A Marine Hydrographic Station Networks Intrusion Detection Method Based on LCVAE and CNN-BiLSTM

Abstract

Marine sensors are highly vulnerable to illegal access network attacks. Moreover, the nation’s meteorological and hydrological information is at ever-increasing risk, which calls for a prompt and in depth analysis of the network behavior and traffic to detect network attacks. Network attacks are becoming more diverse, with a large number of rare and even unknown types of attacks appearing. This results in traditional-machine-learning (ML)-based network intrusion detection (NID) methods performing weakly due to the lack of training samples. This paper proposes an NID method combining the log-cosh conditional variational autoencoder (LCVAE) with convolutional the bi-directional long short-term memory neural network (LCVAE-CBiLSTM) based on deep learning (DL). It can generate virtual samples with specific labels and extract more significant attack features from the monitored traffic data. A reconstructed loss term based on the log-cosh model is introduced into the conditional autoencoder. From it, the virtual samples are able to inherit the discrete attack data and enhance the potential features of the imbalance attack type. Then, a hybrid feature extraction model is proposed by combining the CNN and BiLSTM to tackle the attack’s spatial and temporal features. The following experiments evaluated the proposed method’s performance on the NSL-KDD dataset. The results demonstrated that the LCVAE-CBiLSTM obtained better results than state-of-the-art works, where the accuracy, F1-score, recall, and FAR were 87.30%, 87.89%, 80.89%, and 4.36%. The LCVAE-CBiLSTM effectively improves the detection rate of a few classes of samples and enhances the NID performance.