Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Zelin Xiang,Xuwei Li

DOI: https://doi.org/10.1186/s13638-023-02279-8

2023-07-27

EURASIP Journal on Wireless Communications and Networking

Abstract:Network intrusion detection system (NIDS) can effectively sense network attacks, which is of great significance for maintaining the security of cyberspace. To meet the requirements of efficient and accurate network status monitoring, a NIDS model using Transformer-based fusion deep learning architecture is proposed. Firstly, GAN-Cross is used to expand minority class sample data, thereby alleviating the issues of imbalanced minority class about the original dataset. Then, the Transformer module is used to adjust the ML-CNN-BiLSTM model to enhance the feature encoding ability of the intrusion model. Finally, the data enhancement model and feature enhancement model are integrated into the NIDS model, the detection model is optimized, the features of network state data are extracted at a deeper level, and the generalization ability of the detection model is enhanced. Some simulation experiments using UNSW-NB15 datasets show that the proposed fusion architecture can achieve efficient analysis of complex network traffic datasets, with an accuracy of 0.903, effectively improving the detection accuracy of NIDS and its ability to detect unknown attacks. The proposed model has good application value in ensuring the stable operation of network systems.

telecommunications,engineering, electrical & electronic

Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Chiming Xi,Hui Wang,Xubin Wang

DOI: https://doi.org/10.1038/s41598-024-74214-w

IF: 4.6

2024-10-07

Scientific Reports

Abstract:Network is an essential tool today, and the Intrusion Detection System (IDS) can ensure the safe operation. However, with the explosive growth of data, current methods are increasingly struggling as they often detect based on a single scale, leading to the oversight of potential features in the extensive traffic data, which may result in degraded performance. In this work, we propose a novel detection model utilizing multi-scale transformer namely IDS-MTran. In essence, the collaboration of multi-scale traffic features broads the pattern coverage of intrusion detection. Firstly, we employ convolution operators with various kernels to generate multi-scale features. Secondly, to enhance the representation of features and the interaction between branches, we propose Patching with Pooling (PwP) to serve as a bridge. Next, we design multi-scale transformer-based backbone to model the features at diverse scales, extracting potential intrusion trails. Finally, to fully capitalize these multi-scale branches, we propose the Cross Feature Enrichment (CFE) to integrate and enrich features, and then output the results. Sufficient experiments show that compared with other models, the proposed method can distinguish different attack types more effectively. Specifically, the accuracy on three common datasets NSL-KDD, CIC-DDoS 2019 and UNSW-NB15 has all exceeded 99%, which is more accurate and stable.

multidisciplinary sciences

Zhihua Liu,Shengquan Liu,Jian Zhang

DOI: https://doi.org/10.32604/cmc.2023.046237

2024-01-01

Abstract:Network intrusion detection systems (NIDS) based on deep learning have continued to make significant advances. However, the following challenges remain: on the one hand, simply applying only Temporal Convolutional Networks (TCNs) can lead to models that ignore the impact of network traffic features at different scales on the detection performance. On the other hand, some intrusion detection methods consider multi-scale information of traffic data, but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features. To address both of these issues, we propose a hybrid Convolutional Neural Network that supports a multi-output strategy (BONUS) for industrial internet intrusion detection. First, we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic. Meanwhile, we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic. In addition, we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch. Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%, respectively, which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.

computer science, information systems,materials science, multidisciplinary

Keyan Ren,Shuai Yuan,Chun Zhang,Yu Shi,Zhiqing Huang

DOI: https://doi.org/10.1016/j.comcom.2023.04.018

IF: 5.047

2023-04-23

Computer Communications

Abstract:Network Intrusion Detection (NID) is an important defense strategy in modern networks to detect malicious activities in large-scale cyberspace. The current NID methods suffer from a high false positive rate, which significantly reduces the overall effectiveness of network intrusion detection systems and simultaneously increases the maintenance cost. Furthermore, the class imbalance problem associated with the intrusion detection dataset limits the detection rate for the minority classes. This paper proposes a novel hierarchical CNN-Attention network, CANET. In CANET, CNN and the Attention mechanism mingle to form a CA Block that focuses on local spatio-temporal feature extraction. The multi-layer CA Block combination can fully learn the multi-level spatio-temporal features of network attack data, which is more suitable for modern large-scale NID. Besides, for the class imbalance problem, we propose to use Equalization Loss v2 (EQL v2) to increase the minority class weight and balance the learning attention on minority classes. Extensive experiments demonstrate that CANET outperforms the state-of-the-art methods in terms of accuracy, detection rate, and false positive rate. And it efficiently improves the detection rate of minority classes. The source code for the proposed CANET models is publicly available at https://github.com/yuanshuai666/CANET .

