Skip to main content

Research Repository

Advanced Search

A novel flow-vector generation approach for malicious traffic detection

Hou, Jian; Liu, Fangai; Lu, Hui; Tan, Zhiyuan; Zhuang, Xuqiang; Tian, Zhihong

Authors

Jian Hou

Fangai Liu

Hui Lu

Xuqiang Zhuang

Zhihong Tian



Abstract

Malicious traffic detection is one of the most important parts of cyber security. The approaches of using the flow as the detection object are recognized as effective. Benefiting from the development of deep learning techniques, raw traffic can be directly used as a feature to detect malicious traffic. Most existing work usually converts raw traffic into images or long sequences to express a flow and then uses deep learning technology to extract features and classify them, but the generated features contain much redundant or even useless information, especially for encrypted traffic. The packet header field contains most of the packet characteristics except the payload content, and it is also an important element of the flow. In this paper, we only use the fields of the packet header in the raw traffic to construct the characteristic representation of the traffic and propose a novel flow-vector generation approach for malicious traffic detection. The preprocessed header fields are embedded as field vectors, and then a two-layer attention network is used to progressively generate the packet vectors and the flow vector containing context information. The flow vector is regarded as the abstraction of the raw traffic and is used to classify. The experiment results illustrate that the accuracy rate can reach up to 99.48% in the binary classification task and the average of AUC-ROC can reach 0.9988 in the multi-classification task.

Journal Article Type Article
Acceptance Date Jun 4, 2022
Online Publication Date Jun 20, 2022
Publication Date 2022-11
Deposit Date Jun 28, 2022
Publicly Available Date Jun 21, 2023
Print ISSN 0743-7315
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 169
Pages 72-86
DOI https://doi.org/10.1016/j.jpdc.2022.06.004
Keywords Deep Learning, Malicious Traffic, Embedding, Attention Mechanism
Public URL http://researchrepository.napier.ac.uk/Output/2882879

Files








You might also like



Downloadable Citations