A hierarchical CNN-transformer model for network intrusion detection

The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNNTransformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.