Abstract:Network intrusion detection is one of the core research areas of cyber security. Network traffic anomaly detection is common in network intrusion detection systems. Through monitoring the network traffic, network intrusion detection systems can effectively track anomalous traffic and then give out alerts. This research area has developed for decades and the conventional methods for network intrusion detection systems include rule-based and feature engineering based methods. However, the changing features of network traffic require the methods to continuously gather new rules and generate new features, which results in a labor-intensive workload and comparatively poor quality of features engineering. To solve this problem, a deep learning-based spatial-temporal features extraction method was proposed. It includes convolution neural networks and long short term memory neural networks to learn the spatial-temporal features of network raw traffic. This method is tested on the MAWILab network traces data to evaluate its effectiveness. Multi-layer perception, convolution neural networks alone and long short term memory are used for comparison with the proposed approach. The features generated by these methods are used to classify the traffic, which can assess the performance of the feature extraction process of each method. Experiments show that the proposed method outperforms other methods in its effectiveness of spatial-temporal features extraction.