Malicious Network Behavior Detection Using Fusion of Packet Captures Files and Business Feature Data

Information and communication technologies have essential impacts on people’s life. The real time convenience of the internet greatly facilitates the information transmission and knowledge exchange of users. However, network intruders utilize some communication holes to complete malicious attacks. Some traditional machine learning (ML) methods based on business features and deep learning (DL) methods extracting features automatically are used to identify these malicious behaviors. However, these approaches tend to use only one type of data source, which can result in the loss of some features that can not be mined in the data. In order to address this problem and to improve the precision of malicious behavior detection, this paper proposed a one-dimensional (1D) convolution-based fusion model of packet capture files and business feature data for malicious network behavior detection. Fusion models improve the malicious behavior detection results compared with single ones in some available network traffic and Internet of things (IOT) datasets. The experiments also indicate that early data fusion, feature fusion and decision fusion are all effective in the model. Moreover, this paper also discusses the adaptability of one-dimensional convolution and two-dimensional (2D) convolution to network traffic data.

[1]  Nasser Kehtarnavaz,et al.  Data Augmentation in Deep Learning-Based Fusion of Depth and Inertial Sensing for Action Recognition , 2019, IEEE Sensors Letters.

[2]  Xuewen Zeng,et al.  A NOVEL TRANSFER LEARNING BASED ON ALBERT FOR MALICIOUS NETWORK TRAFFIC CLASSIFICATION , 2020 .

[3]  Nasser Kehtarnavaz,et al.  Simultaneous Utilization of Inertial and Video Sensing for Action Detection and Recognition in Continuous Action Streams , 2020, IEEE Sensors Journal.

[4]  Nasser Kehtarnavaz,et al.  Action Detection and Recognition in Continuous Action Streams by Deep Learning-Based Sensing Fusion , 2018, IEEE Sensors Journal.

[5]  Eduardo Rocha,et al.  A Survey of Payload-Based Traffic Classification Approaches , 2014, IEEE Communications Surveys & Tutorials.

[6]  Yuzhou Lin,et al.  Towards Interpretable Ensemble Learning for Image-based Malware Detection , 2021, ArXiv.

[7]  Wouter Joosen,et al.  Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence , 2021, Journal of Cybersecurity and Privacy.

[8]  Jinqing Li,et al.  NADS-RA: Network Anomaly Detection Scheme Based on Feature Representation and Data Augmentation , 2020, IEEE Access.

[9]  Jacek Rumiński,et al.  A survey of neural networks usage for intrusion detection systems , 2020, Journal of Ambient Intelligence and Humanized Computing.

[10]  Anaël Beaugnon,et al.  Machine Learning for Computer Security Detection Systems: Practical Feedback and Solutions , 2018 .

[11]  Guang Cheng,et al.  An Efficient Network Intrusion Detection System Based on Feature Selection and Ensemble Classifier , 2019, ArXiv.

[12]  Jagsir Singh,et al.  Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms , 2020, Inf. Softw. Technol..

[13]  K. P. Soman,et al.  Deep Learning Approach for Intelligent Intrusion Detection System , 2019, IEEE Access.

[14]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.

[15]  Howon Kim,et al.  Network Intrusion Detection Based on Novel Feature Selection Model and Various Recurrent Neural Networks , 2019, Applied Sciences.

[16]  Developing a Cybersecurity Framework for e-Government Project in the Kingdom of Saudi Arabia , 2021 .

[17]  Deep Learning and Distributed Data Storage System in Identity Recognition and Account Security , 2020, 2020 IEEE 6th International Conference on Computer and Communications (ICCC).

[18]  Mohamed Amine Ferrag,et al.  DeepCoin: A Novel Deep Learning and Blockchain-Based Energy Exchange Framework for Smart Grids , 2020, IEEE Transactions on Engineering Management.

[19]  Hui Guo,et al.  DualNet: Locate Then Detect Effective Payload with Deep Attention Network , 2020, 2021 IEEE Conference on Dependable and Secure Computing (DSC).

