Abstract
As the sophistication of cyber malicious attacks increase, so too must the techniques used to detect and classify such malicious traffic in these networks. Deep learning has been deployed in many application domains as it is able to learn patterns from large feature sets. Given that the implementation of deep learning for network traffic classification is only just starting to emerge, the question of how best to utilise and represent network data to such a classifier still remains. This paper addresses this question by devising and evaluating three different ways of representing data to a deep neural network in the context of malicious traffic classification. We show that although deep learning does not show significant improvement over other machine learning techniques using metadata features, its use on payload data highlights the potential for deep learning to be incorporated into novel deep packet inspection techniques. Furthermore, we show that useful predictions of malicious classes can still be made when the input is limited to just the first 50 bytes of a packet’s payload.
This research is supported by the Commonwealth of Australia as represented by the Defence Science and Technology Group of the Department of Defence. The authors acknowledge the following for their contributions in gathering the results discussed in this paper: Clinton Page, Daniel Smit, and Fengyi Yang.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bromley, J., Guyon, I., LeCun, Y., Sckinger, E., Shah, R.: Signature verification using a “siamese" time delay neural network. In: Advances in Neural Information Processing Systems, pp. 737–744 (1994)
Divyatmika, Sreekesh, M.: A two-tier network based intrusion detection system architecture using machine learning approach. In: 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), pp. 42–47. https://doi.org/10.1109/ICEEOT.2016.7755404
Nour, M., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS) (2015)
Nour, M., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Glob. Perspect. 25, 1–14 (2016)
Smit, D., Millar, K., Page, C., Cheng, A., Chew, H.G., Lim, C.C.: Looking deeper - using deep learning to identify internet communications traffic. In: 2017 Australasian Conference of Undergraduate Research (ACUR) (2017)
Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), pp. 712–717. https://doi.org/10.1109/ICOIN.2017.7899588
Wang, Z.: The applications of deep learning on traffic identification (2015). https://goo.gl/WouIM6
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Millar, K., Cheng, A., Chew, H.G., Lim, CC. (2018). Deep Learning for Classifying Malicious Network Traffic. In: Ganji, M., Rashidi, L., Fung, B., Wang, C. (eds) Trends and Applications in Knowledge Discovery and Data Mining. PAKDD 2018. Lecture Notes in Computer Science(), vol 11154. Springer, Cham. https://doi.org/10.1007/978-3-030-04503-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-04503-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04502-9
Online ISBN: 978-3-030-04503-6
eBook Packages: Computer ScienceComputer Science (R0)