PBCNN: Packet Bytes-based Convolutional Neural Network for Network Intrusion Detection

Abstract

Network intrusion detection system (IDS) protects the target network from the threats of data breaches and the insecurity of people’s privacy. However, most of existing researches on network intrusion detection cannot fulfil effectively the protection of targets, especially, depending heavily on the statistical features that are manually designed with domain experts’ knowledge and experiences, and failing to address the few sample data problem. Network traffic has a hierarchical structure, i.e., byte-packet-flow, which is similar to phrase-sentence-article in an article. This paper proposes a hierarchical packet byte-based CNN, called PBCNN, where the first level extracts abstract features automatically from bytes in a packet in raw Pcap files, and then the second level further constructs the representation from packets in a flow or session, instead of using feature-ready CSV files, to make full use of original data information. Multiple convolution-pooling modules are cascaded with byte-friendly sizes of multiple filters, and one-layer TextCNN to obtain the representation of traffic flow, feeding the representation to 3 layers of fully connected networks for intrusion classification. PBCNN-based few shot learning is applied to improve the detection reliability of network attack categories with the few sample problem. Several experiments are performed and the results show that the evaluation metrics are superior to the existing researches in regard to CIC-IDS2017 and CSE-CIC-IDS2018 datasets.