computer science, information systems,telecommunications,engineering, electrical & electronic

Taining Zhang,Yihan Xiao,C. Xing,Zhongkai Zhao

DOI: https://doi.org/10.1109/ACCESS.2019.2904620

IF: 3.9

2019-03-12

IEEE Access

Abstract:With the popularity and development of network technology and the Internet, intrusion detection systems (IDSs), which can identify attacks, have been developed. Traditional intrusion detection algorithms typically employ mining association rules to identify intrusion behaviors. However, they fail to fully extract the characteristic information of user behaviors and encounter various problems, such as high false alarm rate (FAR), poor generalization capability, and poor timeliness. In this paper, we propose a network intrusion detection model based on a convolutional neural network–IDS (CNN–IDS). Redundant and irrelevant features in the network traffic data are first removed using different dimensionality reduction methods. Features of the dimensionality reduction data are automatically extracted using the CNN, and more effective information for identifying intrusion is extracted by supervised learning. To reduce the computational cost, we convert the original traffic vector format into an image format and use a standard KDD-CUP99 dataset to evaluate the performance of the proposed CNN model. The experimental results indicate that the AC, FAR, and timeliness of the CNN–IDS model are higher than those of traditional algorithms. Therefore, the model we propose has not only research significance but also practical value.

Engineering,Computer Science

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Kaiyuan Jiang,Wenya Wang,Aili Wang,Haibin Wu

DOI: https://doi.org/10.1109/access.2020.2973730

IF: 3.9

2020-01-01

IEEE Access

Abstract:Intrusion detection system (IDS) plays an important role in network security by discovering and preventing malicious activities. Due to the complex and time-varying network environment, the network intrusion samples are submerged into a large number of normal samples, which leads to insufficient samples for model training and detection results with a high false detection rate. According to the problem of data imbalance, we propose a network intrusion detection algorithm combined hybrid sampling with deep hierarchical network. Firstly, we use the one-side selection (OSS) to reduce the noise samples in majority category, and then increase the minority samples by Synthetic Minority Over-sampling Technique (SMOTE). In this way, a balanced dataset can be established to make the model fully learn the features of minority samples and greatly reduce the model training time. Secondly, we use convolution neural network (CNN) to extract spatial features and Bi-directional long short-term memory (BiLSTM) to extract temporal features, which forms a deep hierarchical network model. The proposed network intrusion detection algorithm was verified by experiments on the NSL-KDD and UNSW-NB15 dataset, and the classification accuracy can achieve 83.58% and 77.16%, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Azizjon Meliboev,Jumabek Alikhanov,Wooseong Kim

DOI: https://doi.org/10.48550/arXiv.2003.00476

2020-03-04

Abstract:Intrusion detection system (IDS) plays an essential role in computer networks protecting computing resources and data from outside attacks. Recent IDS faces challenges improving flexibility and efficiency of the IDS for unexpected and unpredictable attacks. Deep neural network (DNN) is considered popularly for complex systems to abstract features and learn as a machine learning technique. In this paper, we propose a deep learning approach for developing the efficient and flexible IDS using one-dimensional Convolutional Neural Network (1D-CNN). Two-dimensional CNN methods have shown remarkable performance in detecting objects of images in computer vision area. Meanwhile, the 1D-CNN can be used for supervised learning on time-series data. We establish a machine learning model based on the 1D-CNN by serializing Transmission Control Protocol/Internet Protocol (TCP/IP) packets in a predetermined time range as an invasion Internet traffic model for the IDS, where normal and abnormal network traffics are categorized and labeled for supervised learning in the 1D-CNN. We evaluated our model on UNSW\_NB15 IDS dataset to show the effectiveness of our method. For comparison study in performance, machine learning-based Random Forest (RF) and Support Vector Machine (SVM) models in addition to the 1D-CNN with various network parameters and architecture are exploited. In each experiment, the models are run up to 200 epochs with a learning rate in 0.0001 on imbalanced and balanced data. 1D-CNN and its variant architectures have outperformed compared to the classical machine learning classifiers. This is mainly due to the reason that CNN has the capability to extract high-level feature representations that represent the abstract form of low-level feature sets of network traffic connections.