[20]  Jing Ran,et al.  Encrypted Traffic Classification Based on Text Convolution Neural Networks , 2019, 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT).

[21]  Rafal Kozik,et al.  The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset , 2021, Sensors.

[22]  Hong Ye He,et al.  PERT: Payload Encoding Representation from Transformer for Encrypted Traffic Classification , 2020, 2020 ITU Kaleidoscope: Industry-Driven Digital Transformation (ITU K).

[23]  Lulu Guo,et al.  Deep learning-based real-time VPN encrypted traffic identification methods , 2019, Journal of Real-Time Image Processing.

[24]  Kangfeng Zheng,et al.  Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network , 2019, Sensors.

[25]  Tarik Abu-Ain,et al.  Feature-Selection and Mutual-Clustering Approaches to Improve DoS Detection and Maintain WSNs’ Lifetime , 2021, Sensors.

[26]  K. Sundarakantham,et al.  Machine Learning Based Intrusion Detection System , 2019, 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI).

[27]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[28]  Sunghyun Cho,et al.  Explaining Deep Learning-Based Traffic Classification Using a Genetic Algorithm , 2021, IEEE Access.

[29]  R. Gomes,et al.  Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal , 2021, J. Cybersecur. Priv..

[30]  Wen Zhao,et al.  The Metering Automation System based Intrusion Detection Using Random Forest Classifier with SMOTE+ENN , 2019, 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT).

[31]  Tai-Myung Chung,et al.  Malicious-Traffic Classification Using Deep Learning with Packet Bytes and Arrival Time , 2020, FDSE.

[32]  Lokesh Parashar,et al.  Intrusion Detection System Using PCA with Random Forest Approach , 2020, 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC).

[33]  Kian Hsiang Low,et al.  GEE: A Gradient-based Explainable Variational Autoencoder for Network Anomaly Detection , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).

[34]  Nasser Kehtarnavaz,et al.  Fusion of Video and Inertial Sensing for Deep Learning–Based Human Action Recognition , 2019, Sensors.

[36]  Improving the network traffic classification using the Packet Vision approach , 2020 .

[37]  Pedro Casas,et al.  DeepMAL - Deep Learning Models for Malware Traffic Detection and Classification , 2020, Data Science – Analytics and Applications.

[38]  Qi Li,et al.  DL-IDS: Extracting Features Using CNN-LSTM Hybrid Network for Intrusion Detection System , 2020, Secur. Commun. Networks.

[39]  Nasser Kehtarnavaz,et al.  C-MHAD: Continuous Multimodal Human Action Dataset of Simultaneous Video and Inertial Sensing , 2020, Sensors.

[40]  Zhen Liu,et al.  An Adaptive Ensemble Machine Learning Model for Intrusion Detection , 2019, IEEE Access.

[41]  Shahrzad Zargari,et al.  Feature selection in UNSW-NB15 and KDDCUP'99 datasets , 2017, 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE).

[42]  Swakkhar Shatabda,et al.  Improving Detection Accuracy for Imbalanced Network Intrusion Classification using Cluster-based Under-sampling with Random Forests , 2019, 2019 1st International Conference on Advances in Science, Engineering and Robotics Technology (ICASERT).

[43]  Qiang Liu,et al.  TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest , 2018, Secur. Commun. Networks.

[44]  Xiaojuan Wang,et al.  Deep-Feature-Based Autoencoder Network for Few-Shot Malicious Traffic Detection , 2021, Secur. Commun. Networks.

[45]  Lan Yan,et al.  Learning to Classify: A Flow-Based Relation Network for Encrypted Traffic Classification , 2020, WWW.

[46]  Nasser Kehtarnavaz,et al.  A survey of depth and inertial sensor fusion for human action recognition , 2015, Multimedia Tools and Applications.

[47]  Orest Kochan,et al.  A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection , 2020, Sensors.