An Ensemble of Text Convolutional Neural Networks and Multi-Head Attention Layers for Classifying Threats in Network Packets-Reference-Cited by-同舟云学术

An Ensemble of Text Convolutional Neural Networks and Multi-Head Attention Layers for Classifying Threats in Network Packets

Published:2023-10-14 Issue:20 Volume:12 Page:4253
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Kim Hyeonmin¹,Yoon Young²^ORCID

Affiliation:

1. Hana Securities, Seoul 07321, Republic of Korea

2. Department of Computer Science, Hongik University, Seoul 04066, Republic of Korea

Abstract

Using traditional methods based on detection rules written by human security experts presents significant challenges for the accurate detection of network threats, which are becoming increasingly sophisticated. In order to deal with the limitations of traditional methods, network threat detection techniques utilizing artificial intelligence technologies such as machine learning are being extensively studied. Research has also been conducted on analyzing various string patterns in network packet payloads through natural language processing techniques to detect attack intent. However, due to the nature of packet payloads that contain binary and text data, a new approach is needed that goes beyond typical natural language processing techniques. In this paper, we study a token extraction method optimized for payloads using n-gram and byte-pair encoding techniques. Furthermore, we generate embedding vectors that can understand the context of the packet payload using algorithms such as Word2Vec and FastText. We also compute the embedding of various header data associated with packets such as IP addresses and ports. Given these features, we combine a text 1D CNN and a multi-head attention network in a novel fashion. We validated the effectiveness of our classification technique on the CICIDS2017 open dataset and over half a million data collected by The Education Cyber Security Center (ECSC), currently operating in South Korea. The proposed model showed remarkable performance compared to previous studies, achieving highly accurate classification with an F1-score of 0.998. Our model can also preprocess and classify 150,000 network threats per minute, helping security agents in the field maximize their time and analyze more complex attack patterns.

Funder

Korea Institute for Advancement of Technology

Ministry of Science and ICT

National Research Foundation of Korea

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/20/4253/pdf

Reference80 articles.

1. Yoon, Y., Ban, D., Han, S.W., Woo, H.U., Heo, E., Shin, S.H., Lee, J., and An, D. (2022). Terminal, Cloud Apparatus, Driving Method of Terminal, Method for Processing Cooperative Data, Computer Readable Recording Medium. (11,228,653), U.S. Patent.

2. Yoon, Y., Ban, D., Han, S., An, D., and Heo, E. (2016). Internet of Things, Elsevier.

3. Secure cloud-based mobile apps: Attack taxonomy, requirements, mechanisms, tests and automation;Chimuco;Int. J. Inf. Secur.,2023

4. DailySECU (2023, October 11). Kaseya VSA Ransomware Attack. Available online: https://dailysecu.com/news/articleView.html?idxno=133066.

5. News Directory 3 (2023, October 11). Apartment Wall Pad Hacking. Available online: https://www.newsdirectory3.com/apartment-wall-pad-hacking-private-life-video-leaked-police-investigation-ministry-of-science-and-technology-must-cover-camera-lens/.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Neural network modeling of innovative development of the electronics industry of regions;Finance and Credit;2024-03-28

2. A Study on Highly Accurate Swearing Detection Model Based on Multimodal Data;The 3rd International Conference on Electronic Information Technology and Smart Agriculture;2023-12-08