Cryptography and Security,Artificial Intelligence

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Ruizhe Yao,Ning Wang,Peng Chen,Di Ma,Xianjun Sheng

DOI: https://doi.org/10.1007/s11042-022-14121-2

IF: 2.577

2022-12-01

Multimedia Tools and Applications

Abstract:Bi-directional communication networks are the foundation of advanced metering infrastructure (AMI), but they also expose smart grids to serious intrusion risks. While previous studies have proposed various intrusion detection systems (IDS) for AMI, most have not comprehensively considered the impact of different factors on intrusions. To ensure the security of the bi-directional communication network of AMI, this paper proposes an IDS based on deep learning theory. First, the invalid features are eliminated according to the feature screening strategy based on eXtreme Gradient Boosting (XGBoost), after which the data distribution is balanced by the adaptive synthetic (ADASYN) sampling technique. Next, multi-space feature subsets based on the convolutional neural network (CNN) are constructed to enrich the spatial distribution of samples. Finally, the Transformer is used to construct feature associations and extract crucial traits, such as the temporal and fine-grained characteristics of features, to complete the identification of intrusion behaviors. The proposed IDS is tested on the KDDCup99, NSL-KDD, and CICIDS-2017 datasets, and the results show that it has high performance with accuracy of 97.85%, 91.04%, and 91.06% respectively.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Wei Dai,Xinhui Li,Wenxin Ji,Sicheng He

DOI: https://doi.org/10.1109/access.2024.3384528

IF: 3.9

2024-04-20

IEEE Access

Abstract:To address the issue of low detection accuracy and high false positive rate in existing network intrusion detection methods, this paper proposes an intrusion detection model based on CNN-BiLSTM-Attention. Firstly, CNN is used to extract the spatial features from the intrusion data; Secondly, BiLSTM is used to mine the temporal features from the intrusion data further; Thirdly, the attention mechanism is used to assign different weights to the extracted spatiotemporal features and then enhance the role of important features in the calculation process, which can improve the classification accuracy of the model. In addition, for the problem of class imbalance existing in network intrusion data, Equalization Loss v2 is introduced as the loss function of the CNN-BiLSTM-Attention model, making the model pay more attention to minority class data during the training process, thereby improving the detection rate of the model for the minority class data. Finally, comparative experiments are conducted on NSL-KDD, UNSW-NB15, and CIC-DDoS2019 datasets. The experimental results show that the CNN-BiLSTM-Attention model outperforms the other models in terms of accuracy, detection rate, and false positive rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jinghong Lan,Xudong Liu,Bo Li,Jun Zhao

DOI: https://doi.org/10.1007/s10489-022-04076-0

IF: 5.3

2022-09-10

Applied Intelligence

Abstract:Network Intrusion Detection Systems(NIDSs) are crucial for resisting cyber threats. However, NIDSs equipped with supervised learning models do not generalize well to unknown attacks because the training samples for previously unseen new intrusions are usually not available in advance. Thus, a new framework based on a H ierarchical A ttention-based T riplet network with U nsupervised D omain A daptation(HAT-UDA) is proposed for this purpose. Concretely, a joint loss is introduced to force HAT-UDA to learn compact and discriminative embeddings for benign network traffic while being far from the representations of known attacks. Then, a One-class Support Vector Machine(OCSVM) model is trained on top of the benign embeddings for the unknown attack detection task. Furthermore, we propose an unsupervised domain adaptation module in an adversarial manner to reduce the false positives of HAT-UDA when applied to new network scenarios. HAT-UDA provides a novel approach for building a robust NIDS from benign traffic and available (known) attacks. This is particularly meaningful since collecting samples for benign traffic and known attacks is much easier than obtaining instances for unseen new attacks. Extensive experiments show that HAT-UDA outperforms other state-of-the-art methods and significantly improves the detection rate of unknown attacks.

