RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject matter of this article is a HybridAttention mechanism integrated into a deep neural architecture for Network Intrusion Detection Systems (NIDS). This study aims to develop and study a HybridAttention mechanism based on a combination of global (self-attention) and local (dynamic local attention) models to improve the quality of traffic classification in real-time NIDS. The tasks to be solved are as follows: analyzing the applicability of existing attention mechanisms in network intrusion detection; integrating various attention types into a CNN-BiGRU architecture; developing a HybridAttention mechanism based on dynamic window alignment; optimizing the model using Optuna; and experimentally evaluating its performance on benchmark datasets using standard classification metrics. The methods used are: deep learning modeling with CNN-BiGRU architecture, integration of various attention mechanisms, including a novel HybridAttention, hyperparameter optimization using Optuna, and performance evaluation based on standard classification metrics. The results of this study show that the proposed HybridAttention mechanism demonstrates superiority over individual types of attention in all key metrics. The model achieved up to 99.85% accuracy on the NSL-KDD dataset training data and demonstrated strong generalization on the UNSW-NB15 dataset, achieving up to 98.06% accuracy in multi-class classification and up to 99.20% in binary classification. The proposed model also outperformed state-of-the-art approaches for processing unbalanced data and detecting various types of attacks. Conclusions. The scientific novelty of the results obtained is as follows: a HybridAttention mechanism combining self-attention and dynamic local attention was developed to enhance sequential pattern recognition in network traffic; the CNN-BiGRU architecture was improved by integrating multiple attention modules; systematic hyperparameter optimization using Optuna improved generalization on imbalanced data; and the proposed model outperformed existing approaches on benchmark datasets in detecting both known and novel cyberattacks.

deep learning; attention mechanism; network intrusion detection system; HybridAttention mechanism; dynamic local attention

Brauwers, G., & Frasincar, F. A general survey on attention mechanisms in deep learning. IEEE Transactions on Knowledge and Data Engineering, 2022, vol. 35, no. 4, pp. 3279-3298. DOI: 10.1109/TKDE.2021.3126456.

Niu, Z., Zhong, G., & Yu, H. A review on the attention mechanism of deep learning. Neurocomputing, 2021, vol. 452, pp. 48–62. DOI: 10.1016/j.neucom.2021.03.091.

Dai, W., Li, X., Ji, W., & He, S. Network Intrusion Detection Method Based on CNN-BiLSTM-Attention Model. IEEE Access, vol. 12, pp. 53099-53111, 2024. DOI: 10.1109/ACCESS.2024.3384528.

Yang, Y., Tu, S., Hashim Ali, R., Alasmary, H., Waqas, M., & Nouman Amjad, M. Intrusion detection based on bidirectional long short-term memory with attention mechanism. Computers, Materials & Continua, 2023, vol. 74, iss. 1, pp.801–815. DOI: 10.32604/cmc.2023.031907.

Wang, J., Chen, N., Yu, J., Jin, Y., & Li, Y. An efficient intrusion detection model combined bidirectional gated recurrent units with attention mechanism. 7th International Conference on Behavioural and Social Computing (BESC), Bournemouth, United Kingdom, 2020, pp. 1-6. DOI: 10.1109/BESC51023.2020.9348310.

Yuan, S., Ren, K., Zhang, C., Shi, Y., & Huang, Z. CANET: A hierarchical CNN-Attention model for network intrusion detection. Computer Communications, 2023, vol. 205, pp 170-181. DOI: 10.1016/j.comcom.2023.04.018.

Liu, X., & Liu, J. Malicious traffic detection combined deep neural network with hierarchical attention mechanism. Scientific Reports, 2021, vol. 11, iss. 1. DOI: 10.1038/s41598-021-91805-z.

Chavan, P., Hanumanthappa, H., Satish, E. G., Sunil, M., Supreeth, S., Rohith, S., & Ramaprasad, H. C. Enhanced Hybrid Intrusion Detection System with Attention Mechanism using Deep Learning. SN COMPUT. SCI., 2024, vol. 5. DOI: 10.1007/s42979-024-02852-y.

Yang, K., Wang, J., & Li, M. An improved intrusion detection method for IIoT using attention mechanisms, BiGRU, and Inception CNN. Sci Rep, 2024, vol. 14, no. 19339. DOI: 10.1038/s41598-024-70094-2.

Alshehri, M. S., Saidani, O., Alrayes, F. S., Abbasi, S. F., & Ahmad, J. A Self-Attention-Based Deep Convolutional Neural Networks for IIoT Networks Intrusion Detection. IEEE Access, 2024, vol. 12, pp. 45762-45772. DOI: 10.1109/ACCESS.2024.3380816.

Gupta, N., Malladi, R., Naganjaneyulu, S., & Balhara, S. Optimized Attention Induced Multi Head Convolutional Neural Network for Intrusion Detection Systems in Vehicular Ad Hoc. IEEE Transactions on Intelligent Transportation Systems, 2025, pp. 1-10. DOI: 10.1109/TITS.2025.3561545.

Nikitenko, A., & Bashkov, Y. Construction of a network intrusion detection system based on a convolutional neural network and a bidirectional gated recurrent unit with attention mechanism. Eastern-European Journal of Enterprise Technologies, 2024, vol. 3, pp.6–15. DOI: 10.15587/1729-4061.2024.305685.

Correia, A. D. S., & Colombini, E. L. Attention, please! A survey of neural attention models in deep learning. arXiv preprint, 2021. DOI: 10.48550/arXiv.2103.16775.

Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A. N., Kaiser, Ł., & Polosukhin, I. Attention is all you need. arXiv preprint, 2023. DOI: 10.48550/ariv.1706.03762.

Yang, S., Wu, P., & Guo, H. DualNet: Locate then detect effective payload with deep attention network. arXiv preprint, 2020. DOI: 10.48550/arXiv.2010.12171.

Bahdanau, D., Cho, K., & Bengio, Y. Neural machine translation by jointly learning to align and translate. arXiv preprint, 2016. DOI: 10.48550/arXiv.1409.0473.

Luong, M. T., Pham, H., & Manning, C. D. Effective approaches to attention-based neural machine translation. arXiv preprint, 2015. DOI: 10.48550/arXiv.1508.04025.

Britz, D., Goldie, A., Luong, M. T., & Le, Q. Massive exploration of neural machine translation architectures. arXiv preprint, 2017. DOI: 10.48550/arXiv.1703.03906.

Xu, K., Ba, J., Kiros, R., Cho, K., Courville, A., Salakhutdinov, R., Zemel, R., & Bengio, Y. Show, attend and tell: Neural image caption generation with visual attention. arXiv preprint, 2016. DOI: 10.48550/arXiv.1502.03044.

University of New Brunswick, 2023. NSL-KDD dataset. Available at: https://www.unb.ca/cic/datasets/nsl.html. (accessed 12.10.2024).

UNSW, 2023. The UNSW-NB15 Dataset. Available at: https://research.unsw.edu.au/projects/unsw-nb15-dataset (accessed 12.10.2024).

Cao, B., Li, C., Song, Y., & Fan, X. Network intrusion detection technology based on convolutional neural network and BiGRU. Computational Intelligence and Neuroscience, 2022, vol. 2022. DOI: 10.1155/2022/1942847.