A Transformer-Based Framework for Payload Malware Detection and Classification
- URL: http://arxiv.org/abs/2403.18223v1
- Date: Wed, 27 Mar 2024 03:25:45 GMT
- Title: A Transformer-Based Framework for Payload Malware Detection and Classification
- Authors: Kyle Stein, Arash Mahyari, Guillermo Francia III, Eman El-Sheikh,
- Abstract summary: Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets.
In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: As malicious cyber threats become more sophisticated in breaching computer networks, the need for effective intrusion detection systems (IDSs) becomes crucial. Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets, providing more context for identifying potential threats. IDSs traditionally rely on using anomaly-based and signature-based detection techniques to detect unrecognized and suspicious activity. Deep learning techniques have shown great potential in DPI for IDSs due to their efficiency in learning intricate patterns from the packet content being transmitted through the network. In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic with a classifier head. Transformers learn the complex content of sequence data and generalize them well to similar scenarios thanks to their self-attention mechanism. Our proposed method uses the raw payload bytes that represent the packet contents and is deployed as man-in-the-middle. The payload bytes are used to detect malicious packets and classify their types. Experimental results on the UNSW-NB15 and CIC-IOT23 datasets demonstrate that our transformer-based model is effective in distinguishing malicious from benign traffic in the test dataset, attaining an average accuracy of 79\% using binary classification and 72\% on the multi-classification experiment, both using solely payload bytes.
Related papers
- SCGNet-Stacked Convolution with Gated Recurrent Unit Network for Cyber Network Intrusion Detection and Intrusion Type Classification [0.0]
Intrusion detection systems (IDSs) are far from being able to quickly and efficiently identify complex and varied network attacks.
The SCGNet is a novel deep learning architecture that we propose in this study.
It exhibits promising results on the NSL-KDD dataset in both task, network attack detection, and attack type classification with 99.76% and 98.92% accuracy, respectively.
arXiv Detail & Related papers (2024-10-29T09:09:08Z) - Revolutionizing Payload Inspection: A Self-Supervised Journey to Precision with Few Shots [0.0]
Traditional security measures are inadequate against the sophistication of modern cyber attacks.
Deep Packet Inspection (DPI) has been pivotal in enhancing network security.
integration of advanced deep learning techniques with DPI has introduced modern methodologies into malware detection.
arXiv Detail & Related papers (2024-09-26T18:55:52Z) - Preliminary study on artificial intelligence methods for cybersecurity threat detection in computer networks based on raw data packets [34.82692226532414]
In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic.
We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models.
arXiv Detail & Related papers (2024-07-24T15:04:00Z) - A Flow is a Stream of Packets: A Stream-Structured Data Approach for DDoS Detection [32.22817720403158]
We propose a new tree-based DDoS detection approach that operates on a flow as a stream structure.
Our approach matches or exceeds existing machine learning techniques' accuracy, including state-of-the-art deep learning methods.
arXiv Detail & Related papers (2024-05-12T09:29:59Z) - Performance evaluation of Machine learning algorithms for Intrusion Detection System [0.40964539027092917]
This paper focuses on intrusion detection systems (IDSs) analysis using Machine Learning (ML) techniques.
We analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models.
arXiv Detail & Related papers (2023-10-01T06:35:37Z) - Using EBGAN for Anomaly Intrusion Detection [13.155954231596434]
We propose an EBGAN-based intrusion detection method, IDS-EBGAN, that classifies network records as normal traffic or malicious traffic.
The generator in IDS-EBGAN is responsible for converting the original malicious network traffic in the training set into adversarial malicious examples.
During testing, IDS-EBGAN uses reconstruction error of discriminator to classify traffic records.
arXiv Detail & Related papers (2022-06-21T13:49:34Z) - Context-Preserving Instance-Level Augmentation and Deformable
Convolution Networks for SAR Ship Detection [50.53262868498824]
Shape deformation of targets in SAR image due to random orientation and partial information loss is an essential challenge in SAR ship detection.
We propose a data augmentation method to train a deep network that is robust to partial information loss within the targets.
arXiv Detail & Related papers (2022-02-14T07:01:01Z) - DoS and DDoS Mitigation Using Variational Autoencoders [15.23225419183423]
We explore the potential of Variational Autoencoders to serve as a component within an intelligent security solution.
Two methods based on the ability of Variational Autoencoders to learn latent representations from network traffic flows are proposed.
arXiv Detail & Related papers (2021-05-14T15:38:40Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models.
We propose a method to verify if a pre-trained model is Trojaned or benign.
Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
arXiv Detail & Related papers (2020-07-28T19:00:40Z) - BiDet: An Efficient Binarized Object Detector [96.19708396510894]
We propose a binarized neural network learning method called BiDet for efficient object detection.
Our BiDet fully utilizes the representational capacity of the binary neural networks for object detection by redundancy removal.
Our method outperforms the state-of-the-art binary neural networks by a sizable margin.
arXiv Detail & Related papers (2020-03-09T08:16:16Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.