computer science, artificial intelligence

Yixin Jiang,Yunan Zhang,Xiaoyun Kuang,Aidong Xu,Xuzhu Dong,Shiyong Dai,Jinhua Huang

DOI: https://doi.org/10.1109/ei256261.2022.10116191

2022-01-01

Abstract:Industrial control network intrusion detection system has higher requirements for detection rate, false positive rate, and real-time performance. In order to solve this problem, this paper proposed a new type of feature extractor abstracting mapping from the original low-level feature set to the high-level feature set. This feature extractor is composed of 3 heterogeneous sub-feature extractors 1D CNN, LSTM, and SAE. Secondly, the integrated feature set passes through a random forest (RF) classifier. Thirdly, combined with the regularity and stability of the industrial control network, a suspected host inspection method is designed based on the sequential hypothesis testing of real-time network traffic. This method uses the individual learner results of the above 3 feature extractors. Combining the above, two-stage fusion (SHT-RF) is carried out to realize real-time industrial control network intrusion detection, and achieve the purpose of improving the detection rate and enhancing the robustness of the system. Finally, it is verified on the CICIDS2017 data set. The detection rate of the proposed method is 99.59%, and the false positive rate is 0.09%. Compared with other machine learning methods, it has achieved a good improvement effect.

Bo Cao,Chenghai Li,Yafei Song,Yueyi Qin,Chen Chen

DOI: https://doi.org/10.3390/app12094184

2022-04-21

Applied Sciences

Abstract:A network intrusion detection model that fuses a convolutional neural network and a gated recurrent unit is proposed to address the problems associated with the low accuracy of existing intrusion detection models for the multiple classification of intrusions and low accuracy of class imbalance data detection. In this model, a hybrid sampling algorithm combining Adaptive Synthetic Sampling (ADASYN) and Repeated Edited nearest neighbors (RENN) is used for sample processing to solve the problem of positive and negative sample imbalance in the original dataset. The feature selection is carried out by combining Random Forest algorithm and Pearson correlation analysis to solve the problem of feature redundancy. Then, the spatial features are extracted by using a convolutional neural network, and further extracted by fusing Averagepooling and Maxpooling, using attention mechanism to assign different weights to the features, thus reducing the overhead and improving the model performance. At the same time, a Gated Recurrent Unit (GRU) is used to extract the long-distance dependent information features to achieve comprehensive and effective feature learning. Finally, a softmax function is used for classification. The proposed intrusion detection model is evaluated based on the UNSW_NB15, NSL-KDD, and CIC-IDS2017 datasets, and the experimental results show that the classification accuracy reaches 86.25%, 99.69%, 99.65%, which are 1.95%, 0.47% and 0.12% higher than that of the same type of CNN-GRU, and can solve the problems of low classification accuracy and class imbalance well.

Mohammad A. Alsharaiah,Mosleh Abualhaj,Laith H. Baniata,Adeeb Al-saaidah,Qasem M. Kharma,Mahran M Al-Zyoud

DOI: https://doi.org/10.5267/j.ijdns.2024.1.007

2024-01-01

International Journal of Data and Network Science

Abstract:With the increasing prevalence of network intrusions, the development of effective network intrusion detection systems (NIDS) has become crucial. In this study, we propose a novel NIDS approach that combines the power of long short-term memory (LSTM) and attention mechanisms to analyze the spatial and temporal features of network traffic data. We utilize the benchmark UNSW-NB15 dataset, which exhibits a diverse distribution of patterns, including a significant disparity in the size of the training and testing sets. Unlike traditional machine learning techniques like support vector machines (SVM) and k-nearest neighbors (KNN) that often struggle with limited feature sets and lower accuracy, our proposed model overcomes these limitations. Notably, existing models applied to this dataset typically require manual feature selection and extraction, which can be time-consuming and less precise. In contrast, our model achieves superior results in binary classification by leveraging the advantages of LSTM and attention mechanisms. Through extensive experiments and evaluations with state-of-the-art ML/DL models, we demonstrate the effectiveness and superiority of our proposed approach. Our findings highlight the potential of combining LSTM and attention mechanisms for enhanced network intrusion detection.