Sage Journals: Discover world-class research

Abstract

Deep learning methods have been widely used in today’s network security systems for their outperforming in detecting rates of the patterns of anomalous network actions. Particularly, in the field of malware traffic classification, time reduction for a detecting process is of great importance and can stop network damage at an early stage. To achieve a balance between the detection rate and time consumption, practical structures of relative systems are usually simple, complicating the application of appropriate accelerating methods. In this study, we propose a novel ant-colony -based clustering algorithm, which can efficiently select the most valuable data points for the next step of learning. In addition, to take advantage of the widely-used convolutional neural network architecture, we defined the mapping-image of each raw traffic data, and then transformed the intrusion detection problem into an image recognition problem. Before each training iteration, we applied the clustering algorithm to locate the most-featured part of each specific type of network traffic. Next, we utilized this featured part in the training, by considering its depth and shallow information, so that its precision and robustness can be improved. Preliminary experiments demonstrate that our method not only achieves high-detection-rate results but also manages to utilize much less processing time with proper parameter tuning of the neural networks.

Keywords

Deep learning convolutional neural network intrusion detection system network anomaly detection heuristic clustering

Get full access to this article

View all access options for this article.

References

Deng and

Yu , Deep learning: Methods and applications, Foundations and Trends® in Signal Processing7(3–4) (2014), 197–387. https://dx.doi.org/10.1561/2000000039.

M.M.

Najafabadi ,

Villanustre ,

T.M.

Khoshgoftaar ,

Seliya ,

Wald and

Muharemagic , Deep learning applications and challenges in big data analytics, Journal of Big Data2(1) (2015), 1. https://doi.org/10.1186/s40537-014-0007-7

A.W.

Moore and

Papagiannaki , Toward the accurate identification of network applications, In International Workshop on Passive and Active Network Measurement, 2005, pp. 41–54. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31966-5_4

Dainotti ,

Pescape and

K.C.

Claffy , Issues and future directions in traffic classification, IEEE Network26(1) (2012). https://doi.org/10.1109/MNET.2012.6135854

Xiao ,

Chen and

C.K.

Chang , Bayesian model averaging of bayesian network classifiers for intrusion detection, In Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International, 2014, pp. 128–133. IEEE. https://doi.org/10.1109/COMPSACW.2014.25

C.M.

Chen ,

D.J.

Guan ,

Y.Z.

Huang and

Y.H.

Ou , Anomaly network intrusion detection using hidden Markov model, Int J Innov Comput Inform Control12 (2016), 569–580. https://www.ijicic.org/ijicic-1508-0031.pdf

Kolosnjaji ,

Eraisha ,

Webster ,

Zarras and

Eckert , Empowering convolutional networks for malware classification and analysis, In Neural Networks (IJCNN), 2017 International Joint Conference on, 2017, pp. 3838–3845. IEEE. https://doi.org/10.1109/IJCNN.2017.7966340

Wang ,

Guo ,

Zhang ,

A.G.

Ororbia II ,

Xing ,

Liu and

C.L.

Giles , Adversary resistant deep neural networks with an application to malware detection, In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2017, pp. 1145–1153. ACM. https://doi.org/10.1145/3097983.3098158

Wang ,

Zhu ,

Zeng ,

Ye and

Sheng , Malware traffic classification using convolutional neural network for representation learning, In Information Networking (ICOIN), 2017 International Conference on, 2017, pp. 712–717. IEEE. https://doi.org/10.1109/ICOIN.2017.7899588

10.

Yuan ,

Lu and

Xue , Droiddetector: Android malware characterization and detection using deep learning, Tsinghua Science and Technology21(1) (2016), 114–123. https://doi.org/10.1109/TST.2016.7399288

11.

Yu ,

Chen ,

Diao ,

T.V.

Lakshman and

R.H.

Katz , Fast and memory-efficient regular expression matching for deep packet inspection, In Architecture for Networking and Communications Systems, 2006 ANCS 2006 ACM/IEEE Symposium on, 2006, pp. 93–102. IEEE. https://doi.org/10.1145/1185347.1185360

12.

Kumar ,

Chandrasekaran ,

Turner and

Varghese , Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia, In Proceedings of the 3rd ACM/IEEE Symposium on Architecture for Networking and Communications Systems, 2007, pp. 155–164. ACM. https://doi.org/10.1145/1323548.1323574

13.

A.L.

Buczak and

Guven , A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Communications Surveys & Tutorials18(2) (2016), 1153–1176. https://doi.org/10.1109/COMST.2015.2494502

14.

Xie and

S.Z.

Yu , A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors, IEEE/ACM Transactions on Networking (TON)17(1) (2009), 54–65. https://doi.org/10.1109/TNET.2008.923716

15.

Feng ,

Zhang ,

Hu and

J.X.

Huang , Mining network data for intrusion detection through combining SVMs with ant colony networks, Future Generation Computer Systems37 (2014), 127–140. https://doi.org/10.1016/j.future.2013.06.027

16.

Kolosnjaji ,

Zarras ,

Webster and

Eckert , Deep learning for classification of malware system call sequences, In Australasian Joint Conference on Artificial Intelligence, Springer, Cham, 2016, pp. 137–149. https://doi.org/10.1007/978-3-319-50127-7_11

17.

Gandotra ,

Bansal and

Sofat , Malware analysis and classification: A survey, Journal of Information Security5(02) (2014), 56. https://dx.doi.org/10.4236/jis.2014.52006

18.

CTU13 2015. CodeBlue: Stratosphere IPS Project. (2015). https://stratosphereips.org/category/dataset.html

19.

Dorigo ,

Birattari and

Stutzle , Ant colony optimization, IEEE Computational Intelligence Magazine1(4) (2006), 28–39. https://doi.org/10.1109/MCI.2006.329691

20.

Caselli ,

Zambon and

Kargl , Sequence-aware intrusion detection in industrial control systems, In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, 2015, pp. 13–24. ACM. https://doi.org/10.1145/2732198.2732200

21.

Ding ,

Wang ,

Wei and

F.E.

Alsaadi , Event-based security control for discrete-time stochastic systems, IET Control Theory & Applications10(15) (2016), 1808–1815. https://doi.org/10.1049/iet-cta.2016.0135

22.

Modi ,

Patel ,

Borisaniya ,

Patel ,

Patel and

Rajarajan , A survey of intrusion detection techniques in cloud, Journal of Network and Computer Applications36(1) (2013), 42–57. https://doi.org/10.1016/j.jnca.2012.05.003

Accelerating convolutional neural network-based malware traffic detection through ant-colony clustering

Abstract

Keywords

Get full access to this article

References