A Deep Hierarchical Network for Packet-Level Malicious Traffic Detection

Abstract

Read online

As an essential part of the network-based intrusion detection systems (IDS), malicious traffic detection using deep learning methods has become a research focus in network intrusion detection. However, even the most advanced IDS available are challenging to satisfy real-time detection because they usually need to accumulate the packets into particular flows and then extract the features, causing processing delays. In this paper, using the deep learning approach, we propose a deep hierarchical network for malicious traffic detection at the packet-level, capable of learning the features of traffic from raw packet data. It used the one-dimensional convolutional layer to extract the spatial features of raw packets and Gated Recurrent Units (GRU) structure to extract the temporal features. To evaluate the performance of our approach, experiments were conducted to examine the efficiency of the proposed deep hierarchical network based on the ISCX2012 dataset, USTC-TFC2016 dataset and CICIDS2017 dataset, respectively. Accuracy (ACC), detection rate (DR) and false alarm rate (FAR) are the metrics for evaluation. In the ISCX2012 dataset, our approach achieved 99.42%, 99.74%, 1.77% on ACC, DR and FAR, respectively. In USTC-TFC2016, there were 99.94%, 99.99%, 0.99%. In CICIDS2017, there were 100%, 100%, 0%. Furthermore, we discussed the impact of data balanced on classification performance and the time efficiency between the Long Short-Term Memory (LSTM) model and the GRU model. Experiments show that our approach can effectively detect malicious traffic and outperform sout s many other state-of-the-art methods in terms of ACC and DR.

Keywords

• Network intrusion detection
• deep learning
• neural networks
• malicious traffic detection