Bit-level Malicious Traffic Detection Based on Markov Images and Deep Learning

Abstract

In recent years, with the rapid development of network services, network malicious attacks have become a serious security threat, causing huge economic losses. How to quickly and accurately detect and identify malicious network traffic is critical to network security. Since traditional machine learning-based methods are limited by feature engineering, malicious traffic grayscale maps and deep learning-based methods become effective solutions. However, converting the original traffic into grayscale images leads to information loss, which affects the detection effect. To solve this problem, this paper provides a malicious traffic i dentification me thod ba sed on Ma rkov feature images and deep learning, called MKCNN. This method regards the application layer data of the network session as a Markov chain, extracts the Markov probability transition matrix and converts it into a Markov image, and then uses a convolutional neural network to identify the Markov image. Experiments are performed on the publicly available USTC-TFC2016 dataset. The experimental results show that the method can detect malicious traffic w ith a n a ccuracy o f 9 9.99%, a nd c ompared w ith the existing methods, the method based on Markov feature images proposed in this paper has obvious advantages in detection accuracy.