scholarly journals PCCN: Parallel Cross Convolutional Neural Network for Abnormal Network Traffic Flows Detection in Multi-Class Imbalanced Network Traffic Flows

IEEE Access ◽  
2019 ◽  
Vol 7 ◽  
pp. 119904-119916 ◽  
Author(s):  
Yong Zhang ◽  
Xu Chen ◽  
Da Guo ◽  
Mei Song ◽  
Yinglei Teng ◽  
...  
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Traffic Flows

scholarly journals Lightweight Convolutional Neural Network Based Intrusion Detection System

2020 ◽  
pp. 808-817
Author(s):  
Vinh Pham ◽  
◽  
Eunil Seo ◽  
Tai-Myoung Chung
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Detection System ◽  
Image Data ◽  
Training Data ◽  
Deep Packet Inspection ◽  
Detection Model

Identifying threats contained within encrypted network traffic poses a great challenge to Intrusion Detection Systems (IDS). Because traditional approaches like deep packet inspection could not operate on encrypted network traffic, machine learning-based IDS is a promising solution. However, machine learning-based IDS requires enormous amounts of statistical data based on network traffic flow as input data and also demands high computing power for processing, but is slow in detecting intrusions. We propose a lightweight IDS that transforms raw network traffic into representation images. We begin by inspecting the characteristics of malicious network traffic of the CSE-CIC-IDS2018 dataset. We then adapt methods for effectively representing those characteristics into image data. A Convolutional Neural Network (CNN) based detection model is used to identify malicious traffic underlying within image data. To demonstrate the feasibility of the proposed lightweight IDS, we conduct three simulations on two datasets that contain encrypted traffic with current network attack scenarios. The experiment results show that our proposed IDS is capable of achieving 95% accuracy with a reasonable detection time while requiring relatively small size training data.

scholarly journals Visual Analytics for Network Events Classification in LAN With Deep Convolutional Neural Network

2020 ◽  
Author(s):  
Yuwei Sun ◽  
Hideya Ochiai ◽  
Hiroshi Esaki
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Visual Analytics ◽  
Deep Convolutional Neural Network ◽  
Training Dataset ◽  
Validation Dataset ◽  
Hilbert Curve ◽  
Feature Maps ◽  
F Measure

Abstract This article illustrates a method of visualizing network traffic in LAN based on the Hilbert Curve structure and the array exchange and projection, with nine types of protocols’ communication frequency information as the discriminators, the results of which we call them feature maps of network events. Several known scan cases are simulated in LANs and network traffic is collected for generating feature maps under each case. In order to solve this multi-label classification task, we adopt and train a deep convolutional neural network (DCNN), in two different network environments with feature maps as the input data, and different scan cases as the labels. We separate datasets with a ratio of 4:1 into the training dataset and the validation dataset. Then, based on the micro scores and the macro scores of the validation, we evaluate performance of the scheme, achieving macro-F-measure scores of 0.982 and 0.975, and micro-F-measure scores of 0.976 and 0.965 separately in these two LANs.

scholarly journals Detection of Algorithmically Generated Domain Names Using the Recurrent Convolutional Neural Network with Spatial Pyramid Pooling

Entropy ◽  
2020 ◽  
Vol 22 (9) ◽  
pp. 1058
Author(s):  
Zhanghui Liu ◽  
Yudong Zhang ◽  
Yuzhong Chen ◽  
Xinwen Fan ◽  
Chen Dong
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Contextual Information ◽  
Recall Rate ◽  
Domain Name ◽  
Sample Distribution ◽  
Domain Names ◽  
Spatial Pyramid Pooling ◽  
Spatial Pyramid

