Analysis of NetFlow Features’ Importance in Malicious Network Traffic Detection

Aim. The purpose of this study is how to better detect attack traffic in imbalance datasets. The deep learning technology has played an important role in detecting malicious network traffic in recent years. However, it suffers serious imbalance distribution of data if the traffic model skews towards the modeling in the benign direction, because only a small portion of traffic is malicious, while most network traffic is benign. That is the reason why the authors wrote this manuscript. Methods. We propose a cost-sensitive approach to improve the HTTP traffic detection performance with imbalanced data and also present a character-level abstract feature extraction approach that can provide features with clear decision boundaries in addition. Finally, we design a spark-based HTTP traffic detection system based on these two approaches. Results. The methods proposed in this paper work well in imbalanced datasets. Compared to other methods, the experiment results indicate that our system has F1-score in a high precision. Conclusion. For imbalanced HTTP traffic detection, we confirmed that the method of feature extraction and the cost function is very effective. In the future, we may focus on how to use the cost function to further improve detection performance.

Download Full-text

Flow-based Profile Generation and Network Traffic Detection for DNS Anomalies using Optimized Entropy-based Features Selection and Modified Holt Winter's Method

International Journal of Security and Networks ◽

10.1504/ijsn.2020.10038090 ◽

2020 ◽

Vol 1 (1) ◽

pp. 1

Author(s):

R.K. Singla ◽

Ajay Guleria ◽

Rohini Sharma

Keyword(s):

Network Traffic ◽

Features Selection ◽

Traffic Detection

Download Full-text

IPv6-Darknet Network Traffic Detection

Lecture Notes in Computer Science - Artificial Intelligence and Security ◽

10.1007/978-3-030-78612-0_19 ◽

2021 ◽

pp. 231-241

Author(s):

ChenHuan Liu ◽

QianKun Liu ◽

ShanShan Hao ◽

CongXiao Bao ◽

Xing Li

Keyword(s):

Network Traffic ◽

Traffic Detection

Download Full-text

Anomaly Network Traffic Detection Based on Auto-Adapted Parameters Method

2008 4th International Conference on Wireless Communications, Networking and Mobile Computing ◽

10.1109/wicom.2008.1112 ◽

2008 ◽

Cited By ~ 7

Author(s):

Shanyue Bu ◽

Ruchuan Wang ◽

Hong Zhou

Keyword(s):

Network Traffic ◽

Traffic Detection

Download Full-text

N-Gram, Semantic-Based Neural Network for Mobile Malware Network Traffic Detection

Security and Communication Networks ◽

10.1155/2021/5599556 ◽

2021 ◽

Vol 2021 ◽

pp. 1-17

Author(s):

Huiwen Bai ◽

Guangjie Liu ◽

Weiwei Liu ◽

Yingxue Quan ◽

Shuhua Huang

Keyword(s):

Neural Network ◽

Mobile Networks ◽

Network Traffic ◽

Recurrent Network ◽

Application Layer ◽

Proposed Model ◽

Mobile Malware ◽

Series Of Experiments ◽

N Gram ◽

Traffic Detection

Mobile malware poses a great challenge to mobile devices and mobile communication. With the explosive growth of mobile networks, it is significant to detect mobile malware for mobile security. Since most mobile malware relies on the networks to coordinate operations, steal information, or launch attacks, evading network monitor is difficult for the mobile malware. In this paper, we present an N-gram, semantic-based neural modeling method to detect the network traffic generated by the mobile malware. In the proposed scheme, we segment the network traffic into flows and extract the application layer payload from each packet. Then, the generated flow payload data are converted into the text form as the input of the proposed model. Each flow text consists of several domains with 20 words. The proposed scheme models the domain representation using convolutional neural network with multiwidth kernels from each domain. Afterward, relationships of domains are adaptively encoded in flow representation using gated recurrent network and then the classification result is obtained from an attention layer. A series of experiments have been conducted to verify the effectiveness of our proposed scheme. In addition, to compare with the state-of-the-art methods, several comparative experiments also are conducted. The experiment results depict that our proposed scheme is better in terms of accuracy.

Download Full-text

Design and Implementation of an Anomaly Network Traffic Detection Model Integrating Temporal and Spatial Features

Security and Communication Networks ◽

10.1155/2021/7045823 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Ming Li ◽

Dezhi Han ◽

Xinming Yin ◽

Han Liu ◽

Dun Li

Keyword(s):

Cloud Computing ◽

Deep Learning ◽

Network Traffic ◽

Rapid Development ◽

Widespread Application ◽

Detection Model ◽

Spatial Features ◽

Network Traffic Classification ◽

Temporal And Spatial ◽

Traffic Detection

With the rapid development and widespread application of cloud computing, cloud computing open networks and service sharing scenarios have become more complex and changeable, causing security challenges to become more severe. As an effective means of network protection, anomaly network traffic detection can detect various known attacks. However, there are also some shortcomings. Deep learning brings a new opportunity for the further development of anomaly network traffic detection. So far, the existing deep learning models cannot fully learn the temporal and spatial features of network traffic and their classification accuracy needs to be improved. To fill this gap, this paper proposes an anomaly network traffic detection model integrating temporal and spatial features (ITSN) using a three-layer parallel network structure. ITSN learns the temporal and spatial features of the traffic and fully fuses these two features through feature fusion technology to improve the accuracy of network traffic classification. On this basis, an improved method of raw traffic feature extraction is proposed, which can reduce redundant features, speed up the convergence of the network, and ease the imbalance of the datasets. The experimental results on the ISCX-IDS 2012 and CICIDS 2017 datasets show that the ITSN can improve the accuracy of anomaly network traffic detection while enhancing the robustness of the detection system and has a higher recognition rate for positive samples.

Download Full-text

Dynamic Traffic Detection and Modeling for Beidou Satellite Networks

Journal of Sensors ◽

10.1155/2020/4575721 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11

Author(s):

Yanyu Qu ◽

Fangling Pu ◽

Jianguo Yin ◽

Lingzi Liu ◽

Xin Xu

Keyword(s):

Network Traffic ◽

Spatial Information ◽

Detection Method ◽

Data Communication ◽

Traffic Monitoring ◽

Integrated System ◽

Time Varying ◽

Dynamic Traffic ◽

Ground Station ◽

Traffic Detection

Beidou navigation system (BDS) has been developed as an integrated system. The third BDS, BSD-3, will be capable of providing not only global positioning and navigation but also data communication. When the volume of data transmitted through BDS-3 continues to increase, BDS-3 will encounter network traffic congestion, unbalanced resource usage, or security attacks as terrestrial networks. The network traffic monitoring is essential for automatic management and safety assurance of BDS-3. A dynamic traffic detection method including traffic prediction by Long Short-Term Memory (LSTM) and a dynamically adjusting polling strategy is proposed to unevenly sample the traffic of each link. A distributed traffic detection architecture is designed for collection of the detected traffic and its related temporal and spatial information with low delay. A time-varying graph (TVG) model is introduced to represent the dynamic topology, the time-varying link, and its traffic. The BDS-3 network is simulated by STK. The WIDE dataset is used to simulate the traffic between the satellite and ground station. Simulation results show that the dynamic traffic detection method can follow the variation of the traffic of each link with uneven sampling. The detected traffic can be transmitted to the ground station in near real time through the distributed traffic detection architecture. The traffic and its related information are stored by using Neo4j in terms of the TVG model. The nodes, edges, and traffic of BDS-3 can be quickly queried through Neo4j. The presented dynamic traffic detection and representation schemes will support BDS-3 to establish automatic management and security system and develop business.

Download Full-text