ZeekFlow: Deep Learning-Based Network Intrusion Detection a Multimodal Approach

The ever-increasing network traffic generated by numerous interconnected devices inside the modern digital world paves the way for a plethora of attack surfaces that could be exploited by attackers at any time, with various means and manifold objectives. While multiple challenges have been addressed, malicious actors constantly raise the bar of deploying inventive attacks and therefore, novel solutions are required to mitigate the problem. Conventional defensive practices are unable to provide security guarantees in many scenarios, especially against zero-day threats. To this end, we present ZeekFlow, a DL-based module for Network Intrusion Detection (NID), that encapsulates a novel, dual-modality architecture for processing network traffic and inferring complex correlations that would lead to accurate threat detection and mitigation. Experimental results show a significant performance boost up to 45% by combining the two modalities. The proposed technique has been rigorously evaluated with three public benchmark datasets (i.e., CIC-IDS2017, CIRA-CIC-DoHBrw-2020 and USTC-TFC2016) that cover a broad range of cyberattacks. Further, the anomaly detection performance of our solution is compared to three closely-related research works, which are outperformed in the vast majority of metrics (e.g., AUC, Recall, etc).