ZT-NIDS: Zero Trust, Network Intrusion Detection System

Abstract

Zero Trust security can tackle various cyberthreats. Current trends in security monitoring must shift to a “never trust, always verify” approach, as data security is threatened when cloud-based third parties access network traces. Network Intrusion Detection System (NIDS) can be exploited to detect anomalous behaviour. Convolution Neural Network (CNN), Bi-directional Long Short Term Memory (BiLSTM) based classifiers and Auto-Encoder (AE) feature extractors have presented promising results in NIDS. AE feature extractor can compress the important information and train the unsupervised model. CNNs detect local spatial relationships, while BiLSTMs can exploit temporal interactions. Furthermore, Attention modules can capture content-based global interactions and can be applied on CNNs to attend to the significant contextual information. In this paper, we utilized the advantages of all AE, CNN and BiLSTM structures using a multi-head Self Attention mechanism to integrate CNN features for feeding into BiLSTM classifier. We use the bottleneck features of a pre-trained AE for an Attention-based CNN-BiLSTM classifier. Our experiments using 10, 6 and 2 categories NID system on UNSW-NB15 dataset showed that the proposed method outperforms state-of-the-art methods and achieved accuracy of 91.72%, 89.79% and 93.01%, respectively. Plus, we introduced a balanced data sampler for training 10 categories of NIDS.