research-article

Image-based Neural Network Models for Malware Traffic Classification using PCAP to Picture Conversion

Authors:

Georgios Agrafiotis,

Eftychia Makri,

Ioannis Flionis,

Antonios Lalas,

Konstantinos Votis,

Dimitrios TzovarasAuthors Info & Claims

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Article No.: 59, Pages 1 - 7

https://doi.org/10.1145/3538969.3544473

Published: 23 August 2022 Publication History

Abstract

Traffic categorization is considered of paramount importance in the network security sector, as well as the first stage in network anomaly detection, or in a network-based intrusion detection system (IDS). This paper introduces an artificial intelligence (AI) network traffic classification pipeline, including the employment of state-of-the-art image-based neural network models, namely Vision Transformers (ViT) and Convolutional Neural Networks (CNN), whereas the primary element of this pipeline is the transformation of raw traffic data into grayscale pictures introducing a properly developed IDS-Vision Toolkit as well. This approach extracts characteristics from network traffic data without requiring domain expertise and could be easily adapted to new network protocols and technologies (i.e. 5G). Furthermore, the proposed method was tested on the CIC-IDS-2017 dataset and compared to a well-known feature extraction strategy on the same dataset. Finally, it surpasses all suggested binary classification algorithms for the CIC-IDS-2017 dataset to the best of our knowledge, paving the path for further exploitation in the 5G domain to successfully address related cybersecurity challenges.

References

[1]

Hassan A. Alamri, Vijey Thayananthan, and Javad Yazdani. 2021. Machine Learning for Securing SDN based 5G Network. International Journal of Computer Applications 174, 14 (jan 2021), 9–16. https://doi.org/10.5120/ijca2021921027

[2]

Ankita Anand, Shalli Rani, Divya Anand, Hani Moaiteq Aljahdali, and Dermot Kerr. 2021. An Efficient CNN-Based Deep Learning Model to Detect Malware Attacks (CNN-DMA) in 5G-IoT Healthcare Applications. Sensors 21, 19 (2021), 6346.

[3]

Sophie Batas, Marco Men, and Mark Smitham. 2020. Towards a Trustworthy Foundation to Enhance the Security of EU 5G Networks. Huawei White Paper.

[4]

Lucas Beyer, Xiaohua Zhai, and Alexander Kolesnikov. 2022. Better plain ViT baselines for ImageNet-1k. arXiv preprint arXiv:2205.01580(2022).

[5]

Leo Breiman. 1996. Bagging predictors. Machine learning 24, 2 (1996), 123–140.

[6]

Leo Breiman. 2001. Random forests. Machine learning 45, 1 (2001), 5–32.

Digital Library

[7]

Z Berkay Celik, Robert J Walls, Patrick McDaniel, and Ananthram Swami. 2015. Malware traffic detection using tamper resistant features. In MILCOM 2015-2015 IEEE Military Communications Conference. IEEE, 330–335.

Digital Library

[8]

Tuan-Hong Chua and Iftekhar Salam. 2022. Evaluation of Machine Learning Algorithms in Network-Based Intrusion Detection System. arXiv preprint arXiv:2203.05232(2022).

[9]

CTU University. 2022. The Stratosphere IPS Project Dataset. https://www.stratosphereips.org/category/dataset.html. [Online; accessed 25-May-2022].

[10]

Alexey Dosovitskiy, Lucas Beyer, Alexander Kolesnikov, Dirk Weissenborn, Xiaohua Zhai, Thomas Unterthiner, Mostafa Dehghani, Matthias Minderer, Georg Heigold, Sylvain Gelly, 2020. An image is worth 16x16 words: Transformers for image recognition at scale. arXiv preprint arXiv:2010.11929(2020).

[11]

Jie Fang, Chen Yang, Yuetian Shi, Nan Wang, and Yang Zhao. 2022. External Attention Based TransUNet and Label Expansion Strategy for Crack Detection. IEEE Transactions on Intelligent Transportation Systems (2022).

[12]

Nwokedi Idika and Aditya P Mathur. 2007. A survey of malware detection techniques. Purdue University 48, 2 (2007).

[13]

IXIA Corporation. 2022. Ixia Breakpoint Overview and Specifications. https://www.keysight.com/zz/en/cmp/2020/network-visibility-network-test.html. [Online; accessed 25-May-2022].

[14]

Jordan Lam and Robert Abbas. 2020. Machine learning based anomaly detection for 5g networks. arXiv preprint arXiv:2003.03474(2020).

[15]

Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun, and Ali A Ghorbani. 2017. Characterization of tor traffic using time based features. In ICISSp. 253–262.

[16]

Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. nature 521, 7553 (2015), 436–444.

[17]

Wei Li, Marco Canini, Andrew W Moore, and Raffaele Bolla. 2009. Efficient application identification and the temporal and spatial stability of classification schema. Computer Networks 53, 6 (2009), 790–809.

Digital Library

[18]

McAfee. 2022. McAfee Labs Quarterly Threat Report December 2016. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2016.pdf. [Online; accessed 25-May-2022].

[19]

Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, 2019. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems 32 (2019).

[20]

Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang. 2004. Accurate, scalable in-network identification of p2p traffic using application signatures. In Proceedings of the 13th international conference on World Wide Web. 512–521.

Digital Library

[21]

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization.ICISSp 1(2018), 108–116.

[22]

Wei Wang, Ming Zhu, Xuewen Zeng, Xiaozhou Ye, and Yiqiang Sheng. 2017. Malware traffic classification using convolutional neural network for representation learning. In 2017 International conference on information networking (ICOIN). IEEE, 712–717.

