10.1117/12.3013363

2023-01-01

Abstract:With the rapid development of cloud computing and mobile Internet, there have been a variety of network attacks, among which distributed denial of service (DDoS) is one of the most fatal attacks. Traditional machine learning detection methods face serious challenges. This paper proposes a method for identifying DDoS attacks based on RNNs. Taking Recurrent Neural Network (RNN) as the research and improvement object, long short-term memory, bidirectional recurrent neural network and other technologies are used. Experiments on the public dataset indicate that the accuracy of the model can reach 99.97%, which is better than the traditional machine learning model and achieves a good recognition effect

Tewelde Gebremedhin Gebremeskel,Ketema Adere Gemeda,T. Gopi Krishna,Perumalla Janaki Ramulu

DOI: https://doi.org/10.1155/2023/9965945

2023-06-24

Wireless Communications and Mobile Computing

Abstract:A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bangli Wang,Yuxuan Jiang,You Liao,Zhen Li

DOI: https://doi.org/10.1049/2024/1056705

2024-09-19

IET Information Security

Abstract:Distributed denial‐of‐service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they often lack the ability to collectively model both local and global traffic features, which presents challenges in improving performance. In order to provide an effective method for detecting abnormal traffic, this paper proposes a novel network architecture called DDoS‐MSCT, which combines a multiscale convolutional neural network and transformer. The DDoS‐MSCT architecture introduces the DDoS‐MSCT block, which consists of a local feature extraction module (LFEM) and a global feature extraction module (GFEM). The LFEM employs convolutional kernels of different sizes, accompanied by dilated convolutions, with the aim of enhancing the receptive field and capturing multiscale features simultaneously. On the other hand, the GFEM is utilized to capture long‐range dependencies for attending to global features. Furthermore, with the increase in network depth, DDoS‐MSCT facilitates the integration of multiscale local and global contextual information of traffic features, thereby improving detection performance. Our experiments are conducted on the CIC‐DDoS2019 dataset, and also the CIC‐IDS2017 dataset, which is introduced as a supplement to address the issue of sample imbalance. Experimental results on the hybrid dataset show that DDoS‐MSCT achieves accuracy, recall, F1 score, and precision of 99.94%, 99.95%, 99.95%, and 99.97%, respectively. Compared to the state of the art methods, the DDoS‐MSCT model achieves a good performance for detecting the DDoS attack to provide the protecting ability for network security.

computer science, information systems, theory & methods

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

Yufan Feng,Changda Wang

DOI: https://doi.org/10.1007/s10922-023-09727-2

2023-02-16

Journal of Network and Systems Management

Abstract:A successful DDoS attack disables systems and causes huge economic losses, which is every company's worst fear. The goal of IT security is to avoid this worst-case situation. Anomaly detection is one of the most imperative currently. However, feature selection and accuracy detection limitations are still pertinent to traditional algorithms. Moreover, these methods cannot predict and respond to DDoS attacks in advance. Therefore, this paper proposes a network anomaly early warning method based on Generalized Network Temperature (GNT) and deep learning. The approach first classifies DDoS-induced network congestion. Then, it predicts network traffic characteristics using Bi-GRU and discovers the class of congestion states corresponding to each feature collection through the Stacking model. In what follows, this method connects the two models to achieve the early warning function. Furthermore, a combination of criteria is designed based on congestion states and attack probability to improve the early warning accuracy. The proposed model is validated using the intrusion detection dataset CICIDS2017 and UNSW-NB15. The Bi-GRU model achieves the best result of 77.95% and 81.96% for the R-Squared traffic prediction on the two datasets. The Stacking model achieves 94.37% accuracy and 95.82% for congestion states classification, respectively. After the model is connected, our proposed approach performs the best warning accuracy of 96.84% on the CICIDS2017 dataset and 95.68% on the UNSW-NB15 dataset.

computer science, information systems,telecommunications

Beenish Habib,Farida Khursheed

DOI: https://doi.org/10.1002/cpe.7996

2024-02-16

Concurrency and Computation Practice and Experience

Abstract:Summary Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.

computer science, theory & methods, software engineering

DOI: https://doi.org/10.51316/jst.166.ssad.2023.33.2.1

2023-05-15

Abstract:Software Defined Network (SDN) is a new architecture designed to make the network infrastructure more flexible and easier to manage. It allows network administrators to configure network parameters as well as integrating new functions using programming languages easily. Thanks to the centralized control paradigm, it is easier to collect information of the entire network, which facilitates the implementation of machine learning algorithms to detect anomaly traffic as well as network attacks. Recently, with the development of machine learning and artificial intelligence, several methods have been applied to detect and mitigate Distributed Denial of Service (DDoS) attacks. However, all of activities from monitoring data, detecting and mitigating the attack consume time and resources. To reduce unnecessary redundancy, in this paper, we divide attack detection into two phases, which are anomaly detection phase with lightweight machine learning algorithm and attack detection phase when anomaly behaviors have been detected. This reduces the in-depth analysis of normal traffic and helps to improve the use of computing resources and data transmission efficiency of the network. By setting up a testbed, we have successfully run this model as well as evaluated the accuracy of the model. The results show that our model can detect attacks quickly and accurately.

