Deep Anomaly Detection in Packet Payload

Liu, Jiaxin; Song, Xucheng; Zhou, Yingjie; Peng, Xi; Zhang, Yanru; Liu, Pei; Wu, Dapeng

doi:10.48550/arxiv.1912.02549

Cited by 2 publications

(5 citation statements)

References 28 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We decided to use a linear kernel, which means that the samples are well-separated in higher dimension. In comparison with results we considered ideal, we obtained FPR99 = 4.2%, which is much worse than those reported by [6]. We believe, that this is mainly due to a different usage of the data.…”

Section: Cse-cic-ids2018contrasting

confidence: 79%

“…The next work we found presents a fully supervised approach [6]. An LSTM-CNN neural architecture is used to classify HTTP traffic.…”

Section: Related Workmentioning

confidence: 99%

“…Liu et al [6] achieved 99.12% of TPR and 0.22% of FPR score (FPR99 = 0.22%). Their solution is fully supervised, so we will probably get slightly worse results.…”

Section: Baselinesmentioning

confidence: 99%

“…In other words they are fully supervised and need labels to establish weights in hidden layers. Such methods include, among others, [6] (deep neural network based on LSTM and CNN layers) and [8] (combines intermediate vectors obtained from CNN, LSTM and MRN model).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Gniewkowski¹,

Maciejewski²,

Surmacz³

et al. 2021

Preprint

View full text Add to dashboard Cite

Hypertext transfer protocol (HTTP) is one of the most widely used protocols on the Internet. As a consequence, most attacks (i.e., SQL injection, XSS) use HTTP as the transport mechanism. Therefore, it is crucial to develop an intelligent solution that would allow to effectively detect and filter out anomalies in HTTP traffic. Currently, most of the anomaly detection systems are either rule-based or trained using manually selected features. We propose utilizing modern unsupervised language representation model for embedding HTTP requests and then using it to classify anomalies in the traffic. The solution is motivated by methods used in Natural Language Processing (NLP) such as Doc2Vec which could potentially capture the true understanding of HTTP messages, and therefore improve the efficiency of Intrusion Detection System. In our work, we not only aim at generating a suitable embedding space, but also at the interpretability of the proposed model. We decided to use the current state-of-the-art RoBERTa, which, as far as we know, has never been used in a similar problem. To verify how the solution would work in real word conditions, we train the model using only legitimate traffic. We also try to explain the results based on clusters that occur in the vectorized requests space and a simple logistic regression classifier. We compared our approach with the similar, previously proposed methods. We evaluate the feasibility of our method on three different datasets: CSIC2010, CSE-CIC-IDS2018 and one that we prepared Preprint. Under review.

show abstract

Section: Cse-cic-ids2018contrasting

confidence: 79%

“…The next work we found presents a fully supervised approach [6]. An LSTM-CNN neural architecture is used to classify HTTP traffic.…”

Section: Related Workmentioning

confidence: 99%

“…Liu et al [6] achieved 99.12% of TPR and 0.22% of FPR score (FPR99 = 0.22%). Their solution is fully supervised, so we will probably get slightly worse results.…”

Section: Baselinesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Gniewkowski¹,

Maciejewski²,

Surmacz³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Liu et al [106] used a hybrid model of LSTM and CNN to capture the long-term and short-term dependencies in the network traffic sequence. First, they built an LSTM model on the network traffic to capture long-term dependencies.…”

Section: Rnn + Cnnmentioning

confidence: 99%

Unsupervised Deep Learning for IoT Time Series

Liu

Zhou

Yang

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

IoT time series analysis has found numerous applications in a wide variety of areas, ranging from health informatics to network security. Nevertheless, the complex spatial temporal dynamics and high dimensionality of IoT time series make the analysis increasingly challenging. In recent years, the powerful feature extraction and representation learning capabilities of deep learning (DL) have provided an effective means for IoT time series analysis. However, few existing surveys on time series have systematically discussed unsupervised DL-based methods. To fill this void, we investigate unsupervised deep learning for IoT time series, i.e., unsupervised anomaly detection and clustering, under a unified framework. We also discuss the application scenarios, public datasets, existing challenges, and future research directions in this area.

show abstract

Deep Anomaly Detection in Packet Payload

Cited by 2 publications

References 28 publications

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

HTTP2vec: Embedding of HTTP Requests for Detection of Anomalous Traffic

Unsupervised Deep Learning for IoT Time Series

Contact Info

Product

Resources

About