Domain generation algorithms (DGAs) use specific parameters as random seeds to generate a large number of random domain names to prevent malicious domain name detection. This greatly increases the difficulty of detecting and defending against botnets and malware. Traditional models for detecting algorithmically generated domain names generally rely on manually extracting statistical characteristics from the domain names or network traffic and then employing classifiers to distinguish the algorithmically generated domain names. These models always require labor intensive manual feature engineering. In contrast, most state-of-the-art models based on deep neural networks are sensitive to imbalance in the sample distribution and cannot fully exploit the discriminative class features in domain names or network traffic, leading to decreased detection accuracy. To address these issues, we employ the borderline synthetic minority over-sampling algorithm (SMOTE) to improve sample balance. We also propose a recurrent convolutional neural network with spatial pyramid pooling (RCNN-SPP) to extract discriminative and distinctive class features. The recurrent convolutional neural network combines a convolutional neural network (CNN) and a bi-directional long short-term memory network (Bi-LSTM) to extract both the semantic and contextual information from domain names. We then employ the spatial pyramid pooling strategy to refine the contextual representation by capturing multi-scale contextual information from domain names. The experimental results from different domain name datasets demonstrate that our model can achieve 92.36% accuracy, an 89.55% recall rate, a 90.46% F1-score, and 95.39% AUC in identifying DGA and legitimate domain names, and it can achieve 92.45% accuracy rate, a 90.12% recall rate, a 90.86% F1-score, and 96.59% AUC in multi-classification problems. It achieves significant improvement over existing models in terms of accuracy and robustness.

scholarly journals Calibrating Network Traffic with One-Dimensional Convolutional Neural Network with Autoencoder and Independent Recurrent Neural Network for Mobile Malware Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Songjie Wei ◽  
Zedong Zhang ◽  
Shasha Li ◽  
Pengfei Jiang
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Recurrent Neural Network ◽  
Network Traffic ◽  
Malware Detection ◽  
Smart Devices ◽  
Detection Accuracy ◽  
One Dimensional ◽  
Mobile Malware ◽  
Mobile Malware Detection

In response to the surging challenge in the number and types of mobile malware targeting smart devices and their sophistication in malicious behavior camouflage, we propose to compose a traffic behavior modeling method based on one-dimensional convolutional neural network with autoencoder and independent recurrent neural network (1DCAE-IndRNN) for mobile malware detection. The design solves the problem that most existing approaches for mobile malware traffic detection struggle with capturing the network traffic dynamics and the sequential characteristics of anomalies in the traffic. We reconstruct and apply the one-dimensional convolutional neural network to extract local features from multiple network flows. The autoencoder is applied to digest the principal traffic features from the neural network and is integrated into the independent recurrent neural network construction to highlight the sequential relationship between the highly significant features. In addition, the Softmax function with the LReLU activation function is adjusted and embedded to the neurons of the independent recurrent neural network to effectively alleviate the problem of unstable training. We conduct a series of experiments to evaluate the effectiveness of the proposed method and its performance for the 1DCAE-IndRNN-integrated detection procedure. The detection results of the public Android malware dataset CICAndMal2017 show that the proposed method achieves up to 98% detection accuracy and recall rates with clear advantages over other benchmark methods.

scholarly journals Airborne Network Traffic Identification Method under Small Training Samples

2020 ◽  
Vol 38 (5) ◽  
pp. 1129-1137
Author(s):  
Na Lyu ◽  
Jiaxin Zhou ◽  
Zhuo Chen ◽  
Wu Chen
Keyword(s):  
Neural Network ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Learning Algorithm ◽  
Small Sample ◽  
Fine Tuning ◽  
Target Domain ◽  
Data Set ◽  
Traffic Identification ◽  
Identification Method

Due to the high cost and difficulty of traffic data set acquisition and the high time sensitivity of traffic distribution, the machine learning-based traffic identification method is difficult to be applied in airborne network environment. Aiming at this problem, a method for airborne network traffic identification based on the convolutional neural network under small traffic samples is proposed. Firstly, the pre-training of the initial model for the convolutional neural network is implemented based on the complete data set in source domain, and then the retraining of the convolutional neural network is realized through the layer frozen based fine-tuning learning algorithm of convolutional neural network on the incomplete dataset in target domain, and the convolutional neural network model based feature representing transferring(FRT-CNN) is constructed to realize online traffic identification. The experiment results on the actual airborne network traffic dataset show that the proposed method can guarantee the accuracy of traffic identification under limited traffic samples, and the classification performance is significantly improved comparing with the existing small-sample learning methods.

Sign in / Sign up

Export Citation Format

Share Document