ABSTRACT
Network traffic analysis is a widely-adopted data fusion technology in network management and security, encompassing tasks such as malicious traffic detection and intrusion detection. With the proliferation of network users and emergence of new network services, network traffic analysis has garnered increasing attention. Current research methods primarily include machine learning analysis based on manual feature construction and neural networks for automatic feature extraction. However, manually designing features can be cumbersome and susceptible to errors, while shallow neural networks may not effectively learn feature relationships. The deep neural networks involve significant computational resources and may be susceptible to over-fitting. Moreover, both methods rely solely on a single feature source. To address these issues, this paper proposes a Dynamic-Static features fusion model based on stacked attention mechanism for network traffic analysis(DS-SAT). Next, we evaluated this method in five publicly available datasets and the experimental results show that our proposed method has achieved better results than other research methods.
- Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-boo: I see your smart home activities, even encrypted!. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 207–218.Google ScholarDigital Library
- Blake Anderson and David McGrew. 2017. Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In Proceedings of the 23rd ACM SIGKDD International Conference on knowledge discovery and data mining. 1723–1732.Google ScholarDigital Library
- Monica Arul and Ahsan Kareem. 2021. Applications of shapelet transform to time series classification of earthquake, wind and wave data. Engineering Structures 228 (2021), 111564.Google ScholarCross Ref
- Frank Beer, Tim Hofer, David Karimi, and Ulrich Bühler. 2017. A new attack composition for network security. In 10. DFN-Forum Kommunikationstechnologien. Gesellschaft für Informatik eV.Google Scholar
- Elaheh Biglar Beigi, Hossein Hadian Jazi, Natalia Stakhanova, and Ali A Ghorbani. 2014. Towards effective feature selection in machine learning-based botnet detection approaches. In 2014 IEEE Conference on Communications and Network Security. IEEE, 247–255.Google ScholarCross Ref
- Mauro Conti, Luigi Vincenzo Mancini, Riccardo Spolaor, and Nino Vincenzo Verde. 2015. Analyzing android encrypted network traffic to identify user actions. IEEE Transactions on Information Forensics and Security 11, 1 (2015), 114–125.Google ScholarDigital Library
- Alberto Dainotti, Antonio Pescape, and Kimberly C Claffy. 2012. Issues and future directions in traffic classification. IEEE network 26, 1 (2012), 35–40.Google ScholarDigital Library
- Liangdong Deng, Yuzhou Feng, Dong Chen, and Naphtali Rishe. 2019. Iotspot: Identifying the iot devices using their anonymous network traffic data. In MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM). IEEE, 1–6.Google ScholarDigital Library
- Sebastian Garcia, Martin Grill, Jan Stiborek, and Alejandro Zunino. 2014. An empirical comparison of botnet detection methods. computers & security 45 (2014), 100–123.Google Scholar
- Eric L Goodman, Chase Zimmerman, and Corey Hudson. 2020. Packet2vec: Utilizing word2vec for feature extraction in packet data. arXiv preprint arXiv:2004.14477 (2020).Google Scholar
- Mehedi Hassan, Md Enamul Haque, Mehmet Engin Tozal, Vijay Raghavan, and Rajeev Agrawal. 2021. Intrusion detection using payload embeddings. IEEE Access 10 (2021), 4015–4030.Google ScholarCross Ref
- Sepp Hochreiter. 1998. The vanishing gradient problem during learning recurrent neural nets and problem solutions. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 6, 02 (1998), 107–116.Google ScholarDigital Library
- Jordan Holland, Paul Schmitt, Nick Feamster, and Prateek Mittal. 2021. New directions in automated traffic analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 3366–3383.Google ScholarDigital Library
- Kahraman Kostas, Mike Just, and Michael A Lones. 2022. IoTDevID: A behavior-based device identification method for the IoT. IEEE Internet of Things Journal 9, 23 (2022), 23741–23749.Google ScholarCross Ref
- LECUN. 2015. Y, BENGIO Y, HINTON G. Deep learning. Nature 521, 7553 (2015), 436–444.Google Scholar
- Hongyu Liu, Bo Lang, Ming Liu, and Hanbing Yan. 2019. CNN and RNN based payload classification methods for attack detection. Knowledge-Based Systems 163 (2019), 332–341.Google ScholarCross Ref
- Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. Iot sentinel: Automated device-type identification for security enforcement in iot. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2177–2184.Google Scholar
- Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013).Google Scholar
- Andrew W Moore and Denis Zuev. 2005. Internet traffic classification using bayesian analysis techniques. In Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems. 50–60.Google ScholarDigital Library
- Baskoro Adi Pratomo, Pete Burnap, and George Theodorakopoulos. 2018. Unsupervised approach for detecting low rate attacks on network traffic with autoencoder. In 2018 international conference on cyber security and protection of digital services (Cyber Security). IEEE, 1–8.Google ScholarCross Ref
- Markus Ring, Sarah Wunderlich, Deniz Scheuring, Dieter Landes, and Andreas Hotho. 2019. A survey of network-based intrusion detection data sets. Computers & Security 86 (2019), 147–167.Google ScholarDigital Library
- Pavel Senin and Sergey Malinchik. 2013. Sax-vsm: Interpretable time series classification using sax and vector space model. In 2013 IEEE 13th international conference on data mining. IEEE, 1175–1180.Google ScholarCross Ref
- Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A Ghorbani. 2012. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. computers & security 31, 3 (2012), 357–374.Google Scholar
- Vishwanath A Sindagi and Vishal M Patel. 2018. A survey of recent advances in cnn-based single image crowd counting and density estimation. Pattern Recognition Letters 107 (2018), 3–16.Google ScholarCross Ref
- Dalwinder Singh and Birmohan Singh. 2020. Investigating the impact of data normalization on classification performance. Applied Soft Computing 97 (2020), 105524.Google ScholarCross Ref
- Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2018. Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing 18, 8 (2018), 1745–1759.Google ScholarCross Ref
- Wei Wang, Yiqiang Sheng, Jinlin Wang, Xuewen Zeng, Xiaozhou Ye, Yongzhong Huang, and Ming Zhu. 2017. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE access 6 (2017), 1792–1806.Google Scholar
Index Terms
- Network Traffic Analysis Method Using the Fusion of Dynamic-Static Features based on Stacked Attention Mechanism
Recommendations
A Clustering Analysis Method for Network Traffic Based on Feature Parameter Distribution
ETCS '09: Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 02Network traffic analysis needs a lot of data which include much information. Predominating pattern state of traffic true and roundly has been an active and difficult research topic in the field of traffic analysis for many years. Up to now, simplex data ...
A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means
In today's world, Botnet has become one of the greatest threats to network security. Network attackers, or Botmasters, use Botnet to launch the Distributed Denial of Service (DDoS) to paralyze large-scale websites or steal confidential data from ...
CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking Traffic
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and DefensesWith the continuous appreciation of cryptocurrency, cryptojacking, the act by which computing resources are stolen to mine cryptocurrencies, is becoming more rampant. In this paper, we conduct a measurement study on cryptojacking network traffic and ...
Comments