Machine learning raw network traffic detection

Increasingly cyber-attacks are sophisticated and occur rapidly, necessitating the use of machine learning techniques for detection at machine speed. However, the use of machine learning techniques in cyber security requires the extraction of features from the raw network traffic. Thus, subject matter expertise is essential to analyze the network traffic and extract optimum features to detect a cyber-attack. Consequently, we propose a novel machine learning algorithm for malicious network traffic detection using only the bytes of the raw network traffic. The feature vector in our machine learning method is a structure containing the headers and a variable number of payload bytes. We propose a 1D-Convolutional Neural Network (1D-CNN) and Feed Forward Network for detection of malicious packets using raw network bytes.

[1]  Ming Zhu,et al.  End-to-end encrypted traffic classification with one-dimensional convolution neural networks , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[2]  Jason Weston,et al.  A unified architecture for natural language processing: deep neural networks with multitask learning , 2008, ICML '08.

[3]  Michael J. De Lucia,et al.  Adversarial Machine Learning for Cyber Security , 2019 .

[4]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[5]  Nick Feamster,et al.  New Directions in Automated Traffic Analysis , 2020, CCS.

[6]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[7]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[8]  Sheng Wu,et al.  Identification of Encrypted Traffic Through Attention Mechanism Based Long Short Term Memory , 2019, IEEE Transactions on Big Data.

[9]  Liang Tong,et al.  Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features , 2017, USENIX Security Symposium.

[10]  Nathaniel D. Bastian,et al.  Intelligent Feature Engineering for Cybersecurity , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[11]  Michael J. De Lucia,et al.  Detection of Encrypted Malicious Network Traffic using Machine Learning , 2019, MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM).

[12]  Ram Ramanathan,et al.  Network Signatures from Image Representation of Adjacency Matrices: Deep/Transfer Learning for Subgraph Classification , 2018, ArXiv.

[13]  Patrick D. McDaniel,et al.  Adversarial Perturbations Against Deep Neural Networks for Malware Classification , 2016, ArXiv.

[14]  Pedro Casas,et al.  DeepMAL - Deep Learning Models for Malware Traffic Detection and Classification , 2020, Data Science – Analytics and Applications.

[15]  Giuseppe Aceto,et al.  DISTILLER: Encrypted traffic classification via multimodal multitask deep learning , 2021, J. Netw. Comput. Appl..

[16]  Chase Cotton,et al.  Identifying and detecting applications within TLS traffic , 2018, Defense + Security.

[17]  Ming Zhu,et al.  Malware traffic classification using convolutional neural network for representation learning , 2017, 2017 International Conference on Information Networking (ICOIN).

[18]  Nathaniel D. Bastian,et al.  Adversarial Machine Learning in Network Intrusion Detection Systems , 2020, Expert Syst. Appl..

[19]  Gilles Louppe,et al.  Independent consultant , 2013 .

[20]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[21]  Dule Shu,et al.  Generative adversarial attacks against intrusion detection systems using active learning , 2020, WiseML@WiSec.

[22]  Cedric Baudoin,et al.  Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey , 2019, IEEE Communications Surveys & Tutorials.

[23]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[24]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[25]  Richard Harang,et al.  Extremely Lightweight Intrusion Detection (ELIDe) , 2013 .

[26]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[27]  Yi Zeng,et al.  $Deep-Full-Range$ : A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework , 2019, IEEE Access.