Network traffic classification serves as a building block for important tasks such as security and quality of service management. The field has been studied for a long time, with many techniques such as classical machine learning and deep learning methods currently available. However, the emergence of stronger encryption protocols has led to the rise of new challenges. One of the challenges is capturing and labeling a large amount of encrypted traffic data especially for training deep learning classifiers, as current techniques rely on deep packet inspection tools (DPI) which perform poorly on encrypted traffic. In this paper, we propose a semi-supervised learning approach using Deep Convolutional Generative Adversarial Network (DCGAN). The basic idea is to utilize the samples generated by DCGAN generators as well as unlabeled data to improve the performance of a classifier trained on a few labeled samples. Thus, alleviating the difficulties associated with large dataset collecting and labeling. To demonstrate the efficacy of our approach, we evaluated our model using a self-collected dataset of the recently established QUIC protocol as well as publicly available ISCX VPN-NonVPN dataset. Our approach is able to achieve 89% and 78% accuracy with a very small number of labeled samples (just 10% of the dataset) on both QUIC and ISCX VPN-NonVPN datasets respectively. INDEX TERMS Deep convolutional generative adversarial network, encrypted traffic classification, semi-supervised learning.
Recently, intrusion detection methods based on supervised deep learning techniques (DL) have seen widespread adoption by the research community, as a result of advantages, such as the ability to learn useful feature representations from input data without excessive manual intervention. However, these techniques require large amounts of data to generalize well. Collecting a large-scale malicious sample is non-trivial, especially in the modern day with its constantly evolving landscape of cyber-threats. On the other hand, collecting a few-shot of malicious samples is more realistic in practical settings, as in cases such as zero-day attacks, where security agents are only able to intercept a limited number of such samples. Hence, intrusion detection methods based on few-shot learning is emerging as an alternative to conventional supervised learning approaches to simulate more realistic settings. Therefore, in this paper, we propose a novel method that leverages discriminative representation learning with a supervised autoencoder to achieve few-shot intrusion detection. Our approach is implemented in two stages: we first train a feature extractor model with known classes of malicious samples using a discriminative autoencoder, and then in the few-shot detection stage, we use the trained feature extractor model to fit a classifier with a few-shot examples of the novel attack class. We are able to achieve detection rates of 99.5% and 99.8% for both the CIC-IDS2017 and NSL-KDD datasets, respectively, using only 10 examples of an unseen attack.
Network intrusion detection has been studied for long time, with many techniques such as signature-based methods and classical machine learning methods currently available. Recently, DL techniques have received considerable attention for use in intrusion detection systems, due to their inherent advantages such as automatic feature learning. This paper gives an overview about DL techniques employed in intrusion detection to enable new researchers who wish to begin research in the field to be conversant with the state-of-the-art methods as well as unexplored areas.
Network traffic classification is significant for task such as Quality of Services (QoS) provisioning, resource usage planning, pricing as well as in the context of security such as in Intrusion detection systems. The field has received considerable attention in the industry as well as research communities where approaches such as Port based, Deep packet Inspection (DPI), and Classical machine learning techniques were thoroughly studied. However, the emergence of new applications and encryption protocols as a result of continuous transformation of Internet has led to the rise of new challenges. Recently, researchers have employed deep learning techniques in the domain of network traffic classification in order to leverage the inherent advantages offered by deep learning models such as the ability to capture complex pattern as well as automatic feature learning. This paper reviews deep learning based encrypted traffic classification techniques, as well as highlights the current research gap in the literature. Index Terms : Traffic classification, Encrypted traffic, Deep learning, Machine learning.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.