Yiying Zhang,Yiyang Liu,Xiaoyan Guo,Zhu Liu,Xiankun Zhang,Kun Liang

DOI: https://doi.org/10.3390/en15217882

IF: 3.2

2022-10-25

Energies

Abstract:With the rapid development of smart grids, the number of various types of power IoT terminal devices has grown by leaps and bounds. An attack on either of the difficult-to-protect end devices or any node in a large and complex network can put the grid at risk. The traffic generated by Distributed Denial of Service (DDoS) attacks is characterised by short bursts of time, making it difficult to apply existing centralised detection methods that rely on manual setting of attack characteristics to changing attack scenarios. In this paper, a DDoS attack detection model based on Bidirectional Long Short-Term Memory (BiLSTM) is proposed by constructing an edge detection framework, which achieves bi-directional contextual information extraction of the network environment using the BiLSTM network and automatically learns the temporal characteristics of the attack traffic in the original data traffic. This paper takes the DDoS attack in the power Internet of Things as the research object. Simulation results show that the model outperforms traditional advanced models such as Recurrent Neural Network (RNN) and Long Short Term Memory (LSTM) in terms of accuracy, false detection rate, and time delay. It plays an auxiliary role in the security protection of the power Internet of Things and effectively improves the reliability of the power grid.

energy & fuels

Azadeh Golduzian

DOI: https://doi.org/10.48550/arXiv.2308.15674

2023-08-30

Abstract:A malicious attempt to exhaust a victim's resources to cause it to crash or halt its services is known as a distributed denial-of-service (DDoS) attack. DDOS attacks stop authorized users from accessing specific services available on the Internet. It targets varying components of a network layer and it is better to stop into layer 4 (transport layer) of the network before approaching a higher layer. This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. In addition, data preprocessing was performed using three methods to identify the most relevant features. This paper explores the issue of improving the DDOS attack detection accuracy using the latest dataset named CICDDoS2019, which has over 50 million records. Because we employed an extensive dataset for this investigation, our findings are trustworthy and practical. Our target class (attack class) was imbalanced. Therefore, we used two techniques to deal with imbalanced data in machine learning. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class, outperforming recently developed DDoS detection systems. To the best of our knowledge, no other research has worked on the most recent dataset with over 50 million records, addresses the statistical technique to select the most significant feature, has this high accuracy, and suggests ways to avoid DDOS attackI.

Cryptography and Security

Haomin Wang,Wei Li

DOI: https://doi.org/10.3390/s21155047

IF: 3.9

2021-07-26

Sensors

Abstract:Software-defined networking (SDN) has emerged in recent years as a form of Internet architecture. Its scalability, dynamics, and programmability simplify the traditional Internet structure. This architecture realizes centralized management by separating the control plane and the data-forwarding plane of the network. However, due to this feature, SDN is more vulnerable to attacks than traditional networks and can cause the entire network to collapse. DDoS attacks, also known as distributed denial-of-service attacks, are the most aggressive of all attacks. These attacks generate many packets (or requests) and ultimately overwhelm the target system, causing it to crash. In this article, we designed a hybrid neural network DDosTC structure, combining efficient and scalable transformers and a convolutional neural network (CNN) to detect distributed denial-of-service (DDoS) attacks on SDN, tested on the latest dataset, CICDDoS2019. For better verification, several experiments were conducted by dividing the dataset and comparisons were made with the latest deep learning detection algorithm applied in the field of DDoS intrusion detection. The experimental results show that the average AUC of DDosTC is 2.52% higher than the current optimal model and that DDosTC is more successful than the current optimal model in terms of average accuracy, average recall, and F1 score.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mahrukh Ramzan,Muhammad Shoaib,Ayesha Altaf,Shazia Arshad,Faiza Iqbal,Ángel Kuc Castilla,Imran Ashraf

DOI: https://doi.org/10.3390/s23208642

2023-10-23

Abstract:Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.

Qian Xie,Zheng Huang,Jie Guo,Weidong Qiu

DOI: https://doi.org/10.1007/978-3-030-62223-7_13

2020-01-01

Abstract:Distributed Denial-of-Service (DDoS) attacks disrupts the availability of essential services, which are one of the most harmful threats in today’s Internet. Many DDoS detection algorithms based on machine learning technology have emerged in recent years, for example, the LUCID algorithm, GNN model. But considering that DDoS attacks are based on both time and space, these algorithms only considered time and ignored space. Besides, by piece network traffic data is often difficult to obtain. The model we used in this paper is based on the Spatio-Temporal Graph Convolutional Network (STGCN) proposed by Yu B. et al. And on this basis, the model is improved for the unique characteristics of DDoS attacks. By considering the time-dependence of the network topology and network traffic, this model has a good recognition rate on the online DDoS data set, and can achieve detection of DDoS attacks under the premise of using only two-way traffic information.

Jingqi Zhang,Xin Zhang,Zhaojun Liu,Fa Fu,Yihan Jiao,Fei Xu

DOI: https://doi.org/10.3390/electronics12194170

IF: 2.9

2023-10-09

Electronics

Abstract:A network intrusion detection tool can identify and detect potential malicious activities or attacks by monitoring network traffic and system logs. The data within intrusion detection networks possesses characteristics that include a high degree of feature dimension and an unbalanced distribution across categories. Currently, the actual detection accuracy of some detection models is relatively low. To solve these problems, we propose a network intrusion detection model based on multi-head attention and BiLSTM (Bidirectional Long Short-Term Memory), which can introduce different attention weights for each vector in the feature vector that strengthen the relationship between some vectors and the detection attack type. The model also utilizes the advantage that BiLSTM can capture long-distance dependency relationships to obtain a higher detection accuracy. This model combined the advantages of the two models, adding a dropout layer between the two models to improve the detection accuracy while preventing training overfitting. Through experimental analysis, the network intrusion detection model that utilizes multi-head attention and BilSTM achieved an accuracy of 98.29%, 95.19%, and 99.08% on the KDDCUP99, NSLKDD, and CICIDS2017 datasets, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied