A Packet-Length-Adjustable Attention Model Based on Bytes Embedding Using Flow-WGAN for Smart Cybersecurity.

In the studies of cybersecurity, malicious traffic detection is attracting more and more attention for its capability of detecting attacks. Almost all of the intrusion detection methods based on deep learning have poor data processing capacity with the increase in the data length. Most intrusion detection methods can only handle the header part of the traffic and omit valuable information from the payload, so they cannot detect the malicious traffic when the hacker hides the attack behavior in the payload. In this paper, we propose an attention model that can process network traffic flow with adjustable length to detect the payload-based attacks. Furthermore, we design a Flow Wasserstein GAN model to generate new network traffic data from the original data sets to enhance the network packet data and protect the user's privacy. Our model has a hierarchical structure to build the representations of bytes and packets on two levels. Moreover, two levels of attention mechanisms enable the model to pay attention to more important content when constructing the flow representation. The experiments based on the ISCX-2012 and ISCX-2017 datasets prove that the proposed model has higher performance in accuracy and true positive rate (TPR) than four state-of-the-art deep learning methods. The experiment shows that our model outperforms the existing HSAT-IDS in the detection of the generated packets.