Paper Info
Title
CNN and RNN based payload classification methods for attack detection.
Abstract
In recent years, machine learning has been widely applied to problems in detecting network attacks, particularly novel attacks. However, traditional machine learning methods depend heavily on feature engineering, and extracting features is often time-consuming and complex. Thus, it is impractical to detect attacks with traditional machine learning methods in real-time applications. To discover network attacks efficiently, we propose an end-to-end detection approach. We implement deep learning models to analyze payloads and propose a convolutional neural network-based payload classification approach (PL-CNN) and a recurrent neural network-based payload classification approach (PL-RNN) for use in attack detection. Our two approaches learn feature representations from original payloads without feature engineering and support end-to-end detection. These approaches achieve accuracies of 99.36% and 99.98% when applied to the DARPA1998 dataset, respectively; these accuracies are comparable to or better than those of state-of-the-art methods. In addition, our methods are efficient and practical.
Year
DOI
Venue
2019
10.1016/j.knosys.2018.08.036
Knowledge-Based Systems
Keywords
Field
DocType
Payload,Deep learning,End-to-end,Attack detection
Convolutional neural network,Computer science,Recurrent neural network,Feature engineering,Artificial intelligence,Deep learning,Machine learning,Payload
Journal
Volume
ISSN
Citations 
163
0950-7051
3
PageRank 
References 
Authors
0.38
12
4
Name
Order
Citations
PageRank
Hongyu Liu140.74
Bo Lang234122.09
Ming Liu327650.00
Han-Bing Yan4603.42