Preliminary results in using attention for increasing attack identification efficiency
In previous work, we proposed an end-to-end early intrusion detection system to identify network attacks in real-time before they complete and could cause any more damage to the system under attack. To implement the approach, we have used a deep neural network which was trained in a supervised manner to extract relevant features from raw network traffic in order to classify network flows into different types of attacks. In this work, we discuss initial results of the benefits that an attention mechanism brings to the classification performance and the capacity of the network to detect the attacks earlier. We empirically evaluate our approach on a data set CICIDS2017 dataset. Preliminary results show that the attention mechanism improves both the balanced accuracy of the classifier as well as the early detection of attacks.