[23]

Yanfang Ye, Tao Li, Qingshan Jiang, Zhixue Han, and Li Wan. 2009. Intelligent file scoring system for malware detection from the gray list. In Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining. 1385–1394.

Digital Library

[24]

Denis Zuev and Andrew W Moore. 2005. Traffic classification using a statistical approach. In International workshop on passive and active network measurement. Springer, 321–324.

Digital Library

Cited By

Brosolo MPuthuvath VKA ARehiman RConti M(2024)SoK: Visualization-based Malware Detection TechniquesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664514(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664514
Li JShi HZhang W(2024)BTP-CAResNet: An Encrypted Traffic Classification Method Based on Byte Transfer Probability and Coordinate Attention Mechanism2024 IEEE International Conference on Systems, Man, and Cybernetics (SMC)10.1109/SMC54092.2024.10831010(1109-1115)Online publication date: 6-Oct-2024
https://doi.org/10.1109/SMC54092.2024.10831010
Agrafiotis GKalafatidis SGiapantzis KLalas AVotis K(2024)Advancing Cybersecurity with AI: A Multimodal Fusion Approach for Intrusion Detection Systems2024 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)10.1109/MeditCom61057.2024.10621237(51-56)Online publication date: 8-Jul-2024
https://doi.org/10.1109/MeditCom61057.2024.10621237
Show More Cited By

Index Terms

Image-based Neural Network Models for Malware Traffic Classification using PCAP to Picture Conversion
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

A Deep Learning-based Malware Traffic Classifier for 5G Networks Employing Protocol-Agnostic and PCAP-to-Embeddings Techniques
EICC '23: Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference

As 5G networks become more complex, cyber attacks targeting IoT devices are deemed a serious concern. This work proposes a novel approach to detect 5G malware traffic using a network packet preprocess toolkit and machine learning models. The system can ...
Malware Squid: A Novel IoT Malware Traffic Analysis Framework Using Convolutional Neural Network and Binary Visualisation
Internet of Things, Smart Spaces, and Next Generation Networks and Systems
Abstract
Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of ...
Backdoor Detection System Using Artificial Neural Network and Genetic Algorithm
ICCIS '11: Proceedings of the 2011 International Conference on Computational and Information Sciences

In this paper, we consider the issue of detecting a missing member of malicious codes named backdoors. We developed a novel approach for revealing them based on two clustered, system behavior and network traffic. Backdoors can easily be installed on the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

August 2022

1371 pages

ISBN:9781450396707

DOI:10.1145/3538969

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Horizon 2020 Framework Programme

Conference

ARES 2022

ARES 2022: The 17th International Conference on Availability, Reliability and Security

August 23 - 26, 2022

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
588
Total Downloads

Downloads (Last 12 months)222
Downloads (Last 6 weeks)28

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Brosolo MPuthuvath VKA ARehiman RConti M(2024)SoK: Visualization-based Malware Detection TechniquesProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664514(1-13)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664514
Li JShi HZhang W(2024)BTP-CAResNet: An Encrypted Traffic Classification Method Based on Byte Transfer Probability and Coordinate Attention Mechanism2024 IEEE International Conference on Systems, Man, and Cybernetics (SMC)10.1109/SMC54092.2024.10831010(1109-1115)Online publication date: 6-Oct-2024
https://doi.org/10.1109/SMC54092.2024.10831010
Agrafiotis GKalafatidis SGiapantzis KLalas AVotis K(2024)Advancing Cybersecurity with AI: A Multimodal Fusion Approach for Intrusion Detection Systems2024 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)10.1109/MeditCom61057.2024.10621237(51-56)Online publication date: 8-Jul-2024
https://doi.org/10.1109/MeditCom61057.2024.10621237
Huo YLiang WChen JZhuang SSun J(2024)LightGuard: A Lightweight Malicious Traffic Detection Method for Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2024.340365011:17(28566-28577)Online publication date: 1-Sep-2024
https://doi.org/10.1109/JIOT.2024.3403650
Khadmaoui-Bichouna MAlcaraz-Calero JWang Q(2024)5G RAN service classification using Long Short Term Memory Neural Network2024 International Wireless Communications and Mobile Computing (IWCMC)10.1109/IWCMC61514.2024.10592379(467-472)Online publication date: 27-May-2024
https://doi.org/10.1109/IWCMC61514.2024.10592379
Kalafatidis SAgrafiotis GGiapantzis KLalas AVotis K(2024)Experiments with Digital Security Processes over SDN-Based Cloud-Native 5G Core Networks2024 27th Conference on Innovation in Clouds, Internet and Networks (ICIN)10.1109/ICIN60470.2024.10494481(97-99)Online publication date: 11-Mar-2024
https://doi.org/10.1109/ICIN60470.2024.10494481
Makri EAgrafiotis GLalas AVotis KTzovaras D(2024)A Protocol Agnostic Polymorphic Network Packet Transformer for 5G Malware Traffic Classification Using Deep Learning Models2024 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit)10.1109/EuCNC/6GSummit60053.2024.10597005(824-829)Online publication date: 3-Jun-2024
https://doi.org/10.1109/EuCNC/6GSummit60053.2024.10597005
Cantone MMarrocco CBria A(2024)Machine Learning in Network Intrusion Detection: A Cross-Dataset Generalization StudyIEEE Access10.1109/ACCESS.2024.347290712(144489-144508)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3472907
Davis RXu JRoy K(2024)Classifying Malware Traffic Using Images and Deep Convolutional Neural NetworkIEEE Access10.1109/ACCESS.2024.339102212(58031-58038)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3391022
Koumar JHynek KPešek JČejka T(2024)NetTiSAComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.110147240:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.comnet.2023.110147
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten