Abstract
As an essential part of the network-based intrusion detection systems (IDS), malicious traffic detection using deep learning methods has become a research focus in network intrusion detection. However, even the most advanced IDS available are challenging to satisfy real-time detection because they usually need to accumulate the packets into particular flows and then extract the features, causing processing delays. In this paper, using the deep learning approach, we propose a deep hierarchical network for malicious traffic detection at the packet-level, capable of learning the features of traffic from raw packet data. It used the one-dimensional convolutional layer to extract the spatial features of raw packets and Gated Recurrent Units (GRU) structure to extract the temporal features. To evaluate the performance of our approach, experiments were conducted to examine the efficiency of the proposed deep hierarchical network based on the ISCX2012 dataset, USTC-TFC2016 dataset and CICIDS2017 dataset, respectively. Accuracy (ACC), detection rate (DR) and false alarm rate (FAR) are the metrics for evaluation. In the ISCX2012 dataset, our approach achieved 99.42%, 99.74%, 1.77% on ACC, DR and FAR, respectively. In USTC-TFC2016, there were 99.94%, 99.99%, 0.99%. In CICIDS2017, there were 100%, 100%, 0%. Furthermore, we discussed the impact of data balanced on classification performance and the time efficiency between the Long Short-Term Memory (LSTM) model and the GRU model. Experiments show that our approach can effectively detect malicious traffic and outperform sout s many other state-of-the-art methods in terms of ACC and DR.
Highlights
The appearance of 5G allows for lower latency in the interaction of information, which presents a challenge to the cyberspace security since the higher speed of interaction of information means intrusion will be done in less time
Based on the above characteristics, we proposed a deep hierarchical neural network, which is designed as follows: 1) We treat each byte in packet data as a word, design an embedded layer under the input layer, and use one-hot encoding (OHE) to map each word to a vector space with a dimension of 256, obtained a sparse representation of the traffic sequence, this sparse representation can achieve more stable classification effect
The detection method we proposed can learn the spatialtemporal features of traffic from the packet level, and the neural network automatically runs the process without manual intervention
Summary
The appearance of 5G allows for lower latency in the interaction of information, which presents a challenge to the cyberspace security since the higher speed of interaction of information means intrusion will be done in less time. Yin et al [22] proposed a deep learning approach for intrusion detection using recurrent neural networks (RNN-IDS) and its performance is superior to traditional machine learning classification methods including ANN, random forest (RF), SVM in both binary and multiclass classification. Wang et al designed a hierarchical spatial-temporal feature-based intrusion detection system (HAST-IDS) [23], which first utilized a neural network combining onedimensional CNN on the top and LSTM on the bottom to learn spatial and temporal features of network traffic. Focus on the analysis of Hypertext transfer protocol (HTTP), Aechan Kim et al [25] implemented the Artificial Intelligence-based Intrusion Detection System (AI-IDS) with an optimal CNN-LSTM model, which could accurately analyze unknown web-attacks by calculating the malicious probability. In the HTTPDoS attack traffic packet of the ISCX2012 dataset, the attacker continuously sends a large number of ACK requests
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
