An abnormal traffic detection method using GCN-BiLSTM-Attention in the internet of vehicles environment

Abstract

AbstractIn-vehicle network intrusion detection tasks, it is usually necessary to simultaneously meet the requirements of low computational power consumption, real-time response, and high detection accuracy. In response to the class imbalance problem in existing vehicle network anomaly flow detection methods, which leads to longer training convergence time and low detection accuracy, an anomaly flow detection method using GCN-BiLSTM-Attention is proposed. Firstly, Graph Convolutional Networks (GCN) is used to obtain spatial correlations between data streams. Secondly, obtaining the time correlation to predict the next time slice flow matrix by capitalizing the variant Bidirectional Long Short-Term Memory (BiLSTM) network. Last but not least, an attention mechanism is designed for extracting key information from the data stream. The results of experiment prove that the binary classification false positive rate, detection rate, and F1 value of the proposed GCN-BiLSTM-Attention-based anomaly flow detection method on the NSL-KDD dataset are 95.87%, 6.31%, and 94.25%, respectively; The false positive rate, detection rate, and F1 value on the CICID2017 dataset are 6.01%, 94.12%,and 94.36%, respectively. The proposed GCN-BiLSTM-Attention model has exceeded the compared methods in detecting abnormal traffic in the context of the Internet of Vehicles, and it can better preserve local features of traffic data.