HDFEF: A hierarchical and dynamic feature extraction framework for intrusion detection systems

Network intrusion detection plays a vital role in modern cyberspace security systems. Although deep learning has been widely used for automatic feature extraction in intrusion detection, capturing effective feature representations in network flows is still challenging using current methods due to the increasing complexity of real-world network environments. Network flows have a clear hierarchical structure, which has not been fully considered by existing methods. Additionally, most existing methods are coarse-grained methods that only leverage a single packet or network flow. As a result, the maliciousness of an attack cannot be fully reflected, which may lead to unsatisfactory detection performance. To address the aforementioned issues, we propose a novel network intrusion detection method based on a hierarchical and dynamic feature extraction framework (HDFEF). Specifically, a complete network activity is defined as a sequence of packets with multiple network flows. Then, a hierarchical network model, which dynamically adjusts the distribution of the feature representations of multiple temporally correlated network packets with an attention mechanism, is designed. Finally, after combining the vectors obtained from the multispace mapping, the final discriminant vectors are obtained and used for classification. The superiority of our HDFEF over other state-of-the-art methods is shown through the results of the experiments on the CSE-CIC-IDS2018, CIC-IDS2017 and UNSW-NB15 datasets.