A Deep Hierarchical Network for Packet-Level Malicious Traffic Detection

As an essential part of the network-based intrusion detection systems (IDS), malicious traffic detection using deep learning methods has become a research focus in network intrusion detection. However, even the most advanced IDS available are challenging to satisfy real-time detection because they usually need to accumulate the packets into particular flows and then extract the features, causing processing delays. In this paper, using the deep learning approach, we propose a deep hierarchical network for malicious traffic detection at the packet-level, capable of learning the features of traffic from raw packet data. It used the one-dimensional convolutional layer to extract the spatial features of raw packets and Gated Recurrent Units (GRU) structure to extract the temporal features. To evaluate the performance of our approach, experiments were conducted to examine the efficiency of the proposed deep hierarchical network based on the ISCX2012 dataset, USTC-TFC2016 dataset and CICIDS2017 dataset, respectively. Accuracy (ACC), detection rate (DR) and false alarm rate (FAR) are the metrics for evaluation. In the ISCX2012 dataset, our approach achieved 99.42%, 99.74%, 1.77% on ACC, DR and FAR, respectively. In USTC-TFC2016, there were 99.94%, 99.99%, 0.99%. In CICIDS2017, there were 100%, 100%, 0%. Furthermore, we discussed the impact of data balanced on classification performance and the time efficiency between the Long Short-Term Memory (LSTM) model and the GRU model. Experiments show that our approach can effectively detect malicious traffic and outperform sout s many other state-of-the-art methods in terms of ACC and DR.

[1]  Dan Meng,et al.  Prototype-Based Malware Traffic Classification with Novelty Detection , 2019, ICICS.

[2]  David Brosset,et al.  A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems , 2020, IEEE Access.

[3]  Pablo Torres,et al.  An analysis of Recurrent Neural Networks for Botnet detection behavior , 2016, 2016 IEEE Biennial Congress of Argentina (ARGENCON).

[4]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[5]  Mohamed Amine Ferrag,et al.  DeepCoin: A Novel Deep Learning and Blockchain-Based Energy Exchange Framework for Smart Grids , 2020, IEEE Transactions on Engineering Management.

[6]  Yifei Lu,et al.  LSTM-BA: DDoS Detection Approach Combining LSTM and Bayes , 2019, 2019 Seventh International Conference on Advanced Cloud and Big Data (CBD).

[7]  Sung-Bae Cho,et al.  Web traffic anomaly detection using C-LSTM neural networks , 2018, Expert Syst. Appl..

[8]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[9]  C. L. Philip Chen,et al.  GCB-Net: Graph Convolutional Broad Network and Its Application in Emotion Recognition , 2019, IEEE Transactions on Affective Computing.

[10]  Xing Zhao,et al.  Intrusion Detection Algorithm Based on Convolutional Neural Network , 2018 .

[11]  Mehmet Hacibeyoglu,et al.  Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System , 2016, IEICE Trans. Inf. Syst..

[12]  Dong Hoon Lee,et al.  AI-IDS: Application of Deep Learning to Real-Time Web Intrusion Detection , 2020, IEEE Access.

[13]  Gang Lu,et al.  Feature selection for optimizing traffic classification , 2012, Comput. Commun..

[14]  Li Jun,et al.  Peer-to-Peer Traffic Identification Using Bayesian Networks , 2009 .

[15]  Xiang Zhang,et al.  Which Encoding is the Best for Text Classification in Chinese, English, Japanese and Korean? , 2017, ArXiv.

[16]  Xiangjian He,et al.  Detection of Denial-of-Service Attacks Based on Computer Vision Techniques , 2015, IEEE Transactions on Computers.

[17]  Hongyu Yang,et al.  Wireless Network Intrusion Detection Based on Improved Convolutional Neural Network , 2019, IEEE Access.

[18]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[19]  Yoshua Bengio,et al.  Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling , 2014, ArXiv.

[20]  Nur Izura Udzir,et al.  Anomaly-based intrusion detection through K-means clustering and naives bayes classification , 2013 .

[21]  Xin Zhou,et al.  Design of P2P Traffic Identification Based on DPI and DFI , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[22]  Shikha Agrawal,et al.  A Survey on Feature Selection Techniques for Internet Traffic Classification , 2015, 2015 International Conference on Computational Intelligence and Communication Networks (CICN).

[23]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Sami Bourouis,et al.  A Real Time Adaptive Intrusion Detection Alert Classifier for High Speed Networks , 2013, 2013 IEEE 12th International Symposium on Network Computing and Applications.

[25]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[26]  Baijian Yang,et al.  Predicting Network Attacks with CNN by Constructing Images from NetFlow Data , 2019, 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS).

[27]  Xuewen Zeng,et al.  Malware Traffic Classification Based on Recurrence Quantification Analysis , 2020, Int. J. Netw. Secur..

[28]  Shulan Li,et al.  THREE-DIMENSIONAL CONVOLUTIONAL NEURAL NETWORK BASED TRAFFIC CLASSIFICATION FOR WIRELESS COMMUNICATIONS , 2018, 2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[29]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[30]  Mohamed Rida,et al.  Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms , 2019, Comput. Secur..

[31]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[32]  F ROSENBLATT,et al.  The perceptron: a probabilistic model for information storage and organization in the brain. , 1958, Psychological review.

[33]  Ahmed Ahmim,et al.  RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks , 2020, Future Internet.

[34]  Ren-Hung Hwang,et al.  An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level , 2019, Applied Sciences.

[35]  Yiqiang Sheng,et al.  HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection , 2018, IEEE Access.

[36]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[37]  Ming Zhu,et al.  Malware traffic classification using convolutional neural network for representation learning , 2017, 2017 International Conference on Information Networking (ICOIN).

[38]  Zahir Tari,et al.  Toward an efficient and scalable feature selection approach for internet traffic classification , 2013, Comput. Networks.

[39]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.