HPAC-IDS: A Hierarchical Packet Attention Convolution for Intrusion Detection System
Anass Grini, Btissam El Khamlichi, Abdellatif El Afia, Amal El Fallah-Seghrouchni
TL;DR
The paper tackles the challenge of evolving network threats by moving beyond traditional signature-based intrusion detection to a robust, learning-based approach. It introduces HPAC-IDS, which treats raw network packets as NLP-like text, employing a Packet Segmenter to create fixed-size segments and a Hierarchical Packet Attention Convolution architecture to compute a holistic packet embedding for classification. Key findings show HPAC-IDS achieves near-perfect accuracy on CIC-IDS2017 with very low false positives and demonstrates strong robustness against adversarial attacks such as FGSM, PGD, and WGAN, across various segment sizes. This approach advances practical IDS performance and resilience, and points to future work in refining segment granularity and exploring NLP-inspired embeddings to further bolster security against emerging threats.
Abstract
This research introduces a robust detection system against malicious network traffic, leveraging hierarchical structures and self-attention mechanisms. The proposed system includes a Packet Segmenter that divides a given raw network packet into fixed-size segments that are fed to the HPAC-IDS. The experiments performed on CIC-IDS2017 dataset show that the system exhibits high accuracy and low false positive rates while demonstrating resilience against diverse adversarial methods like Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and Wasserstein GAN (WGAN). The model's ability to withstand adversarial perturbations is attributed to the fusion of hierarchical attention mechanisms and convolutional neural networks, resulting in a 0% to 10% adversarial attack severity under tested adversarial attacks with different segment sizes, surpassing the state-of-the-art model in detection performance and adversarial attack robustness.