Frontiers of Data and Computing ›› 2022, Vol. 4 ›› Issue (5): 60-67.

CSTR: 32002.14.jfdc.CN10-1649/TP.2022.05.007

doi: 10.11871/jfdc.issn.2096-742X.2022.05.007

• Special Issue: Call for Papers for the 37th National Conference on Computer Security • Previous Articles     Next Articles

Network Malicious Traffic Detection Incorporating Multi-Head Attention Mechanism

ZHAO Zhongbin,CAI Manchun*(),LU Tianliang   

  1. College of Information Network Security, People’s Public Security University of China, Beijing 100038, China
  • Received:2022-08-02 Online:2022-10-20 Published:2022-10-27
  • Contact: CAI Manchun


[Objective] Existing network malicious traffic detection methods rely on statistical features for modeling, ignoring the temporal features possessed by network traffic itself. By extracting, learning, and modeling temporal features, the network malicious traffic detection accuracy can be further improved. [Methods] The network traffic is segmented into sessions, and each session is intercepted with a fixed length of traffic bytes, and each byte is encoded in the form of word embedding, and its temporal features are extracted by a feature extraction algorithm incorporating a multi-head attention mechanism, and the extracted features are fed into a classifier to achieve detection of malicious traffic. [Results] The experimental results show that the classification accuracy of the proposed model for malicious traffic reaches 99.97%, which is significantly better than the malicious traffic detection methods modeled by statistical features, and also improved compared with similar models such as LSTM and Bi-LSTM. [Conclusions] The network malicious traffic detection method incorporating the multi-head attention mechanism can significantly improve the detection accuracy of the existing algorithms for malicious traffic and can effectively support the task of cyberspace security defense and protection.

Key words: network malicious traffic detection, multi-head attention, machine learning